Skip to content

{Core} Handle 403/DecodeError when listing tenants in az login#33745

Draft
a0x1ab with Copilot wants to merge 4 commits into
devfrom
copilot/fix-login-error
Draft

{Core} Handle 403/DecodeError when listing tenants in az login#33745
a0x1ab with Copilot wants to merge 4 commits into
devfrom
copilot/fix-login-error

Conversation

Copilot AI commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Related command
az login

Description

When az login calls GET /tenants and the response is a 403 with an HTML body (e.g. blocked by a network firewall or proxy), the SDK's JSON deserializer raises azure.core.exceptions.DecodeError, surfacing the cryptic error JSON is invalid: Expecting value: line 1 column 1 (char 0) instead of anything actionable.

Changes:

  • In SubscriptionFinder.find_using_common_tenant (_profile.py), wrap client.tenants.list() in a try/except (DecodeError, HttpResponseError) block:
    • DecodeError (non-JSON response, e.g. HTML block page): raises AzureResponseError explaining the parse failure and suggesting --tenant TENANT_ID as a workaround
    • HttpResponseError 403: raises AzureResponseError explicitly calling out the 403 and suggesting network/proxy/CAP as causes
    • Other HttpResponseError: re-raised as-is to preserve SDK error context

Before this fix, users behind a restrictive network got:

ERROR: JSON is invalid: Expecting value: line 1 column 1 (char 0)

After this fix, the same scenario produces:

ERROR: Failed to retrieve tenants. The request was blocked (HTTP 403 Forbidden).
This may be caused by a network firewall, proxy, or Conditional Access policy.
Please check your network settings and try again, or use 'az login --tenant TENANT_ID' to log in to a specific tenant.

Testing Guide

Unit tests added in test_profile.py:

  • test_login_tenant_list_403_raises_friendly_error — mocks tenants.list() raising HttpResponseError(status_code=403)
  • test_login_tenant_list_decode_error_raises_friendly_error — mocks tenants.list() raising DecodeError (HTML body)

History Notes

[Core] az login: Show a user-friendly error when tenant listing is blocked by a firewall or proxy (HTTP 403 / non-JSON response) instead of JSON is invalid


This checklist is used to make sure that common guidelines for a pull request are followed.

@azure-client-tools-bot-prd

Copy link
Copy Markdown
Validation for Azure CLI Full Test Starting...

Thanks for your contribution!

@azure-client-tools-bot-prd

Copy link
Copy Markdown
Validation for Breaking Change Starting...

Thanks for your contribution!

@azure-pipelines

Copy link
Copy Markdown
Azure Pipelines:
There may be pipelines that require an authorized user to comment /azp run to run.

Copilot AI linked an issue Jul 17, 2026 that may be closed by this pull request
Copilot AI changed the title [WIP] Fix login error during az login with device code {Core} Handle 403/DecodeError when listing tenants in az login Jul 17, 2026
Copilot AI requested a review from a0x1ab July 17, 2026 04:49
@azure-client-tools-agent

Copy link
Copy Markdown

Live test skipped

⏭️ Skipping the live test for this revision because the only test file(s) changed are azure-cli-core unit tests, which the live-test pipeline (azdev test --live) does not run — it covers command-module and extension tests only.

These azure-cli-core tests are exercised by upstream CI's unit-test jobs instead. This is informational; no action is required.


Posted by agent-assist (autonomous bug-fix pipeline).

@azure-client-tools-agent azure-client-tools-agent Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated Review Summary

Result: ✅ Pass

  • Live test (Tester): Skipped (neutral) — this PR only changes azure-cli-core unit test files, which are not runnable via azdev test --live.
  • CI checks: 1/1 passed, 0 failed, 0 pending.

No blocking issues found. This PR looks good to merge from an automated-review perspective.


Posted by agent-assist (autonomous bug-fix pipeline).

@yonzhan

yonzhan commented Jul 17, 2026

Copy link
Copy Markdown
Collaborator

Core

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Account az login/account act-identity-squad Auto-Assign Auto assign by bot

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Login Error

3 participants