search

microsoftgraph / msgraph-sdk-python

MIT License
382 stars 56 forks source link

"ValueError: Unable to parse claims from response" on get() #898

Open zhetao1116 opened 1 month ago

zhetao1116 commented 1 month ago

Describe the bug

I am facing the same issue although I am invoking the public API and it happens when the token is invalid or expired. My code for Graph Client. I initialize it with OAuth token directly.

class RawAccessTokenProvider:
    """
    A simple credential provider that returns a raw access token for use with Azure SDK clients.
    """

    def __init__(self, access_token: str, expires_on: int) -> None:
        self._access_token = access_token
        self._expires_on = expires_on

    def get_token(self, *scopes, **kwargs) -> AccessToken:
        return AccessToken(self._access_token, self._expires_on)

class MicrosoftCalendarApi(CalendarApiBase):
    """
    A client for interacting with the Microsoft Graph Calendar API.
    This class facilitates interactions with the Microsoft Graph API through the "msgraph" library.
    """

    def __init__(self, credentials: Dict[str, Union[str, int]]) -> None:
        super().__init__(credentials)

        access_token = credentials.get("access_token")
        client_credentials = RawAccessTokenProvider(access_token, expires_on)
        self.client = GraphServiceClient(credentials=client_credentials, scopes=REQUIRED_SCOPES)

Any idea how could I fix it to get the error response? A similar issue thread which has the exactly same error which hasn't been fully resolved: https://github.com/microsoftgraph/msgraph-sdk-python/issues/672 The response from MSFT:

            "response": {
                "status_code": 401,
                "http_version": "HTTP/2",
                "headers": {
                    "content-type": [
                        "application/json"
                    ],
                    "content-encoding": [
                        "gzip"
                    ],
                    "vary": [
                        "Accept-Encoding"
                    ],
                    "strict-transport-security": [
                        "max-age=31536000"
                    ],
                    "request-id": [
                        "2d41f984-e89e-47ee-b371-20646d425646"
                    ],
                    "client-request-id": [
                        "81955d7c-9f10-4fce-93d8-7dc03fc1bbd5"
                    ],
                    "x-ms-ags-diagnostic": [
                        "{\"ServerInfo\":{\"DataCenter\":\"USGov Virginia\",\"Slice\":\"E\",\"Ring\":\"6\",\"ScaleUnit\":\"001\",\"RoleInstance\":\"BN1NEPF0000FA8F\"}}"
                    ],
                    "www-authenticate": [
                        "Bearer realm=\"\", authorization_uri=\"https://login.microsoftonline.us/common/oauth2/authorize\", client_id=\"00000003-0000-0000-c000-000000000000\""
                    ],
                    "date": [
                        "Mon, 16 Sep 2024 23:47:10 GMT"
                    ]
                },
                "content": "{\"error\":{\"code\":\"InvalidAuthenticationToken\",\"message\":\"Lifetime validation failed, the token is expired.\",\"innerError\":{\"date\":\"2024-09-16T23:47:11\",\"request-id\":\"2d41f984-e89e-47ee-b371-20646d425646\",\"client-request-id\":\"81955d7c-9f10-4fce-93d8-7dc03fc1bbd5\"}}}",

Expected behavior

The ODataError/APIError exception should be raised.

How to reproduce

Invoke a public API with an invalid/expired oauth token.

SDK Version

1.1.0

Latest version known to work for scenario above?

No response

Known Workarounds

No response

Debug output

Click to expand log ``` ```

Configuration

No response

Other information

No response

shemogumbe commented 1 month ago

Hello @zhetao1116 thanks for using the SDK and for raising this.

This error occurs when you have an invalid or expired token.

You can get a valid token using Auth flow of your choice, check the samples here, under authentication samples:

https://github.com/microsoftgraph/msgraph-sdk-python/tree/main/docs

You can also build your own way of getting the token following https://learn.microsoft.com/en-us/python/api/overview/azure/identity-readme?view=azure-python

zhetao1116 commented 1 month ago

HI @shemogumbe ! Thanks for reply.

This error occurs when you have an invalid or expired token.

Yeah, but we want to know this type of error as we expect the sdk client to return InvalidTokenException instead of the unrelated ValueError: Unable to parse claims from response. How could we get that?

zhetao1116 commented 2 weeks ago

bump up

jetstreamc commented 1 week ago

+1 for @zhetao1116 . I am in the same situation with you, using the access token directly. I also expect more specific exception than ValueError to be raised when the token in expired.