TokenCredentialCache: Adds a fallback mechanism to AAD scope override.#5337
Closed
TokenCredentialCache: Adds a fallback mechanism to AAD scope override.#5337
Conversation
aavasthy
requested review from
adityasa,
khdang,
kirankumarkolli,
neildsh and
sboshra
as code owners
aavasthy
requested review from
FabianMeiswinkel,
Pilchie and
kirillg
as code owners
|
|
||
| if (!cachedAccessToken.HasValue) | ||
| { | ||
| throw new ArgumentNullException("TokenCredential.GetTokenAsync returned a null token."); |
Member
There was a problem hiding this comment.
Include Scopes in all exception message.
| DefaultTrace.TraceError($"TokenCredential.GetTokenAsync failed with override scope '{this.overrideScope}': {ex.Message}. Retrying with default scope '{this.defaultScope}'."); | ||
|
|
||
| TokenRequestContext defaultContext = new TokenRequestContext(new string[] { this.defaultScope }); | ||
| this.cachedAccessToken = await this.GetAndValidateTokenAsync(defaultContext); |
Member
There was a problem hiding this comment.
Orrides are final right?
| } | ||
| catch (Exception ex) | ||
| { | ||
| DefaultTrace.TraceError($"TokenCredential.GetTokenAsync failed with override scope '{this.overrideScope}': {ex.Message}. Retrying with default scope '{this.defaultScope}'."); |
Member
There was a problem hiding this comment.
Wrapping it with our exception types gives us flexibility to include extra context like scopes.
With side-affect of mis-interpretting it as Cosmos issue. Thoughs?
/cc: @FabianMeiswinkel
| { | ||
| DefaultTrace.TraceError($"TokenCredential.GetTokenAsync failed with override scope '{this.overrideScope}': {ex.Message}. Retrying with default scope '{this.defaultScope}'."); | ||
|
|
||
| TokenRequestContext defaultContext = new TokenRequestContext(new string[] { this.defaultScope }); |
Member
There was a problem hiding this comment.
Can you please share what's the behavior if multiple scopes are specified?
Member
There was a problem hiding this comment.
Ex: What happens if both account and generic ones are included.
kirankumarkolli
requested changes
Aug 15, 2025
Member
kirankumarkolli
left a comment
kirankumarkolli
left a comment
There was a problem hiding this comment.
Please check comments
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request Template
Description
It's a follow up for this PR #5252, which introduces the ability to override AAD scope value. As part of the current PR, the change provides a fallback mechanism where in if the overridden scope fails then it will make another attempt with default scope.
Type of change
Please delete options that are not relevant.
Closing issues
To automatically close an issue: closes #IssueNumber