search

AzureAD / microsoft-authentication-library-for-python

Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".
https://stackoverflow.com/questions/tagged/azure-ad-msal+python
Other
757 stars 192 forks source link

Exception not helpful when `acquire_token_interactive` times out #516

Closed pvaneck closed 2 months ago

pvaneck commented 1 year ago

Describe the bug When using the acquire_token_interactive method with a timeout that is hit, the exception that is raised does not indicate a timeout occurred. Instead an AssertionError is raised.

To Reproduce Code to reproduce:

app = msal.PublicClientApplication(
    client_id=client_id, authority="https://{}/{}".format(AzureAuthorityHosts.AZURE_PUBLIC_CLOUD, tenant_id)
)
scope = "https://management.azure.com/.default"
result = app.acquire_token_interactive([scope], timeout=5)

Expected behavior Some type of exception or message that is surfaced to the user, indicating a timeout has occurred.

What you see instead

  File "/home/pvaneck/dev/pvaneck/azure-sdk-for-python/sdk/identity/azure-identity/test2.py", line 61, in <module>
    result = app.acquire_token_interactive([scope], timeout=5)
  File "/home/pvaneck/dev/pvaneck/azure-sdk-for-python/sdk/identity/azure-identity/.venv/lib/python3.10/site-packages/msal/application.py", line 1828, in acquire_token_interactive
    response = _clean_up(self.client.obtain_token_by_browser(
  File "/home/pvaneck/dev/pvaneck/azure-sdk-for-python/sdk/identity/azure-identity/.venv/lib/python3.10/site-packages/msal/oauth2cli/oidc.py", line 281, in obtain_token_by_browser
    return super(Client, self).obtain_token_by_browser(
  File "/home/pvaneck/dev/pvaneck/azure-sdk-for-python/sdk/identity/azure-identity/.venv/lib/python3.10/site-packages/msal/oauth2cli/oauth2.py", line 639, in obtain_token_by_browser
    return self._obtain_token_by_browser(
  File "/home/pvaneck/dev/pvaneck/azure-sdk-for-python/sdk/identity/azure-identity/.venv/lib/python3.10/site-packages/msal/oauth2cli/oauth2.py", line 677, in _obtain_token_by_browser
    return self.obtain_token_by_auth_code_flow(
  File "/home/pvaneck/dev/pvaneck/azure-sdk-for-python/sdk/identity/azure-identity/.venv/lib/python3.10/site-packages/msal/application.py", line 134, in obtain_token_by_auth_code_flow
    assert isinstance(auth_code_flow, dict) and isinstance(auth_response, dict)
AssertionError

The MSAL Python version you are using 1.20.0

bgavrilMS commented 10 months ago

We do not recommend setting a timeout on AcquireTokenInteractive. Users can spend quitea long time in the browser, for example they may be asked to MFA and to change their password.