fix: change order of authentication schemes so that an explicitly passed token (refresh or access) is used in preference to anything else.

rwiker · rwiker · commit 78c73ad65be8 · 2026-01-09T09:03:17.000+01:00
diff --git a/src/sumo/wrapper/_auth_provider.py b/src/sumo/wrapper/_auth_provider.py
@@ -432,17 +432,6 @@ def get_auth_provider(
     devicecode=False,
     case_uuid=None,
 ) -> AuthProvider:
-    if all(
-        os.getenv(x)
-        for x in [
-            "AZURE_FEDERATED_TOKEN_FILE",
-            "AZURE_TENANT_ID",
-            "AZURE_CLIENT_ID",
-            "AZURE_AUTHORITY_HOST",
-        ]
-    ):
-        return AuthProviderManaged(resource_id)
-    # ELSE
     if refresh_token:
         return AuthProviderRefreshToken(
             refresh_token, client_id, authority, resource_id
@@ -464,6 +453,17 @@ def get_auth_provider(
             return auth_silent
         pass
     # ELSE
+    if all(
+        os.getenv(x)
+        for x in [
+            "AZURE_FEDERATED_TOKEN_FILE",
+            "AZURE_TENANT_ID",
+            "AZURE_CLIENT_ID",
+            "AZURE_AUTHORITY_HOST",
+        ]
+    ):
+        return AuthProviderManaged(resource_id)
+    # ELSE
     if interactive:
         lockfile_path = Path.home() / ".config/chromium/SingletonLock"
 
