[Feature Request] Update Managed Identity Exceptions to MSALServiceExceptions

[gladjohn]

MSAL client type

Confidential

Problem Statement

In MSAL .NET, ManagedIdentityException only derived from ServiceException and not from UIRequiredException. This created a disconnect in our hierarchy of exceptions, as it didn't encompass all the necessary types that our application deals with, particularly in scenarios requiring user interaction (CAE with SLC). By moving to MsalServiceException, we ensure that all exceptions fit neatly into our established hierarchy, making it more predictable and easier to manage.

The introduction of ManagedIdentityException was initially intended to add extra data about the source leading to this exception. However, this approach led to a fragmentation in our exception handling logic. In scenarios involving shared logic between Managed Service Identity (MSI) and Security Token Service (STS), the code needed to handle or throw the correct exception type, leading to unnecessary complexity (SLC). By standardizing on MsalServiceException, we eliminate this fragmentation, allowing for more streamlined and reusable exception handling code.

The previous approach often required catching MsalServiceException and rethrowing it as ManagedIdentityException in certain contexts. This added an extra layer of complexity to our exception handling logic. With this refactor, we eliminate such patterns, simplifying the flow and making the code more maintainable.

MSAL .NET PR : AzureAD/microsoft-authentication-library-for-dotnet#4476

Proposed solution

To expose the Managed Identity source, we instead added a property bag with extra details for this exception. And create MSALServiceExceptions for MI Exceptions

The ask for MSAL Python is to use MSALServiceExceptions when you GA MI as a feature.

[bgavrilMS]

@rayluo - Azure SDK folks would like to have extra information in all MSI errors about which source this belongs to. I am not sure about the error hierarchy in MSAL PY.