KeyVault Secrets SDK throws AuthenticationFailedException forcing additional dependency on Azure.Identity
See original GitHub issueBug Description
Azure.Security.KeyVault.Secrets.SecretClient
throws Azure.Identity.AuthenticationFailedException
in case the Azure.Core.TokenCredential
passed to it could not be used. For example, when a user tries to fetch a secret from the key vault using DefaultAzureCredential
but an approprite credential as described here could not be found, then Azure.Identity.AuthenticationFailedException
is thrown.
Since the exception AuthenticationFailedException
belongs to the Azure.Identity
package, consumers of the Azure.Security.KeyVault.Secrets
package are unable to handle it the right way without adding an explicit dependency on the Azure.Identity
package.
Expected behavior
When the input TokenCredential
could not be used for authentication, Azure.Security.KeyVault.Secrets
throws an exception that does not require an explicitly dependency on another package that is not one of its dependencies, so it could be handled by the consumers.
Actual behavior (include Exception or Stack Trace)
When the input TokenCredential
could not be used for authentication, Azure.Security.KeyVault.Secrets
throws AuthenticationFailedException
exception that requires a dependency on Azure.Identity
package to be able to handle it the right way.
Exception
Azure.Identity.AuthenticationFailedException: The DefaultAzureCredential failed to retrieve a token from the included credentials.
EnvironmentCredential is unavailable.
Environment variables not fully configured.
AZURE_TENANT_ID and AZURE_CLIENT_ID must be set, along with either AZURE_CLIENT_SECRET or AZURE_USERNAME and AZURE_PASSWORD.
Currently set variables [ ].
ManagedIdentityCredential is unavailable No managed identity endpoint found..
SharedTokenCacheCredential is unavailable Token acquisition failed for user . To fix, re-authenticate through developer tooling supporting Azure single sign on.
Stack Trace
DefaultAzureCredential.GetTokenAsync(Boolean isAsync, TokenRequestContext requestContext, CancellationToken cancellationToken)
DefaultAzureCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
ChallengeBasedAuthenticationPolicy.AuthenticateRequestAsync(HttpMessage message, Boolean async)
ChallengeBasedAuthenticationPolicy.ProcessCoreAsync(HttpMessage message, ReadOnlyMemory pipeline, Boolean async)
RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory pipeline, Boolean async)
RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory pipeline, Boolean async)
HttpPipelineSynchronousPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory pipeline)
HttpPipelineSynchronousPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory pipeline)
HttpPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)
KeyVaultPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)
KeyVaultPipeline.SendRequestAsync[TResult](RequestMethod method, Func resultFactory, CancellationToken cancellationToken, String[] path)
SecretClient.GetSecretAsync(String name, String version, CancellationToken cancellationToken)
Environment: .NET Standard 2.0 Class Library Azure.Security.KeyVault.Secrets 4.0.1
Issue Analytics
- State:
- Created 4 years ago
- Comments:14 (13 by maintainers)
Top GitHub Comments
This is a good one, without AuthenticationFailedException being in Core library authors can’t handle authentication exceptions.
We should consider using TypeForwarding and moving the exception to azure.core
cc @KrzysztofCwalina
Sounds good. I will close this as not planned for now.