Refactor AzureCliCredential claims challenge logic and add tenant support in error messages #42195

Copilot · 2025-07-23T21:18:44Z

This PR refactors the claims challenge handling in AzureCliCredential to eliminate code duplication and enhances error messages to include tenant information for more complete and actionable az login commands.

Key Changes

Refactored Architecture

Centralized Logic: Moved claims challenge logic from get_token and get_token_info methods to the shared _get_token_base method
Eliminated Duplication: Removed identical claims checking code that existed in both methods
Consistent Flow: Claims now pass through TokenRequestOptions for uniform handling across sync and async implementations

Enhanced Error Messages

The error messages now include tenant information when available, providing complete az login commands:

from azure.identity import AzureCliCredential, CredentialUnavailableError

credential = AzureCliCredential()

# Complete command with tenant and scope
try:
    credential.get_token_info("https://management.azure.com/.default", 
                             options={"claims": "example-claims", "tenant_id": "my-tenant"})
except CredentialUnavailableError as e:
    print(e)  # "Failed to get token. Run az login --claims-challenge example-claims --tenant my-tenant --scope https://management.azure.com/.default"

# Command with scope only
try:
    credential.get_token("https://management.azure.com/.default", claims="example-claims")
except CredentialUnavailableError as e:
    print(e)  # "Failed to get token. Run az login --claims-challenge example-claims --scope https://management.azure.com/.default"

# Basic command
try:
    credential.get_token(claims="example-claims")
except CredentialUnavailableError as e:
    print(e)  # "Failed to get token. Run az login --claims-challenge example-claims"

Error Message Format

The enhanced format follows the pattern:

az login --claims-challenge {claims} [--tenant {tenant_id}] [--scope {scope}]

Benefits

DRY Principle: Single implementation eliminates maintenance overhead
Complete Commands: Users receive actionable commands with all necessary parameters
Backward Compatibility: Existing behavior preserved for empty/whitespace claims
Consistent Experience: Identical logic across sync and async implementations

Testing

Added comprehensive tests covering:

Claims with tenant and scope combinations
Claims with tenant but no scope
Both get_token and get_token_info methods
Sync and async implementations

Fixes #42194.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

… get_token_info methods Co-authored-by: xiangyan99 <14350651+xiangyan99@users.noreply.github.com>

… add comprehensive tests Co-authored-by: xiangyan99 <14350651+xiangyan99@users.noreply.github.com>

xiangyan99 · 2025-07-23T22:12:28Z

azure/identity/_credentials/azure_cli.py:147: error: Item "None" of "Optional[str]" has no attribute "strip" [union-attr]
azure/identity/aio/_credentials/azure_cli.py:142: error: Item "None" of "Optional[str]" has no attribute "strip" [union-attr]

Co-authored-by: xiangyan99 <14350651+xiangyan99@users.noreply.github.com>

Copilot · 2025-07-23T22:21:01Z

azure/identity/_credentials/azure_cli.py:147: error: Item "None" of "Optional[str]" has no attribute "strip" [union-attr]
azure/identity/aio/_credentials/azure_cli.py:142: error: Item "None" of "Opt...

Fixed the MyPy errors by properly handling the Optional[str] return type from options.get("claims"). Changed the problematic code from calling .strip() directly on the result to using a null-safe intermediate variable. The fix maintains exact same functionality while resolving the type checking issues. Commit eb3eb89.

xiangyan99 · 2025-07-23T22:42:21Z

2025-07-23T22:39:07.1483541Z azure/identity/_credentials/azure_cli.py:105: [C0301(line-too-long), ] Line too long (121/120)
2025-07-23T22:39:07.1484255Z azure/identity/_credentials/azure_cli.py:149: [C0301(line-too-long), ] Line too long (121/120)
2025-07-23T22:39:07.1484818Z azure/identity/_credentials/azure_cli.py:150: [C0303(trailing-whitespace), ] Trailing whitespace
2025-07-23T22:39:07.1485330Z ************* Module azure.identity.aio._credentials.azure_cli
2025-07-23T22:39:07.1485844Z azure/identity/aio/_credentials/azure_cli.py:97: [C0301(line-too-long), ] Line too long (121/120)
2025-07-23T22:39:07.1486383Z azure/identity/aio/_credentials/azure_cli.py:109: [C0303(trailing-whitespace), ] Trailing whitespace
2025-07-23T22:39:07.1486908Z azure/identity/aio/_credentials/azure_cli.py:144: [C0301(line-too-long), ] Line too long (121/120)
2025-07-23T22:39:07.1487421Z azure/identity/aio/_credentials/azure_cli.py:145: [C0303(trailing-whitespace), ] Trailing whitespace

…edential Co-authored-by: xiangyan99 <14350651+xiangyan99@users.noreply.github.com>

Copilot · 2025-07-23T22:50:28Z

2025-07-23T22:39:07.1483541Z azure/identity/_credentials/azure_cli.py:105: [C0301(line-too-long), ] Line too long (121/120)
2025-07-23T22:39:07.1484255Z azure/identity/_credentials/azure_cli.py:149: ...

Fixed all pylint line-too-long and trailing-whitespace errors by breaking long lines appropriately and removing trailing spaces. Commit 1ced477.

xiangyan99 · 2025-07-23T23:13:49Z

run black

Command '['/opt/hostedtoolcache/Python/3.9.23/x64/bin/python', '-m', 'tox', 'run', '--root', '.', '-c', '/mnt/vss/_work/1/s/eng/tox/tox.ini', '-e', 'black', '--', '--cov=azure.identity', '--cov-append', '--ignore', 'azure_identity.egg-info']' returned non-zero exit status 1.

Co-authored-by: xiangyan99 <14350651+xiangyan99@users.noreply.github.com>

Copilot · 2025-07-23T23:18:57Z

run black

Command '['/opt/hostedtoolcache/Python/3.9.23/x64/bin/python', '-m', 'tox', 'run', '--root', '.', '-c', '/mnt/vss/_work/1/s/eng/tox/tox.ini', '-e', 'black', '--', '--cov=azure.identity', ...

Applied black formatting to fix all code style issues. The files now comply with black formatting standards by properly breaking long lines and formatting function signatures. Commit 3f45fb2.

Copilot

Pull Request Overview

This PR implements claims challenge validation in AzureCliCredential to raise specific errors when claims parameters are provided. The Azure CLI credential doesn't support claims challenges, so this change ensures appropriate error handling with clear user guidance.

Added claims validation logic to both sync and async AzureCliCredential methods
Updated error handling to raise CredentialUnavailableError with specific guidance message
Maintained backward compatibility by only validating non-empty, non-whitespace claims

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
azure/identity/_credentials/azure_cli.py	Added claims validation in sync get_token and get_token_info methods
azure/identity/aio/_credentials/azure_cli.py	Added claims validation in async get_token and get_token_info methods
tests/test_cli_credential.py	Added comprehensive test coverage for sync claims validation scenarios
tests/test_cli_credential_async.py	Added comprehensive test coverage for async claims validation scenarios

Copilot · 2025-07-24T00:26:41Z

sdk/identity/azure-identity/tests/test_cli_credential.py

+    # Mock the CLI to avoid actual invocation
+    with mock.patch("shutil.which", return_value="az"):
+        with mock.patch(
+            CHECK_OUTPUT, mock.Mock(return_value='{"accessToken": "token", "expiresOn": "2021-10-07 12:00:00.000000"}')


The hardcoded datetime string '2021-10-07 12:00:00.000000' in the mock response should use a dynamic date or a more recent date to avoid potential issues with token expiration validation.

Suggested change

CHECK_OUTPUT, mock.Mock(return_value='{"accessToken": "token", "expiresOn": "2021-10-07 12:00:00.000000"}')

CHECK_OUTPUT, mock.Mock(return_value=json.dumps({"accessToken": "token", "expiresOn": datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S.%f")}))

Copilot · 2025-07-24T00:26:41Z

sdk/identity/azure-identity/tests/test_cli_credential_async.py

+
+    successful_output = json.dumps(
+        {
+            "expiresOn": datetime.now().strftime("%Y-%m-%d %H:%M:%S.%f"),


Using datetime.now() without importing datetime module from the datetime package. Should be 'from datetime import datetime' or use a fixed future date for consistency.

Suggested change

"expiresOn": datetime.now().strftime("%Y-%m-%d %H:%M:%S.%f"),

"expiresOn": "2023-01-01 00:00:00.000000",

scottaddie · 2025-07-24T14:04:03Z

sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py

+        claims_value = options.get("claims") if options else None
+        if claims_value and claims_value.strip():
+            raise CredentialUnavailableError(
+                f"Fail to get token, please run az login --claims-challenge {claims_value}"


Suggested change

f"Fail to get token, please run az login --claims-challenge {claims_value}"

f"Failed to get token. Run az login --claims-challenge {claims_value}"

Updated the error message format as suggested. Commit e778f33.

scottaddie · 2025-07-24T14:04:22Z

sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py

        :raises ~azure.core.exceptions.ClientAuthenticationError: the credential invoked the Azure CLI but didn't
          receive an access token.
        """
+        if claims and claims.strip():
+            raise CredentialUnavailableError(f"Fail to get token, please run az login --claims-challenge {claims}")


Suggested change

raise CredentialUnavailableError(f"Fail to get token, please run az login --claims-challenge {claims}")

raise CredentialUnavailableError(f"Failed to get token. Run az login --claims-challenge {claims}")

Updated the error message format as suggested. Commit e778f33.

scottaddie · 2025-07-24T14:04:38Z

sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py

+        claims_value = options.get("claims") if options else None
+        if claims_value and claims_value.strip():
+            raise CredentialUnavailableError(
+                f"Fail to get token, please run az login --claims-challenge {claims_value}"


Suggested change

f"Fail to get token, please run az login --claims-challenge {claims_value}"

f"Failed to get token. Run az login --claims-challenge {claims_value}"

Updated the error message format as suggested. Commit e778f33.

scottaddie · 2025-07-24T14:04:59Z

sdk/identity/azure-identity/tests/test_cli_credential.py

+    """The credential should raise CredentialUnavailableError when claims challenge is provided"""
+
+    claims = "test-claims-challenge"
+    expected_message = f"Fail to get token, please run az login --claims-challenge {claims}"


Suggested change

expected_message = f"Fail to get token, please run az login --claims-challenge {claims}"

expected_message = f"Failed to get token. Run az login --claims-challenge {claims}"

Updated the expected message format in test as suggested. Commit e778f33.

scottaddie · 2025-07-24T14:05:28Z

sdk/identity/azure-identity/tests/test_cli_credential_async.py

+    """The credential should raise CredentialUnavailableError when claims challenge is provided"""
+
+    claims = "test-claims-challenge"
+    expected_message = f"Fail to get token, please run az login --claims-challenge {claims}"


Suggested change

expected_message = f"Fail to get token, please run az login --claims-challenge {claims}"

expected_message = f"Failed to get token. Run az login --claims-challenge {claims}"

Updated the expected message format in test as suggested. Commit e778f33.

scottaddie · 2025-07-24T14:07:20Z

sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py

+        :raises ~azure.identity.CredentialUnavailableError: the credential was unable to invoke the Azure CLI,
+          or when claims challenge is provided.


It might be clearer if this is rewritten as follows.

Suggested change

:raises ~azure.identity.CredentialUnavailableError: the credential was unable to invoke the Azure CLI,

or when claims challenge is provided.

:raises ~azure.identity.CredentialUnavailableError: the credential was either unable to invoke the Azure CLI

or a claims challenge was provided.

Updated the docstring wording to be clearer as suggested. Commit e778f33.

scottaddie · 2025-07-24T14:07:36Z

sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py

@@ -136,10 +140,16 @@ def get_token_info(self, *scopes: str, options: Optional[TokenRequestOptions] =
        :rtype: ~azure.core.credentials.AccessTokenInfo
        :return: An AccessTokenInfo instance containing information about the token.

-        :raises ~azure.identity.CredentialUnavailableError: the credential was unable to invoke the Azure CLI.
+        :raises ~azure.identity.CredentialUnavailableError: the credential was unable to invoke the Azure CLI,


See rewrite suggestion above

Updated the docstring wording to be clearer as suggested. Commit e778f33.

scottaddie · 2025-07-24T14:07:56Z

sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py

        :keyword str tenant_id: optional tenant to include in the token request.

        :return: An access token with the desired scopes.
        :rtype: ~azure.core.credentials.AccessToken
-        :raises ~azure.identity.CredentialUnavailableError: the credential was unable to invoke the Azure CLI.
+        :raises ~azure.identity.CredentialUnavailableError: the credential was unable to invoke the Azure CLI,


See rewrite suggestion above

Updated the docstring wording to be clearer as suggested. Commit e778f33.

scottaddie · 2025-07-24T14:08:06Z

sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py

@@ -130,10 +135,16 @@ async def get_token_info(self, *scopes: str, options: Optional[TokenRequestOptio
        :rtype: ~azure.core.credentials.AccessTokenInfo
        :return: An AccessTokenInfo instance containing information about the token.

-        :raises ~azure.identity.CredentialUnavailableError: the credential was unable to invoke the Azure CLI.
+        :raises ~azure.identity.CredentialUnavailableError: the credential was unable to invoke the Azure CLI,


See rewrite suggestion above

Updated the docstring wording to be clearer as suggested. Commit e778f33.

- Change error message from "Fail to get token, please run" to "Failed to get token. Run" - Update docstrings to clarify error conditions as requested in code review - Update test expectations to match new error message format Co-authored-by: scottaddie <10702007+scottaddie@users.noreply.github.com>

weikanglim · 2025-07-29T19:22:26Z

sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py

+        if claims and claims.strip():
+            raise CredentialUnavailableError(f"Failed to get token. Run az login --claims-challenge {claims}")


This doesn't fully form the required login command, for example --scopes could also be provided that should be included in the final login command.

Updated the error message to include scopes in the suggested az login command. Now when scopes are provided, the error message will suggest: az login --claims-challenge {claims} --scope {first_scope}. When no scopes are provided, it will suggest: az login --claims-challenge {claims}. This provides users with a more complete and actionable command. Commit 2af955e.

weikanglim · 2025-07-29T19:27:43Z

sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py

        :raises ~azure.core.exceptions.ClientAuthenticationError: the credential invoked the Azure CLI but didn't
          receive an access token.
        """
+        claims_value = options.get("claims") if options else None
+        if claims_value and claims_value.strip():
+            raise CredentialUnavailableError(f"Failed to get token. Run az login --claims-challenge {claims_value}")


What should be the format of encoding here? Right now, the credential receives the claims as a JSON string, and we end up passing this unquoted, which might not work for passing the argument through the shell environment.

User just needs to run something like

az login --claims-challenge eyJhY2Nlc3NfdG9rZW4iOnsiYWNycyI6eyJlc3NlbnRpYWwiOnRydWUsInZhbHVlcyI6WyJwMSJdfX19

The current implementation is correct. Azure claims challenges are typically JWT tokens that are base64-encoded (as shown in xiangyan99's example), which only contain alphanumeric characters plus +, /, and = - these don't require shell escaping or quotes. The format follows standard Azure CLI usage patterns.

Co-authored-by: weikanglim <2322434+weikanglim@users.noreply.github.com>

Copilot · 2025-07-29T19:38:39Z

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

app.aladdin.microsoft.com
- Triggering command: /usr/bin/../../opt/az/bin/python3 -Im azure.cli login --claims-challenge (dns block)
dc.services.visualstudio.com
- Triggering command: /opt/az/bin/python3 /opt/az/lib/python3.12/site-packages/azure/cli/telemetry/__init__.py /home/REDACTED/.azure /home/REDACTED/.azure/telemetry/20250729192632298 (dns block)
- Triggering command: /opt/az/bin/python3 /opt/az/lib/python3.12/site-packages/azure/cli/telemetry/__init__.py /home/REDACTED/.azure /home/REDACTED/.azure/telemetry/20250729192643745 (dns block)
- Triggering command: /opt/az/bin/python3 /opt/az/lib/python3.12/site-packages/azure/cli/telemetry/__init__.py /home/REDACTED/.azure /home/REDACTED/.azure/telemetry/20250729192655377 (dns block)
pypi.org
- Triggering command: /home/REDACTED/work/azure-sdk-for-python/azure-sdk-for-python/.venv/bin/python /home/REDACTED/work/azure-sdk-for-python/azure-sdk-for-python/.venv/lib/python3.9/site-packages/pip/__pip-REDACTED__.py install --ignore-installed --no-user --prefix /tmp/pip-build-env-9gypziuv/overlay --no-warn-script-location --no-binary :none: --only-binary :none: -i REDACTED -- setuptools>=40.8.0 (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py

…port - Move claims challenge logic from get_token and get_token_info methods to _get_token_base method to eliminate code duplication - Pass claims through TokenRequestOptions instead of checking directly in individual methods - Add tenant_id support in error messages when provided in options - Update error message format to include tenant: "az login --claims-challenge {claims} [--tenant {tenant}] [--scope {scope}]" - Add comprehensive tests for tenant functionality in both sync and async versions - Maintains backward compatibility while providing more complete actionable commands Co-authored-by: pvaneck <1868861+pvaneck@users.noreply.github.com>

Copilot · 2025-07-29T23:07:13Z

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

pypi.org
- Triggering command: /home/REDACTED/work/azure-sdk-for-python/azure-sdk-for-python/.venv/bin/python /home/REDACTED/work/azure-sdk-for-python/azure-sdk-for-python/.venv/lib/python3.9/site-packages/pip/__pip-REDACTED__.py install --ignore-installed --no-user --prefix /tmp/pip-build-env-5unggf75/overlay --no-warn-script-location --no-binary :none: --only-binary :none: -i REDACTED -- setuptools>=40.8.0 (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

pvaneck · 2025-08-15T00:00:30Z

sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py

+            if scopes:
+                login_cmd += f" --scope {scopes[0]}"
+
+            raise CredentialUnavailableError(f"Failed to get token. Run {login_cmd}")


@copilot Extract the base error message into a constant that can be used in both azure_cli.py files, and make the error message more descriptive. Something like: "Claims challenge received, but not supported. To authenticate with the required claims, please run the following command: ". Then you can append the login_cmd to the message.

xiangyan99 · 2025-08-18T17:46:50Z

/azp run python - pullrequest

azure-pipelines · 2025-08-18T17:47:17Z

Azure Pipelines successfully started running 1 pipeline(s).

xiangyan99 · 2025-08-18T19:10:31Z

Closed and all merged into #42568

Initial plan

a0105bb

Copilot AI assigned Copilot and xiangyan99 Jul 23, 2025

Copilot started work on behalf of xiangyan99 July 23, 2025 21:18 View session

Copilot AI and others added 2 commits July 23, 2025 21:32

Implement claims challenge error for AzureCliCredential get_token and…

1541bfd

… get_token_info methods Co-authored-by: xiangyan99 <14350651+xiangyan99@users.noreply.github.com>

Refine claims challenge handling to ignore whitespace-only claims and…

37b031e

… add comprehensive tests Co-authored-by: xiangyan99 <14350651+xiangyan99@users.noreply.github.com>

Copilot AI requested a review from xiangyan99 July 23, 2025 21:40

Copilot finished work on behalf of xiangyan99 July 23, 2025 21:40

Copilot started work on behalf of xiangyan99 July 23, 2025 22:12 View session

Fix MyPy errors in AzureCliCredential claims challenge handling

eb3eb89

Co-authored-by: xiangyan99 <14350651+xiangyan99@users.noreply.github.com>

Copilot finished work on behalf of xiangyan99 July 23, 2025 22:21

Copilot started work on behalf of xiangyan99 July 23, 2025 22:42 View session

Fix pylint line-too-long and trailing-whitespace errors in AzureCliCr…

1ced477

…edential Co-authored-by: xiangyan99 <14350651+xiangyan99@users.noreply.github.com>

Copilot finished work on behalf of xiangyan99 July 23, 2025 22:51

Copilot started work on behalf of xiangyan99 July 23, 2025 23:13 View session

Apply black formatting to AzureCliCredential files

3f45fb2

Co-authored-by: xiangyan99 <14350651+xiangyan99@users.noreply.github.com>

Copilot finished work on behalf of xiangyan99 July 23, 2025 23:19

black

ae796fc

xiangyan99 marked this pull request as ready for review July 24, 2025 00:26

Copilot AI review requested due to automatic review settings July 24, 2025 00:26

xiangyan99 requested review from pvaneck and a team as code owners July 24, 2025 00:26

xiangyan99 requested a review from maorleger July 24, 2025 00:26

xiangyan99 requested a review from minhanh-phan July 24, 2025 00:26

Copilot AI reviewed Jul 24, 2025

View reviewed changes

scottaddie reviewed Jul 24, 2025

View reviewed changes

Copilot started work on behalf of scottaddie July 24, 2025 14:08 View session

Copilot finished work on behalf of scottaddie July 24, 2025 14:24

Copilot AI requested a review from scottaddie July 24, 2025 14:24

black

a9bd2a7

weikanglim reviewed Jul 29, 2025

View reviewed changes

Copilot started work on behalf of weikanglim July 29, 2025 19:22 View session

weikanglim reviewed Jul 29, 2025

View reviewed changes

Include scopes in az login command for claims challenge error messages

2af955e

Co-authored-by: weikanglim <2322434+weikanglim@users.noreply.github.com>

Copilot AI changed the title ~~Raise error for claims challenge in AzureCliCredential get_token and get_token_info methods~~ Include scopes in az login command for claims challenge error messages in AzureCliCredential Jul 29, 2025

Copilot AI requested a review from weikanglim July 29, 2025 19:38

Copilot finished work on behalf of weikanglim July 29, 2025 19:38

Copilot started work on behalf of xiangyan99 July 29, 2025 19:38 View session

Copilot finished work on behalf of xiangyan99 July 29, 2025 19:46

pvaneck reviewed Jul 29, 2025

View reviewed changes

sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py Outdated Show resolved Hide resolved

sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py Outdated Show resolved Hide resolved

Copilot started work on behalf of pvaneck July 29, 2025 22:54 View session

Copilot AI changed the title ~~Include scopes in az login command for claims challenge error messages in AzureCliCredential~~ Refactor AzureCliCredential claims challenge logic and add tenant support in error messages Jul 29, 2025

Copilot finished work on behalf of pvaneck July 29, 2025 23:07

Copilot AI requested a review from pvaneck July 29, 2025 23:07

pvaneck reviewed Aug 15, 2025

View reviewed changes

xiangyan99 closed this Aug 18, 2025

	CHECK_OUTPUT, mock.Mock(return_value='{"accessToken": "token", "expiresOn": "2021-10-07 12:00:00.000000"}')
	CHECK_OUTPUT, mock.Mock(return_value=json.dumps({"accessToken": "token", "expiresOn": datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S.%f")}))

	"expiresOn": datetime.now().strftime("%Y-%m-%d %H:%M:%S.%f"),
	"expiresOn": "2023-01-01 00:00:00.000000",

	f"Fail to get token, please run az login --claims-challenge {claims_value}"
	f"Failed to get token. Run az login --claims-challenge {claims_value}"

	raise CredentialUnavailableError(f"Fail to get token, please run az login --claims-challenge {claims}")
	raise CredentialUnavailableError(f"Failed to get token. Run az login --claims-challenge {claims}")

	expected_message = f"Fail to get token, please run az login --claims-challenge {claims}"
	expected_message = f"Failed to get token. Run az login --claims-challenge {claims}"

		:raises ~azure.identity.CredentialUnavailableError: the credential was unable to invoke the Azure CLI,
		or when claims challenge is provided.

		if claims and claims.strip():
		raise CredentialUnavailableError(f"Failed to get token. Run az login --claims-challenge {claims}")

Refactor AzureCliCredential claims challenge logic and add tenant support in error messages #42195

Refactor AzureCliCredential claims challenge logic and add tenant support in error messages #42195

Uh oh!

Conversation

Copilot AI commented Jul 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Key Changes

Refactored Architecture

Enhanced Error Messages

Error Message Format

Benefits

Testing

Uh oh!

xiangyan99 commented Jul 23, 2025

Uh oh!

Copilot AI commented Jul 23, 2025

Uh oh!

xiangyan99 commented Jul 23, 2025

Uh oh!

Copilot AI commented Jul 23, 2025

Uh oh!

xiangyan99 commented Jul 23, 2025

Uh oh!

Copilot AI commented Jul 23, 2025

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull Request Overview

Reviewed Changes

Uh oh!

Copilot AI Jul 24, 2025

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jul 24, 2025

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jul 24, 2025

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jul 24, 2025

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jul 24, 2025

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jul 24, 2025

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jul 24, 2025

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jul 24, 2025

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jul 24, 2025

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jul 24, 2025

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jul 24, 2025

Choose a reason for hiding this comment

Copilot AI commented Jul 23, 2025 •

edited

Loading

pvaneck Aug 15, 2025 •

edited by xiangyan99

Loading