Actionable exception from ADFS username password flow #456
Conversation
| raise RuntimeError( | ||
| "ADFS is not configured properly. " | ||
| "Consider use acquire_token_interactive() instead.") |
There was a problem hiding this comment.
How about we include the original exception as an "inner" exception?
There was a problem hiding this comment.
Currently, the "inner" exception would show up in Python3's error trace already, therefore visible by default.
However, I would expect Azure CLI to do this, to have an actionable guidance most suitable in the Azure CLI's context:
try:
result = app.acquire_token_by_username_password(...)
except RuntimeError:
raise CLIError('Username password login failed. You may consider using "az login" instead.')There was a problem hiding this comment.
Won't "Username password login failed" be too vague? This exception chaining pattern is difficult for Azure CLI to get the inner exception message, like that of the original (ValueError, RuntimeError) and print it in the terminal.
There was a problem hiding this comment.
You can probably print the exception you caught. It would contain some (perhaps too much) info. Alas, it is hard to strike a balance here. :-(
try:
result = app.acquire_token_by_username_password(...)
except RuntimeError as e:
raise CLIError('Username password login failed: {}. You may consider using "az login" instead.'.format(e))
Inspired by Azure/azure-cli#21068 (comment) , this PR wraps most "expected" ADFS username password flow into one
RuntimeErrorwith actionable message.That being said, this actionable message is meant for MSAL's app developer. If you are the app developer, you probably want to catch this
RuntimeErrorand translate it into your own exception or error message, for example "... consider use 'az login' instead". @jiasli