DefaultAzureCredential failed to retrieve a token from the included credentials
See original GitHub issue-
Package Name: @azure/identity
-
Package Version: 1.3.0
-
Operating system: macOS Big Sur 11.1
-
nodejs
- version: 14.16.0
-
browser
- name/version:
-
typescript
- version:
-
Is the bug related to documentation in
- README.md
- source code documentation
- SDK API docs on https://docs.microsoft.com
Describe the bug I’m trying to retrieve credentials from my vscode extension. I’m logged in and can see all my subscriptions.
In the README documentation it says that It should be enough to just be logged in, in docs online it’s unclear if I actually need to provide environment variables for it to work.
I run the following code:
const credentials = new DefaultAzureCredential()
console.log(credentials)
And it returns:
{
"UnavailableMessage": "DefaultAzureCredential => failed to retrieve a token from the included credentials",
"_sources": [
{},
{
"isEndpointUnavailable": null,
"identityClient": {
"_withCredentials": false,
"_httpClient": {
"proxyAgents": {},
"keepAliveAgents": {},
"cookieJar": {
"version": "tough-cookie@4.0.0",
"storeType": "MemoryCookieStore",
"rejectPublicSuffixes": false,
"cookies": []
}
},
"_requestPolicyOptions": {},
"_requestPolicyFactories": [
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{}
],
"authorityHost": "https://login.microsoftonline.com",
"baseUri": "https://login.microsoftonline.com"
}
},
{},
{
"cloudName": "AzureCloud",
"identityClient": {
"_withCredentials": false,
"_httpClient": {
"proxyAgents": {},
"keepAliveAgents": {},
"cookieJar": {
"version": "tough-cookie@4.0.0",
"storeType": "MemoryCookieStore",
"rejectPublicSuffixes": false,
"cookies": []
}
},
"_requestPolicyOptions": {},
"_requestPolicyFactories": [
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{}
],
"authorityHost": "https://login.microsoftonline.com",
"baseUri": "https://login.microsoftonline.com"
},
"tenantId": "common"
}
]
}
To Reproduce Steps to reproduce the behavior:
- Login on Azure Account extension
- Install @azure/identity@1.3.0
- Login to your azure account
- new DefaultAzureCredential()
Expected behavior I expect to receive a credential since I’m logged into the extension.
Screenshots Just “Proof” that I’m logged into the extension:
Additional context I’m also logged into the CLI. I have access to several subscriptions. I have not configured ANY environment variables (not needed?)
When running VisualStudioCodeCredential()
directly I get this back:
{
"cloudName": "AzureCloud",
"identityClient": {
"_withCredentials": false,
"_httpClient": {
"proxyAgents": {},
"keepAliveAgents": {},
"cookieJar": {
"version": "tough-cookie@4.0.0",
"storeType": "MemoryCookieStore",
"rejectPublicSuffixes": false,
"cookies": []
}
},
"_requestPolicyOptions": {},
"_requestPolicyFactories": [
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{}
],
"authorityHost": "https://login.microsoftonline.com",
"baseUri": "https://login.microsoftonline.com"
},
"tenantId": "common"
}
Issue Analytics
- State:
- Created 2 years ago
- Reactions:1
- Comments:19 (10 by maintainers)
Top GitHub Comments
@Crafoord App Configuration supports 2 authentication methods: access key and Azure AD. When you test in Azure Portal, you want to make sure you use the same authentication method as what your code will be using.
If all you have is the “Owner” role on App Config, it should NOT work. You can actually go to Azure Portal Configuration explorer and switch to using Azure AD authentication to test out easily.
Similar to the “Contributor” role, the “Owner” role allows you to manage the App Configuration resource. While the App Configuration data can be accessed using access keys, this role does not grant direct access to the data using Azure AD. It doesn’t matter whether you are assigned the role directly or you are in a group that is assigned the role.