Use managed credentials if possible, otherwise, try alternatives.

rwiker · rwiker · commit 743856e00983 · 2025-04-09T11:57:00.000+02:00
diff --git a/src/sumo/wrapper/_auth_provider.py b/src/sumo/wrapper/_auth_provider.py
@@ -432,6 +432,17 @@ def get_auth_provider(
     devicecode=False,
     case_uuid=None,
 ) -> AuthProvider:
+    if all(
+        os.getenv(x)
+        for x in [
+            "AZURE_FEDERATED_TOKEN_FILE",
+            "AZURE_TENANT_ID",
+            "AZURE_CLIENT_ID",
+            "AZURE_AUTHORITY_HOST",
+        ]
+    ):
+        return AuthProviderManaged(resource_id)
+    # ELSE
     if refresh_token:
         return AuthProviderRefreshToken(
             refresh_token, client_id, authority, resource_id
@@ -473,17 +484,6 @@ def get_auth_provider(
         # under Equinor compliant device policy
         return AuthProviderDeviceCode(client_id, authority, resource_id)
     # ELSE
-    if all(
-        os.getenv(x)
-        for x in [
-            "AZURE_FEDERATED_TOKEN_FILE",
-            "AZURE_TENANT_ID",
-            "AZURE_CLIENT_ID",
-            "AZURE_AUTHORITY_HOST",
-        ]
-    ):
-        return AuthProviderManaged(resource_id)
-    # ELSE
     return AuthProviderNone(resource_id)
 
 
