Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

DefaultAzureCredential failed to retrieve a token from the included credentials

See original GitHub issue

  • Package Name: @azure/identity

  • Package Version: 1.3.0

  • Operating system: macOS Big Sur 11.1

  • nodejs

    • version: 14.16.0

  • browser

    • name/version:

  • typescript

    • version:

  • Is the bug related to documentation in

Describe the bug I’m trying to retrieve credentials from my vscode extension. I’m logged in and can see all my subscriptions.

In the README documentation it says that It should be enough to just be logged in, in docs online it’s unclear if I actually need to provide environment variables for it to work.

I run the following code:

const credentials = new DefaultAzureCredential()
console.log(credentials)

And it returns:

{
   "UnavailableMessage": "DefaultAzureCredential => failed to retrieve a token from the included credentials",
   "_sources": [
     {},
     {
       "isEndpointUnavailable": null,
       "identityClient": {
         "_withCredentials": false,
         "_httpClient": {
           "proxyAgents": {},
           "keepAliveAgents": {},
           "cookieJar": {
             "version": "tough-cookie@4.0.0",
             "storeType": "MemoryCookieStore",
             "rejectPublicSuffixes": false,
             "cookies": []
           }
         },
         "_requestPolicyOptions": {},
         "_requestPolicyFactories": [
           {},
           {},
           {},
           {},
           {},
           {},
           {},
           {},
           {},
           {},
           {}
         ],
         "authorityHost": "https://login.microsoftonline.com",
         "baseUri": "https://login.microsoftonline.com"
       }
     },
     {},
     {
       "cloudName": "AzureCloud",
       "identityClient": {
         "_withCredentials": false,
         "_httpClient": {
           "proxyAgents": {},
           "keepAliveAgents": {},
           "cookieJar": {
             "version": "tough-cookie@4.0.0",
             "storeType": "MemoryCookieStore",
             "rejectPublicSuffixes": false,
             "cookies": []
           }
         },
         "_requestPolicyOptions": {},
         "_requestPolicyFactories": [
           {},
           {},
           {},
           {},
           {},
           {},
           {},
           {},
           {},
           {},
           {}
         ],
         "authorityHost": "https://login.microsoftonline.com",
         "baseUri": "https://login.microsoftonline.com"
       },
       "tenantId": "common"
     }
   ]
 }

To Reproduce Steps to reproduce the behavior:

  1. Login on Azure Account extension
  2. Install @azure/identity@1.3.0
  3. Login to your azure account
  4. new DefaultAzureCredential()

Expected behavior I expect to receive a credential since I’m logged into the extension.

Screenshots Just “Proof” that I’m logged into the extension: image

Additional context I’m also logged into the CLI. I have access to several subscriptions. I have not configured ANY environment variables (not needed?)

When running VisualStudioCodeCredential() directly I get this back:

{
   "cloudName": "AzureCloud",
   "identityClient": {
     "_withCredentials": false,
     "_httpClient": {
       "proxyAgents": {},
       "keepAliveAgents": {},
       "cookieJar": {
         "version": "tough-cookie@4.0.0",
         "storeType": "MemoryCookieStore",
         "rejectPublicSuffixes": false,
         "cookies": []
       }
     },
     "_requestPolicyOptions": {},
     "_requestPolicyFactories": [
       {},
       {},
       {},
       {},
       {},
       {},
       {},
       {},
       {},
       {},
       {}
     ],
     "authorityHost": "https://login.microsoftonline.com",
     "baseUri": "https://login.microsoftonline.com"
   },
   "tenantId": "common"
 }

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Reactions:1
  • Comments:19 (10 by maintainers)

github_iconTop GitHub Comments

3reactions
zhenlancommented, Jun 9, 2021

@Crafoord App Configuration supports 2 authentication methods: access key and Azure AD. When you test in Azure Portal, you want to make sure you use the same authentication method as what your code will be using.

image

1reaction
zhenlancommented, Jun 9, 2021

Adding “Owner” directly on user -> works.

If all you have is the “Owner” role on App Config, it should NOT work. You can actually go to Azure Portal Configuration explorer and switch to using Azure AD authentication to test out easily.

Do you have anything to add about the differences with “Owner” role w.r.t AD group vs a user, @zhenlan?

Similar to the “Contributor” role, the “Owner” role allows you to manage the App Configuration resource. While the App Configuration data can be accessed using access keys, this role does not grant direct access to the data using Azure AD. It doesn’t matter whether you are assigned the role directly or you are in a group that is assigned the role.

Read more comments on GitHub >

github_iconTop Results From Across the Web

DefaultAzureCredential failed to retrieve a token
If you try to retrieve a value from Azure Key Vault, you may run into this error: ... failed to retrieve a token...
Read more >
Azure.Identity.CredentialUnavailableException ...
CredentialUnavailableException : DefaultAzureCredential failed to retrieve a token from the included credentials.
Read more >
DefaultAzureCredential failed to retrieve a token from ... - GitHub
When using the below, it fails to retrieve any credentials. ... failed to retrieve a token from the included credentials [BUG] #18782.
Read more >
Steps to resolve “DefaultAzureCredential failed to retrieve a ...
When trying to debug application that use DefaultAzureCredential() to access ... failed to retrieve a token from the included credentials.
Read more >
DefaultAzureCredential failed to retrieve a token from the ...
Job is failing with exception ClientAuthenticationError: DefaultAzureCredential failed to retrieve a token from the included credentials.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Create Index does not preserve the "analyzer" property.

Next page

Enabling client side pagination for @azure/arm-recoveryservicesbackup