Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
DefaultAzureCredential failed to retrieve a token from the included credentials [BUG]
See original GitHub issueDescribe the bug Please provide the description of issue you’re seeing.
When using the below, it fails to retrieve any credentials. I am logged into
var cred = new DefaultAzureCredential();
Expected behavior What is the expected behavior? I recieve a credential either from Visual Studio as the logged in user or from any of the other configured providers.
Actual behavior (include Exception or Stack Trace) What is the actual behavior?
| Name | Value | Type – | – | – | – ◢ | cred | {Azure.Identity.DefaultAzureCredential} | Azure.Identity.DefaultAzureCredential | ◢ Static members | | | ◢ Non-Public members | | | DefaultExceptionMessage | “DefaultAzureCredential failed to retrieve a token from the included credentials.” | string | UnhandledExceptionMessage | “DefaultAzureCredential authentication failed.” | string | ▶ s_defaultCredentialChain | {Azure.Core.TokenCredential[7]} | Azure.Core.TokenCredential[] | ◢ Non-Public members | | | ◢ _credentialLock | {Azure.Identity.AsyncLockWithValue<Azure.Core.TokenCredential>} | Azure.Identity.AsyncLockWithValue<Azure.Core.TokenCredential> | ▶ Non-Public members | | | ◢ _pipeline | {Azure.Identity.CredentialPipeline} | Azure.Identity.CredentialPipeline | ▶ AuthorityHost | {https://login.microsoftonline.com/} | System.Uri | ▶ Diagnostics | {Azure.Core.Pipeline.ClientDiagnostics} | Azure.Core.Pipeline.ClientDiagnostics | ▶ HttpPipeline | {Azure.Core.Pipeline.HttpPipeline} | Azure.Core.Pipeline.HttpPipeline | ▶ Static members | | | ▶ Non-Public members | | | ◢ _sources | {Azure.Core.TokenCredential[7]} | Azure.Core.TokenCredential[] | ◢ [0] | {Azure.Identity.EnvironmentCredential} | Azure.Core.TokenCredential {Azure.Identity.EnvironmentCredential} | ◢ Static members | | | ◢ Non-Public members | | | UnavailbleErrorMessage | “EnvironmentCredential authentication unavailable. Environment variables are not fully configured.” | string | ◢ Non-Public members | | | Credential | null | Azure.Core.TokenCredential | ▶ _pipeline | {Azure.Identity.CredentialPipeline} | Azure.Identity.CredentialPipeline | ◢ [1] | {Azure.Identity.ManagedIdentityCredential} | Azure.Core.TokenCredential {Azure.Identity.ManagedIdentityCredential} | ◢ Static members | | | ◢ Non-Public members | | | MsiUnavailableError | “No managed identity endpoint found.” | string | ◢ Non-Public members | | | ▶ _client | {Azure.Identity.ManagedIdentityClient} | Azure.Identity.ManagedIdentityClient | ▶ _pipeline | {Azure.Identity.CredentialPipeline} | Azure.Identity.CredentialPipeline | ◢ [2] | {Azure.Identity.SharedTokenCacheCredential} | Azure.Core.TokenCredential {Azure.Identity.SharedTokenCacheCredential} | ◢ Static members | | | ◢ Non-Public members | | | MultipleAccountsInCacheMessage | “SharedTokenCacheCredential authentication unavailable. Multiple accounts were found in the cache. Use username and tenant id to disambiguate.” | string | MultipleMatchingAccountsInCacheMessage | “SharedTokenCacheCredential authentication unavailable. Multiple accounts matching the specified{0}{1} were found in the cache.” | string | NoAccountsInCacheMessage | “SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.” | string | NoMatchingAccountsInCacheMessage | “SharedTokenCacheCredential authentication unavailable. No account matching the specified{0}{1} was found in the cache.” | string | ▶ s_DefaultCacheOptions | {Azure.Identity.SharedTokenCacheCredentialOptions} | Azure.Identity.ITokenCacheOptions {Azure.Identity.SharedTokenCacheCredentialOptions} | ◢ Non-Public members | | | ▶ _account | ThreadSafetyMode=ExecutionAndPublication, IsValueCreated=false, IsValueFaulted=false, Value=null | System.Lazy<System.Threading.Tasks.Task<Microsoft.Identity.Client.IAccount>> | ▶ _client | {Azure.Identity.MsalPublicClient} | Azure.Identity.MsalPublicClient | ▶ _pipeline | {Azure.Identity.CredentialPipeline} | Azure.Identity.CredentialPipeline | ▶ _record | null | Azure.Identity.AuthenticationRecord | _tenantId | null | string | _username | null | string | ◢ [3] | {Azure.Identity.VisualStudioCredential} | Azure.Core.TokenCredential {Azure.Identity.VisualStudioCredential} | ◢ Static members | | | ◢ Non-Public members | | | ResourceArgumentName | “–resource” | string | TenantArgumentName | “–tenant” | string | TokenProviderFilePath | “.IdentityService\AzureServiceAuth\tokenprovider.json” | string | ◢ Non-Public members | | | ▶ _fileSystem | {Azure.Identity.FileSystemService} | Azure.Identity.IFileSystemService {Azure.Identity.FileSystemService} | ▶ _pipeline | {Azure.Identity.CredentialPipeline} | Azure.Identity.CredentialPipeline | ▶ _processService | {Azure.Identity.ProcessService} | Azure.Identity.IProcessService {Azure.Identity.ProcessService} | _tenantId | null | string | ◢ [4] | {Azure.Identity.VisualStudioCodeCredential} | Azure.Core.TokenCredential {Azure.Identity.VisualStudioCodeCredential} | ◢ Static members | | | ◢ Non-Public members | | | ClientId | “aebc6443-996d-45c2-90f0-388ff96faa56” | string | CredentialsSection | “VS Code Azure” | string | ◢ Non-Public members | | | ▶ _client | {Azure.Identity.MsalPublicClient} | Azure.Identity.MsalPublicClient | ▶ _fileSystem | {Azure.Identity.FileSystemService} | Azure.Identity.IFileSystemService {Azure.Identity.FileSystemService} | ▶ _pipeline | {Azure.Identity.CredentialPipeline} | Azure.Identity.CredentialPipeline | _tenantId | “common” | string | ▶ _vscAdapter | {Azure.Identity.WindowsVisualStudioCodeAdapter} | Azure.Identity.IVisualStudioCodeAdapter {Azure.Identity.WindowsVisualStudioCodeAdapter} | ◢ [5] | {Azure.Identity.AzureCliCredential} | Azure.Core.TokenCredential {Azure.Identity.AzureCliCredential} | ◢ Static members | | | ◢ Non-Public members | | | ▶ AzNotFoundPattern | {az:(.*)not found} | System.Text.RegularExpressions.Regex | AzNotLogIn | “Please run ‘az login’ to set up account” | string | AzureCLINotInstalled | “Azure CLI not installed” | string | AzureCliFailedError | “Azure CLI authentication failed due to an unknown error.” | string | AzureCliTimeoutError | “Azure CLI authentication timed out.” | string | CliProcessTimeoutMs | 10000 | int | DefaultPath | “C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin;C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin” | string | DefaultPathNonWindows | “/usr/bin:/usr/local/bin” | string | DefaultPathWindows | “C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin;C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin” | string | DefaultWorkingDir | “C:\WINDOWS\system32” | string | DefaultWorkingDirNonWindows | “/bin/” | string | DefaultWorkingDirWindows | “C:\WINDOWS\system32” | string | WinAzureCLIError | “‘az’ is not recognized” | string | ◢ Non-Public members | | | _path | “c:\program files (x86)\microsoft visual studio\2019\enterprise\common7\ide\commonextensions\microsoft\teamfoundation\team explorer\NativeBinaries\x86;C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin;C:\Python27\;C:\Python27\Scripts;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;C:\ProgramData\chocolatey\bin;C:\Program Files\nodejs\;C:\Program Files\Java\jdk1.8.0_211\bin;C:\Program Files (x86)\Yarn\bin\;C:\Users\TomAndrews\AppData\Local\Android\Sdk\platform-tools;C:\Program Files\Git\cmd;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Users\TomAndrews\AppData\Local\Microsoft\WindowsApps;C:\Users\TomAndrews\AppData\Local\Programs\Microsoft VS Code Insiders\bin;C:\Users\TomAndrews\AppData\Roaming\npm;C:\tools\Cmder;C:\Users\TomAndrews\AppData\Local\Yarn\bin;C:\Users\TomAndrews\AppData\Local\Programs\Microsoft Code OSS\bin;C:\tools;C:\Users\TomAndrews\.dotnet\tools;C:\Users\TomAndrews\.dotnet\tools;C:\Users\TomAndrews\AppData\Local\Microsoft\WindowsApps” | string | ▶ _pipeline | {Azure.Identity.CredentialPipeline} | Azure.Identity.CredentialPipeline | ▶ _processService | {Azure.Identity.ProcessService} | Azure.Identity.IProcessService {Azure.Identity.ProcessService} | [6] | null | Azure.Core.TokenCredential
To Reproduce Steps to reproduce the behavior (include a code snippet, screenshot, or any additional information that might help us reproduce the issue)
- I am just running this and inspecting the value of cred
var cred = new DefaultAzureCredential();
Environment:
- Name and version of the Library package used:
#region Assembly Azure.Identity, Version=1.2.2.0, Culture=neutral, PublicKeyToken=92742159e12e44c8
// C:\projects\revoke\rvokeapi\packages\Azure.Identity.1.2.2\lib\netstandard2.0\Azure.Identity.dll
#endregion
using Azure.Core;
using System.Runtime.CompilerServices;
using System.Threading;
using System.Threading.Tasks;
namespace Azure.Identity
{
//
// Summary:
// Provides a default Azure.Core.TokenCredential authentication flow for applications
// that will be deployed to Azure. The following credential types if enabled will
// be tried, in order:
// • Azure.Identity.EnvironmentCredential
// • Azure.Identity.ManagedIdentityCredential
// • Azure.Identity.SharedTokenCacheCredential
// • Azure.Identity.VisualStudioCredential
// • Azure.Identity.VisualStudioCodeCredential
// • Azure.Identity.AzureCliCredential
// • Azure.Identity.InteractiveBrowserCredential
// Consult the documentation of these credential types for more information on how
// they attempt authentication.
//
// Remarks:
// Note that credentials requiring user interaction, such as the Azure.Identity.InteractiveBrowserCredential,
// are not included by default. Callers must explicitly enable this when constructing
// the Azure.Identity.DefaultAzureCredential either by setting the includeInteractiveCredentials
// parameter to true, or the setting the Azure.Identity.DefaultAzureCredentialOptions.ExcludeInteractiveBrowserCredential
// property to false when passing Azure.Identity.DefaultAzureCredentialOptions.
public class DefaultAzureCredential : TokenCredential
{
//
// Summary:
// Creates an instance of the DefaultAzureCredential class.
//
// Parameters:
// includeInteractiveCredentials:
// Specifies whether credentials requiring user interaction will be included in
// the default authentication flow.
public DefaultAzureCredential(bool includeInteractiveCredentials = false);
//
// Summary:
// Creates an instance of the Azure.Identity.DefaultAzureCredential class.
//
// Parameters:
// options:
// Options that configure the management of the requests sent to Azure Active Directory
// services, and determine which credentials are included in the Azure.Identity.DefaultAzureCredential
// authentication flow.
public DefaultAzureCredential(DefaultAzureCredentialOptions options);
//
// Summary:
// Sequentially calls Azure.Core.TokenCredential.GetToken(Azure.Core.TokenRequestContext,System.Threading.CancellationToken)
// on all the included credentials in the order Azure.Identity.EnvironmentCredential,
// Azure.Identity.ManagedIdentityCredential, Azure.Identity.SharedTokenCacheCredential,
// and Azure.Identity.InteractiveBrowserCredential returning the first successfully
// obtained Azure.Core.AccessToken. This method is called by Azure SDK clients.
// It isn't intended for use in application code.
//
// Parameters:
// requestContext:
// The details of the authentication request.
//
// cancellationToken:
// A System.Threading.CancellationToken controlling the request lifetime.
//
// Returns:
// The first Azure.Core.AccessToken returned by the specified sources. Any credential
// which raises a Azure.Identity.CredentialUnavailableException will be skipped.
//
// Remarks:
// Note that credentials requiring user interaction, such as the Azure.Identity.InteractiveBrowserCredential,
// are not included by default.
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = default);
//
// Summary:
// Sequentially calls Azure.Core.TokenCredential.GetToken(Azure.Core.TokenRequestContext,System.Threading.CancellationToken)
// on all the included credentials in the order Azure.Identity.EnvironmentCredential,
// Azure.Identity.ManagedIdentityCredential, Azure.Identity.SharedTokenCacheCredential,
// and Azure.Identity.InteractiveBrowserCredential returning the first successfully
// obtained Azure.Core.AccessToken. This method is called by Azure SDK clients.
// It isn't intended for use in application code.
//
// Parameters:
// requestContext:
// The details of the authentication request.
//
// cancellationToken:
// A System.Threading.CancellationToken controlling the request lifetime.
//
// Returns:
// The first Azure.Core.AccessToken returned by the specified sources. Any credential
// which raises a Azure.Identity.CredentialUnavailableException will be skipped.
//
// Remarks:
// Note that credentials requiring user interaction, such as the Azure.Identity.InteractiveBrowserCredential,
// are not included by default.
[AsyncStateMachine(typeof(<GetTokenAsync>d__11))]
public override ValueTask<AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default);
}
}
- Hosting platform or OS and .NET runtime version (
dotnet --infooutput for .NET Core projects): Windows 10, .Net Framework 4.7.2 - IDE and version : Visual Studio Enterprise 2019 version 16.8.5
Issue Analytics
- State:
- Created 3 years ago
- Comments:16 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@lisandro444 can’t say for sure what got this working for me, but make sure you set the below environment variables. I have these being set in an #if DEBUG block
Thank you for your feedback. Tagging and routing to the team member best able to assist.