microsoft-authentication-library-for-dotnet icon indicating copy to clipboard operation
microsoft-authentication-library-for-dotnet copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

[Feature Request] Some AAD exceptions should marked as retry-able by the library

Open bgavrilMS opened this issue 2 years ago • 2 comments

See https://portal.microsofticm.com/imp/v3/incidents/details/331258498/home for details

A multi-tenant service acquires tokens for users / service principals from various other tenants. The state of these tenants can be "bad", for example the tenant could have been deleted, disabled by its owner, disabled by AAD etc.

Example:

AADSTS5000224: We are sorry, this resource is not available. If you are seeing this message by mistake, please contact ...

Solution wanted:

There should be some sort of exception classification and guidance for app developers on how to handle these errors. At the very least, the rerty-able aspect should be shown.

Some errors are retry-able, e.g. "a cert update is in progress".

Related issue: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/3648

bgavrilMS avatar Sep 01 '22 16:09 bgavrilMS

There should be some sort of exception classification and guidance for app developers on how to handle these errors.

I think this ^ is covered under second point in #3561. Although a separate issue would be good too.

At the very least, the rerty-able aspect should be shown.

And this issue should be specifically for this ^ (since it's not just multi-tenant apps). [Feature Request] Expose IsRetryable in MsalServiceException based on error from AAD

pmaytak avatar Sep 01 '22 20:09 pmaytak

I ran into similar issues, and searching the error number brought me to this issue. The proposal above makes sense, but to clarify, the two examples in the description should be opposite, shouldn't they?

See https://portal.microsofticm.com/imp/v3/incidents/details/331258498/home for details

A multi-tenant service acquires tokens for users / service principals from various other tenants. The state of these tenants can be "bad", for example the tenant could have been deleted, disabled by its owner, disabled by AAD etc.

Example:

AADSTS5000224: We are sorry, this resource is not available. If you are seeing this message by mistake, please contact ...

That one, as concluded by the quoted ICM, should not retry.

Solution wanted:

There should be some sort of exception classification and guidance for app developers on how to handle these errors. At the very least, the rerty-able aspect should be shown.

Some errors are retry-able, e.g. "a cert update is in progress".

This kind of "... in progress" can be retried.

rayluo avatar Mar 28 '24 19:03 rayluo