Draft
{Core} Handle 403/DecodeError when listing tenants in az login#33745
az login#33745Conversation
|
Validation for Azure CLI Full Test Starting...
Thanks for your contribution! |
|
Validation for Breaking Change Starting...
Thanks for your contribution! |
|
Azure Pipelines: There may be pipelines that require an authorized user to comment /azp run to run. |
Open
Copilot
AI
changed the title
[WIP] Fix login error during az login with device code
{Core} Handle 403/DecodeError when listing tenants in Jul 17, 2026
az login
Live test skipped⏭️ Skipping the live test for this revision because the only test file(s) changed are These Posted by agent-assist (autonomous bug-fix pipeline). |
There was a problem hiding this comment.
Automated Review Summary
Result: ✅ Pass
- Live test (Tester): Skipped (neutral) — this PR only changes
azure-cli-coreunit test files, which are not runnable viaazdev test --live. - CI checks: 1/1 passed, 0 failed, 0 pending.
No blocking issues found. This PR looks good to merge from an automated-review perspective.
Posted by agent-assist (autonomous bug-fix pipeline).
Collaborator
|
Core |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related command
az loginDescription
When
az logincallsGET /tenantsand the response is a 403 with an HTML body (e.g. blocked by a network firewall or proxy), the SDK's JSON deserializer raisesazure.core.exceptions.DecodeError, surfacing the cryptic errorJSON is invalid: Expecting value: line 1 column 1 (char 0)instead of anything actionable.Changes:
SubscriptionFinder.find_using_common_tenant(_profile.py), wrapclient.tenants.list()in atry/except (DecodeError, HttpResponseError)block:DecodeError(non-JSON response, e.g. HTML block page): raisesAzureResponseErrorexplaining the parse failure and suggesting--tenant TENANT_IDas a workaroundHttpResponseError403: raisesAzureResponseErrorexplicitly calling out the 403 and suggesting network/proxy/CAP as causesHttpResponseError: re-raised as-is to preserve SDK error contextBefore this fix, users behind a restrictive network got:
After this fix, the same scenario produces:
Testing Guide
Unit tests added in
test_profile.py:test_login_tenant_list_403_raises_friendly_error— mockstenants.list()raisingHttpResponseError(status_code=403)test_login_tenant_list_decode_error_raises_friendly_error— mockstenants.list()raisingDecodeError(HTML body)History Notes
[Core]
az login: Show a user-friendly error when tenant listing is blocked by a firewall or proxy (HTTP 403 / non-JSON response) instead ofJSON is invalidThis checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.