Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Identity] Adjust cache credential error behavior in DAC #42934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 11, 2025
Merged

[Identity] Adjust cache credential error behavior in DAC #42934

merged 3 commits into from
Sep 11, 2025

Conversation

pvaneck
Copy link
Member

@pvaneck pvaneck commented Sep 10, 2025
edited
Loading

Other developer tool credentials are lenient when it comes to continuing the chain upon failure. Even if a token attempt is made, but no token is returned, if we detect we are within the context of DefaultAzureCredential, we raise a CredentialUnavailableError and continue on in the credential chain. SharedTokenCacheCredential can sometimes cause issues during refresh token failures when users try to use DAC, but there is an old cache lying around.

SharedTokenCacheCredential will now follow the similar pattern as other developer tool credentials and raise CredentialUnavailableError when within DAC.

@pvaneck pvaneck force-pushed the identity-shared-dac branch 2 times, most recently from 7a323f4 to 67f2e45 Compare September 10, 2025 07:33
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 10, 2025
edited
Loading

API Change Check

APIView identified API level changes in this PR and created the following API reviews

azure-identity

@pvaneck pvaneck requested a review from Copilot September 10, 2025 18:22
Copilot
Copilot AI reviewed Sep 10, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adjusts the SharedTokenCacheCredential error behavior to align with other developer tool credentials when used within DefaultAzureCredential (DAC). When refresh token failures occur within the DAC context, the credential now raises CredentialUnavailableError instead of ClientAuthenticationError, allowing the credential chain to continue rather than failing outright.

Key changes:

  • Added error handling logic to catch ClientAuthenticationError during refresh token operations
  • When within DAC context, transforms authentication errors to CredentialUnavailableError
  • Added comprehensive test coverage for both sync and async implementations

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
azure/identity/_credentials/shared_cache.py Added try-catch block around refresh token operation with DAC-aware error transformation
azure/identity/aio/_credentials/shared_cache.py Same error handling logic for async implementation
tests/test_shared_cache_credential.py Added test case for DAC context error behavior in sync version
tests/test_shared_cache_credential_async.py Added test case for DAC context error behavior in async version
CHANGELOG.md Documented the behavior change

@pvaneck pvaneck force-pushed the identity-shared-dac branch from 67f2e45 to 84e5bd9 Compare September 10, 2025 18:38
@pvaneck pvaneck changed the title [Identity] Adjust SharedTokenCredential in DAC error behavior [Identity] Adjust cache credential error behavior in DAC Sep 10, 2025
@pvaneck pvaneck marked this pull request as ready for review September 10, 2025 18:40
@pvaneck pvaneck requested review from xiangyan99 and a team as code owners September 10, 2025 18:40
@xiangyan99
Copy link
Member

The case is we do get a token back but it is expired, right?

@pvaneck
Copy link
Member Author

pvaneck commented Sep 11, 2025

The case is we do get a token back but it is expired, right?

This applies when a cache exists but contains no valid access token. Although a refresh token is available and used to request a new access token, the request fails due to the refresh token being expired, invalid, or encountering another error.

@pvaneck
Updates
f80163c 
Signed-off-by: Paul Van Eck <[email protected]>
@pvaneck
Fix pylint
3dc9c62 
Signed-off-by: Paul Van Eck <[email protected]>
@github-project-automation github-project-automation bot moved this from Untriaged to In Progress in Azure Identity SDK Improvements Sep 11, 2025
@pvaneck pvaneck merged commit eb0ecce into Azure:main Sep 11, 2025
20 checks passed
@github-project-automation github-project-automation bot moved this from In Progress to Done in Azure Identity SDK Improvements Sep 11, 2025
@pvaneck pvaneck deleted the identity-shared-dac branch September 11, 2025 21:53
@pvaneck pvaneck mentioned this pull request Sep 12, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@xiangyan99 xiangyan99 xiangyan99 approved these changes

@maorleger maorleger Awaiting requested review from maorleger maorleger is a code owner automatically assigned from Azure/azure-sdk-write-identity

@joshfree joshfree Awaiting requested review from joshfree joshfree is a code owner automatically assigned from Azure/azure-sdk-write-identity

@g2vinay g2vinay Awaiting requested review from g2vinay g2vinay is a code owner automatically assigned from Azure/azure-sdk-write-identity

@KarishmaGhiya KarishmaGhiya Awaiting requested review from KarishmaGhiya KarishmaGhiya is a code owner automatically assigned from Azure/azure-sdk-write-identity

@anannya03 anannya03 Awaiting requested review from anannya03 anannya03 is a code owner automatically assigned from Azure/azure-sdk-write-identity

@minhanh-phan minhanh-phan Awaiting requested review from minhanh-phan minhanh-phan is a code owner automatically assigned from Azure/azure-sdk-write-identity

Assignees
No one assigned
Labels
Azure.Identity
Projects
Azure Identity SDK Improvements
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pvaneck @xiangyan99