InteractiveBrowserCredential is unavailable when it can't bind a port (#11665)

chlowell · web-flow · commit a230e9244408 · 2020-05-27T16:56:38.000-07:00
diff --git a/sdk/identity/azure-identity/CHANGELOG.md b/sdk/identity/azure-identity/CHANGELOG.md
@@ -1,6 +1,9 @@
 # Release History
 
 ## 1.4.0b4 (Unreleased)
+- `InteractiveBrowserCredential` raises `CredentialUnavailableError` when it
+  can't start an HTTP server on `localhost`.
+  ([#11665](https://github.com/Azure/azure-sdk-for-python/pull/11665))
 - When constructing `DefaultAzureCredential`, you can now configure a tenant ID
   for `InteractiveBrowserCredential`. When none is specified, the credential
   authenticates users in their home tenants. To specify a different tenant, use
diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/browser.py b/sdk/identity/azure-identity/azure/identity/_credentials/browser.py
@@ -58,6 +58,7 @@ def _request_token(self, *scopes, **kwargs):
         # type: (*str, **Any) -> dict
 
         # start an HTTP server on localhost to receive the redirect
+        redirect_uri = None
         for port in range(8400, 9000):
             try:
                 server = self._server_class(port, timeout=self._timeout)
diff --git a/sdk/identity/azure-identity/tests/test_browser_credential.py b/sdk/identity/azure-identity/tests/test_browser_credential.py
@@ -10,7 +10,7 @@
 
 from azure.core.exceptions import ClientAuthenticationError
 from azure.core.pipeline.policies import SansIOHTTPPolicy
-from azure.identity import AuthenticationRequiredError, InteractiveBrowserCredential
+from azure.identity import AuthenticationRequiredError, CredentialUnavailableError, InteractiveBrowserCredential
 from azure.identity._internal import AuthCodeRedirectServer
 from azure.identity._internal.user_agent import USER_AGENT
 from msal import TokenCache
@@ -302,6 +302,14 @@ def test_no_browser():
         credential.get_token("scope")
 
 
+def test_cannot_bind_port():
+    """get_token should raise CredentialUnavailableError when the redirect listener can't bind a port"""
+
+    credential = InteractiveBrowserCredential(server_class=Mock(side_effect=socket.error))
+    with pytest.raises(CredentialUnavailableError):
+        credential.get_token("scope")
+
+
 def _validate_auth_request_url(url):
     parsed_url = urllib_parse.urlparse(url)
     params = urllib_parse.parse_qs(parsed_url.query)
