From e6fdbb2f058d70249757857b803fc49542780d6a Mon Sep 17 00:00:00 2001
From: Raymond Wiker <rayw@equinor.com>
Date: Wed, 9 Apr 2025 11:51:54 +0200
Subject: [PATCH] Use managed credentials if possible, otherwise, try
 alternatives.

---
 src/sumo/wrapper/_auth_provider.py | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/sumo/wrapper/_auth_provider.py b/src/sumo/wrapper/_auth_provider.py
index f760b56..1e5bd43 100644
--- a/src/sumo/wrapper/_auth_provider.py
+++ b/src/sumo/wrapper/_auth_provider.py
@@ -432,6 +432,17 @@ def get_auth_provider(
     devicecode=False,
     case_uuid=None,
 ) -> AuthProvider:
+    if all(
+        os.getenv(x)
+        for x in [
+            "AZURE_FEDERATED_TOKEN_FILE",
+            "AZURE_TENANT_ID",
+            "AZURE_CLIENT_ID",
+            "AZURE_AUTHORITY_HOST",
+        ]
+    ):
+        return AuthProviderManaged(resource_id)
+    # ELSE
     if refresh_token:
         return AuthProviderRefreshToken(
             refresh_token, client_id, authority, resource_id
@@ -473,17 +484,6 @@ def get_auth_provider(
         # under Equinor compliant device policy
         return AuthProviderDeviceCode(client_id, authority, resource_id)
     # ELSE
-    if all(
-        os.getenv(x)
-        for x in [
-            "AZURE_FEDERATED_TOKEN_FILE",
-            "AZURE_TENANT_ID",
-            "AZURE_CLIENT_ID",
-            "AZURE_AUTHORITY_HOST",
-        ]
-    ):
-        return AuthProviderManaged(resource_id)
-    # ELSE
     return AuthProviderNone(resource_id)