search

AzureAD / microsoft-authentication-library-for-python

Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".
https://stackoverflow.com/questions/tagged/azure-ad-msal+python
Other
817 stars 204 forks source link

[Bug] MSI cloud shell the error message is not parsed from the error response. #616

Closed neha-bhargava closed 1 year ago

neha-bhargava commented 1 year ago

As observed in Java and dotnet, the managed identity error response for cloud shell was not getting parsed since the error message is one level down in the JSON.

The error response for cloud shell is different and needs to be handled differently to get the error message.

Currently for managed identity error response we only look at the top level for error message and error response. For cloud shell the error message is one level down in the json.

Sample error response from cloud shell when a wrong scope is passed.

"{\"error\":{\"code\":\"AudienceNotSupported\",\"message\":\"Audiencehttp://management.azure.comisnotasupportedMSItokenaudience.Supportedaudiences:https://management.core.windows.net/,https://management.azure.com/,https://graph.windows.net/,https://vault.azure.net,https://datalake.azure.net/,https://outlook.office365.com/,https://graph.microsoft.com/,https://batch.core.windows.net/,https://analysis.windows.net/powerbi/api,https://storage.azure.com/,https://rest.media.azure.net,https://api.loganalytics.io,https://ossrdbms-aad.database.windows.net,https://www.yammer.com,https://digitaltwins.azure.net,0b07f429-9f4b-4714-9392-cc5e8e80c8b0,822c8694-ad95-4735-9c55-256f7db2f9b4,https://dev.azuresynapse.net,https://database.windows.net,https://quantum.microsoft.com,https://iothubs.azure.net,2ff814a6-3304-4ab8-85cb-cd0e6f879c1d,https://azuredatabricks.net/,ce34e7e5-485f-4d76-964f-b3d2b16d1e4f,https://azure-devices-provisioning.net,https://managedhsm.azure.net,499b84ac-1321-427f-aa17-267ca6975798,https://api.adu.microsoft.com/,https://purview.azure.net/,6dae42f8-4368-4678-94ff-3960e28e3630\"}}"

Verify if the cloud shell error response is parsed correctly to propagate the correct error message from the server.

rayluo commented 1 year ago

Thanks for the heads-up, Neha. MSAL Python handled the nested error format in Cloud Shell.

I meant to double check it by running a live test in Cloud Shell, but my Cloud Shell dev environment seems to be lost. Regardless, it have been tested when that code path was written 18 months ago.