Attempts account removal from broker first

AzureAD / microsoft-authentication-library-for-python

Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".

https://stackoverflow.com/questions/tagged/azure-ad-msal+python

Other

754 stars 191 forks source link

Attempts account removal from broker first #651

Closed rayluo closed 5 months ago

rayluo commented 5 months ago

This change is inspired by this conversation.

CC: @jiasli

rayluo commented 5 months ago

what if broker sign out also throws an unexpected exception? Is this possible.

It is always possible for any code path to potentially throw an exception. And we can let those really unexpected exceptions bubble up.

I don't understand why self.forget_me would throw an error skipping execution below.

In that referenced Azure CLI's case, they persist the MSAL Python's token cache on disk, and the forget_me() operation would attempt removing some tokens thus modifying that token cache file. Again, any code path could throw exception, in this case, it can be disk I/O error.

jiasli commented 5 months ago

Thanks for the attempt to solve https://github.com/Azure/azure-cli/issues/20231#issuecomment-1887171392.

However, I don't think this change makes any difference as OSError: [WinError -2146893813] is thrown when get_accounts() is called. We won't even be able to retrieve the account that can be passed to remove_account(), because the account information is also in msal_token_cache.bin.

In other word, if msal_token_cache.bin can't be accessed, we totally lose track of what accounts are in WAM.