From 5c487d6477c403b8c2bd427737d672d460c8ed9b Mon Sep 17 00:00:00 2001
From: Charles Lowell <chlowe@microsoft.com>
Date: Wed, 27 May 2020 16:26:23 -0700
Subject: [PATCH 1/2] InteractiveBrowserCredential is unavailable when it can't
 bind a port

---
 .../azure/identity/_credentials/browser.py             |  1 +
 .../azure-identity/tests/test_browser_credential.py    | 10 +++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/browser.py b/sdk/identity/azure-identity/azure/identity/_credentials/browser.py
index e2169fab3c53..50c8b754922d 100644
--- a/sdk/identity/azure-identity/azure/identity/_credentials/browser.py
+++ b/sdk/identity/azure-identity/azure/identity/_credentials/browser.py
@@ -58,6 +58,7 @@ def _request_token(self, *scopes, **kwargs):
         # type: (*str, **Any) -> dict
 
         # start an HTTP server on localhost to receive the redirect
+        redirect_uri = None
         for port in range(8400, 9000):
             try:
                 server = self._server_class(port, timeout=self._timeout)
diff --git a/sdk/identity/azure-identity/tests/test_browser_credential.py b/sdk/identity/azure-identity/tests/test_browser_credential.py
index 88fb33e35cd0..8ab7411a735e 100644
--- a/sdk/identity/azure-identity/tests/test_browser_credential.py
+++ b/sdk/identity/azure-identity/tests/test_browser_credential.py
@@ -10,7 +10,7 @@
 
 from azure.core.exceptions import ClientAuthenticationError
 from azure.core.pipeline.policies import SansIOHTTPPolicy
-from azure.identity import AuthenticationRequiredError, InteractiveBrowserCredential
+from azure.identity import AuthenticationRequiredError, CredentialUnavailableError, InteractiveBrowserCredential
 from azure.identity._internal import AuthCodeRedirectServer
 from azure.identity._internal.user_agent import USER_AGENT
 from msal import TokenCache
@@ -302,6 +302,14 @@ def test_no_browser():
         credential.get_token("scope")
 
 
+def test_cannot_bind_port():
+    """get_token should raise CredentialUnavailableError when the redirect listener can't bind a port"""
+
+    credential = InteractiveBrowserCredential(server_class=Mock(side_effect=socket.error))
+    with pytest.raises(CredentialUnavailableError):
+        credential.get_token("scope")
+
+
 def _validate_auth_request_url(url):
     parsed_url = urllib_parse.urlparse(url)
     params = urllib_parse.parse_qs(parsed_url.query)

From 67932e4da0b193c48a0b7f44ed26efcde5a46443 Mon Sep 17 00:00:00 2001
From: Charles Lowell <chlowe@microsoft.com>
Date: Wed, 27 May 2020 16:37:52 -0700
Subject: [PATCH 2/2] update changelog

---
 sdk/identity/azure-identity/CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sdk/identity/azure-identity/CHANGELOG.md b/sdk/identity/azure-identity/CHANGELOG.md
index 4f304bc58673..d2a4b255b6c9 100644
--- a/sdk/identity/azure-identity/CHANGELOG.md
+++ b/sdk/identity/azure-identity/CHANGELOG.md
@@ -1,6 +1,9 @@
 # Release History
 
 ## 1.4.0b4 (Unreleased)
+- `InteractiveBrowserCredential` raises `CredentialUnavailableError` when it
+  can't start an HTTP server on `localhost`.
+  ([#11665](https://github.com/Azure/azure-sdk-for-python/pull/11665))
 - When constructing `DefaultAzureCredential`, you can now configure a tenant ID
   for `InteractiveBrowserCredential`. When none is specified, the credential
   authenticates users in their home tenants. To specify a different tenant, use