[Resolved in 1.32.3] msal 1.32.2 has broken our authentication from on-premise servers

[sdg002]

Describe the bug
We were deploying some Python jobs and we encountered this error . The initial suspicion was on any environmental changes on the Server (Windows via Azure AD) . But that was ruled out. We had to roll back msal to 1.32.0

azure.core.exceptions.ClientAuthenticationError: DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials:
	EnvironmentCredential: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
Visit https://aka.ms/azsdk/python/identity/environmentcredential/troubleshoot to troubleshoot this issue.
	ManagedIdentityCredential: Azure Arc managed identity configuration not found in environment. Unrecognizable WWW-Authenticate header: {}
To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.

To Reproduce

from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential

creds=DefaultAzureCredential()
vault_url="https://YOUR_KEY_VAULT.vault.azure.net"
client = SecretClient(vault_url=vault_url, credential=creds)

print("Going to get secret")
secret_value=client.get_secret(name="YOUR_SECRET")
print("Got secret")
print(f"Secret value: {secret_value.value}")
print("Done")

Expected behavior

The script about should have fetched the secret value.

What you see instead
We see the exception message. See above.

The MSAL Python version you are using
Paste the output of this
1.32.2

Additional context
We rolled back msal to 1.32.0 and it works for now

[github-actions]

Here are some similar issues that might help you. Please check if they can solve your problem.

• [Resolved in 1.32.2+; Run "pip install -U msal" to upgrade] Authentication Failed: MsalResponse object has no attribute 'headers' #812

---

Possible solution (Extracted from existing issue, might be incorrect; please verify carefully)

Downgrade msal to version 1.32.0, as it works without the authentication error. This is a temporary workaround until the issue is resolved in a future release.

Reference:

• [Resolved in 1.32.2+; Run "pip install -U msal" to upgrade] Authentication Failed: MsalResponse object has no attribute 'headers' #812 (comment)
• [Resolved in 1.32.2+; Run "pip install -U msal" to upgrade] Authentication Failed: MsalResponse object has no attribute 'headers' #812 (comment)
• [Resolved in 1.32.2+; Run "pip install -U msal" to upgrade] Authentication Failed: MsalResponse object has no attribute 'headers' #812 (comment)

Powered by issue-sentinel

[sdg002]

For now we have pinned our Azure python packages to get our mission critical processes up and running.

azure-keyvault-secrets==4.9.0
azure-identity==1.21.0
msal==1.32.0

[rayluo]

@sdg002 , thanks for reporting. We are working on a fix. You can try pip install https://github.com/AzureAD/microsoft-authentication-library-for-python/archive/refs/heads/support-arc.zip Shipped as 1.32.3