Goal

Suppose we don't have interest in supporting auth code flow in a docker container, and we just want to automatically fall back to device code flow.

Symptom

Currently in MSAL-based CLI, running az login in docker will hang, as MSAL doesn't throw an exception when it fails to open a web browser.

On the other hand, in ADAL-based CLI, if CLI fails to open a web browser, it throws RuntimeError and falls back to device code flow:

https://github.com/Azure/azure-cli/blob/14cc787d0f58bc649d402b486fdecc5625eee9ac/src/azure-cli-core/azure/cli/core/_profile.py#L199-L205

                try:
                    authority_url, _ = _get_authority_url(self.cli_ctx, tenant)
                    subscriptions = subscription_finder.find_through_authorization_code_flow(
                        tenant, self._ad_resource_uri, authority_url, auth_resource=auth_resource)
                except RuntimeError:
                    use_device_code = True
                    logger.warning('Not able to launch a browser to log you in, falling back to device code...')

I understand it is possible to throw an Exception at

But I am not sure if this is a good choice and the correct usage of auth_uri_callback.

To Reproduce

docker run -it -v d:/cli/azure-cli:/root/azure-cli python:3.9 bash
cd /root
python -m venv pyenv
. pyenv/bin/activate
pip install azdev
azdev setup -c azure-cli
az login