search

AzureAD / microsoft-authentication-library-for-python

Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".
https://stackoverflow.com/questions/tagged/azure-ad-msal+python
Other
770 stars 192 forks source link

Raise the original error when refreshing token fails #431

Closed jiasli closed 2 years ago

jiasli commented 2 years ago

Describe the bug

Currently when refreshing token fails, MSAL silences the exception and logs and error:

https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/62752adbcc8700c9e5969cacdce64c23bb8802c8/msal/application.py#L1206-L1207

ERROR    msal.application:application.py:1152 Refresh token failed
Traceback (most recent call last):
  File "C:\Users\user1\Desktop\project\env\lib\site-packages\urllib3\connectionpool.py", line 699, in urlopen
    httplib_response = self._make_request(
...
  File "C:\Program Files\Python38\lib\ssl.py", line 1173, in send
    return self._sslobj.write(data)
ConnectionResetError: [WinError 10054] An existing connection was forcibly closed by the remote host

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\user1\Desktop\project\env\lib\site-packages\requests\adapters.py", line 439, in send
    resp = conn.urlopen(
...
  File "C:\Users\user1\Desktop\project\env\lib\site-packages\requests\adapters.py", line 498, in send
    raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(10054, 'An existing connection was forcibly closed by the remote host', None, 10054, None))

Currently Azure CLI doesn't print MSAL's logs, the real cause will be hidden and all Azure CLI can get is a None result. Making it impossible for the end user to know what happened:

https://github.com/Azure/azure-cli/blob/925d5f93e9caff6fdc74c03b3755d8811d2baf69/src/azure-cli-core/azure/cli/core/auth/util.py#L119-L121

    if not result:
        raise AuthenticationError("Can't find token from MSAL cache.",
                                  recommendation="To re-authenticate, please run:\naz login")

This topic is very similar to the one we discussed in https://github.com/AzureAD/microsoft-authentication-extensions-for-python/issues/92.

jiasli commented 2 years ago

Even if Azure CLI prints MSAL's log, the content of the exception log is uncontrollable by Azure CLI.

It is certainly not user-friendly to dump the full traceback in the context of Azure CLI's user experience.

https://docs.python.org/3/library/logging.html#logging.Logger.exception

exception(msg, *args, kwargs) Logs a message with level ERROR on this logger. The arguments are interpreted as for debug(). Exception info is added to the logging message.** This method should only be called from an exception handler.

A simple demo:

import logging

try:
    a = 3 / 0
except:
    logging.exception("calculation failed.")

Output:

ERROR:root:calculation failed.
Traceback (most recent call last):
  File "D:\cli\testproj\main.py", line 4, in <module>
    3 / 0
ZeroDivisionError: division by zero