Merge pull request #231168 from Dickson-Mwendia/msal-python-error-handling

v-shils · web-flow · commit f77be8c1645d · 2023-03-22T12:44:45.000-07:00
[msid][github-issue]Add an example of error handling in MSAL for Python
diff --git a/articles/active-directory/develop/msal-error-handling-python.md b/articles/active-directory/develop/msal-error-handling-python.md
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 11/26/2020
+ms.date: 03/16/2023
 ms.author: dmwendia
 ms.reviewer: saeeda, rayluo
 ms.custom: aaddev
@@ -25,9 +25,34 @@ In MSAL for Python, most errors are conveyed as a return value from the API call
 * A successful response contains the `"access_token"` key. The format of the response is defined by the OAuth2 protocol. For more information, see [5.1 Successful Response](https://tools.ietf.org/html/rfc6749#section-5.1)
 * An error response contains `"error"` and usually `"error_description"`. The format of the response is defined by the OAuth2 protocol. For more information, see [5.2 Error Response](https://tools.ietf.org/html/rfc6749#section-5.2)
 
-When an error is returned, the `"error_description"` key contains a human-readable message; which in turn typically contains a Microsoft identity platform error code. For details about the various error codes, see [Authentication and authorization error codes](./reference-aadsts-error-codes.md).
+When an error is returned, the `"error"` key contains a machine-readable code. If the `"error"` is, for example, an `"interaction_required"`, you may prompt the user to provide additional information to complete the authentication process. If the `"error"` is `"invalid_grant"`, you may prompt the user to reenter their credentials. The following snippet is an example of error handling in MSAL for Python.
 
-In MSAL for Python, exceptions are rare because most errors are handled by returning an error value. The `ValueError` exception is only thrown when there is an issue with how you are attempting to use the library, such as when API parameter(s) are malformed.
+```python
+
+from msal import ConfidentialClientApplication
+
+authority_url = "https://login.microsoftonline.com/your_tenant_id"
+client_id = "your_client_id"
+client_secret = "your_client_secret"
+scopes = ["https://graph.microsoft.com/.default"]
+
+app = ConfidentialClientApplication(client_id, authority=authority_url, client_credential=client_secret)
+
+result = app.acquire_token_silent(scopes=scopes, account=None)
+
+if not result:
+    result = app.acquire_token_silent(scopes=scopes)
+
+if "access_token" in result:
+    print("Access token: %s" % result["access_token"])
+else:
+    print("Error: %s" % result.get("error"))
+
+```
+
+When an error is returned, the `"error_description"` key also contains a human-readable message, and there is typically also an `"error_code"` key which contains a machine-readable Microsoft identity platform error code. For more information about the various Microsoft identity platform error codes, see [Authentication and authorization error codes](./reference-aadsts-error-codes.md).
+
+In MSAL for Python, exceptions are rare because most errors are handled by returning an error value. The `ValueError` exception is only thrown when there's an issue with how you're attempting to use the library, such as when API parameter(s) are malformed.
 
 [!INCLUDE [Active directory error handling claims challenges](../../../includes/active-directory-develop-error-handling-claims-challenges.md)]
 
