azure-sdk-for-net: DefaultAzureCredential failed to retrieve a token from the included credentials [BUG]
Describe the bug Please provide the description of issue you’re seeing.
When using the below, it fails to retrieve any credentials. I am logged into
var cred = new DefaultAzureCredential();
Expected behavior What is the expected behavior? I recieve a credential either from Visual Studio as the logged in user or from any of the other configured providers.
Actual behavior (include Exception or Stack Trace) What is the actual behavior?
| Name | Value | Type – | – | – | – ◢ | cred | {Azure.Identity.DefaultAzureCredential} | Azure.Identity.DefaultAzureCredential | ◢ Static members | | | ◢ Non-Public members | | | DefaultExceptionMessage | “DefaultAzureCredential failed to retrieve a token from the included credentials.” | string | UnhandledExceptionMessage | “DefaultAzureCredential authentication failed.” | string | ▶ s_defaultCredentialChain | {Azure.Core.TokenCredential[7]} | Azure.Core.TokenCredential[] | ◢ Non-Public members | | | ◢ _credentialLock | {Azure.Identity.AsyncLockWithValue<Azure.Core.TokenCredential>} | Azure.Identity.AsyncLockWithValue<Azure.Core.TokenCredential> | ▶ Non-Public members | | | ◢ _pipeline | {Azure.Identity.CredentialPipeline} | Azure.Identity.CredentialPipeline | ▶ AuthorityHost | {https://login.microsoftonline.com/} | System.Uri | ▶ Diagnostics | {Azure.Core.Pipeline.ClientDiagnostics} | Azure.Core.Pipeline.ClientDiagnostics | ▶ HttpPipeline | {Azure.Core.Pipeline.HttpPipeline} | Azure.Core.Pipeline.HttpPipeline | ▶ Static members | | | ▶ Non-Public members | | | ◢ _sources | {Azure.Core.TokenCredential[7]} | Azure.Core.TokenCredential[] | ◢ [0] | {Azure.Identity.EnvironmentCredential} | Azure.Core.TokenCredential {Azure.Identity.EnvironmentCredential} | ◢ Static members | | | ◢ Non-Public members | | | UnavailbleErrorMessage | “EnvironmentCredential authentication unavailable. Environment variables are not fully configured.” | string | ◢ Non-Public members | | | Credential | null | Azure.Core.TokenCredential | ▶ _pipeline | {Azure.Identity.CredentialPipeline} | Azure.Identity.CredentialPipeline | ◢ [1] | {Azure.Identity.ManagedIdentityCredential} | Azure.Core.TokenCredential {Azure.Identity.ManagedIdentityCredential} | ◢ Static members | | | ◢ Non-Public members | | | MsiUnavailableError | “No managed identity endpoint found.” | string | ◢ Non-Public members | | | ▶ _client | {Azure.Identity.ManagedIdentityClient} | Azure.Identity.ManagedIdentityClient | ▶ _pipeline | {Azure.Identity.CredentialPipeline} | Azure.Identity.CredentialPipeline | ◢ [2] | {Azure.Identity.SharedTokenCacheCredential} | Azure.Core.TokenCredential {Azure.Identity.SharedTokenCacheCredential} | ◢ Static members | | | ◢ Non-Public members | | | MultipleAccountsInCacheMessage | “SharedTokenCacheCredential authentication unavailable. Multiple accounts were found in the cache. Use username and tenant id to disambiguate.” | string | MultipleMatchingAccountsInCacheMessage | “SharedTokenCacheCredential authentication unavailable. Multiple accounts matching the specified{0}{1} were found in the cache.” | string | NoAccountsInCacheMessage | “SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.” | string | NoMatchingAccountsInCacheMessage | “SharedTokenCacheCredential authentication unavailable. No account matching the specified{0}{1} was found in the cache.” | string | ▶ s_DefaultCacheOptions | {Azure.Identity.SharedTokenCacheCredentialOptions} | Azure.Identity.ITokenCacheOptions {Azure.Identity.SharedTokenCacheCredentialOptions} | ◢ Non-Public members | | | ▶ _account | ThreadSafetyMode=ExecutionAndPublication, IsValueCreated=false, IsValueFaulted=false, Value=null | System.Lazy<System.Threading.Tasks.Task<Microsoft.Identity.Client.IAccount>> | ▶ _client | {Azure.Identity.MsalPublicClient} | Azure.Identity.MsalPublicClient | ▶ _pipeline | {Azure.Identity.CredentialPipeline} | Azure.Identity.CredentialPipeline | ▶ _record | null | Azure.Identity.AuthenticationRecord | _tenantId | null | string | _username | null | string | ◢ [3] | {Azure.Identity.VisualStudioCredential} | Azure.Core.TokenCredential {Azure.Identity.VisualStudioCredential} | ◢ Static members | | | ◢ Non-Public members | | | ResourceArgumentName | “–resource” | string | TenantArgumentName | “–tenant” | string | TokenProviderFilePath | “.IdentityService\AzureServiceAuth\tokenprovider.json” | string | ◢ Non-Public members | | | ▶ _fileSystem | {Azure.Identity.FileSystemService} | Azure.Identity.IFileSystemService {Azure.Identity.FileSystemService} | ▶ _pipeline | {Azure.Identity.CredentialPipeline} | Azure.Identity.CredentialPipeline | ▶ _processService | {Azure.Identity.ProcessService} | Azure.Identity.IProcessService {Azure.Identity.ProcessService} | _tenantId | null | string | ◢ [4] | {Azure.Identity.VisualStudioCodeCredential} | Azure.Core.TokenCredential {Azure.Identity.VisualStudioCodeCredential} | ◢ Static members | | | ◢ Non-Public members | | | ClientId | “aebc6443-996d-45c2-90f0-388ff96faa56” | string | CredentialsSection | “VS Code Azure” | string | ◢ Non-Public members | | | ▶ _client | {Azure.Identity.MsalPublicClient} | Azure.Identity.MsalPublicClient | ▶ _fileSystem | {Azure.Identity.FileSystemService} | Azure.Identity.IFileSystemService {Azure.Identity.FileSystemService} | ▶ _pipeline | {Azure.Identity.CredentialPipeline} | Azure.Identity.CredentialPipeline | _tenantId | “common” | string | ▶ _vscAdapter | {Azure.Identity.WindowsVisualStudioCodeAdapter} | Azure.Identity.IVisualStudioCodeAdapter {Azure.Identity.WindowsVisualStudioCodeAdapter} | ◢ [5] | {Azure.Identity.AzureCliCredential} | Azure.Core.TokenCredential {Azure.Identity.AzureCliCredential} | ◢ Static members | | | ◢ Non-Public members | | | ▶ AzNotFoundPattern | {az:(.*)not found} | System.Text.RegularExpressions.Regex | AzNotLogIn | “Please run ‘az login’ to set up account” | string | AzureCLINotInstalled | “Azure CLI not installed” | string | AzureCliFailedError | “Azure CLI authentication failed due to an unknown error.” | string | AzureCliTimeoutError | “Azure CLI authentication timed out.” | string | CliProcessTimeoutMs | 10000 | int | DefaultPath | “C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin;C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin” | string | DefaultPathNonWindows | “/usr/bin:/usr/local/bin” | string | DefaultPathWindows | “C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin;C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin” | string | DefaultWorkingDir | “C:\WINDOWS\system32” | string | DefaultWorkingDirNonWindows | “/bin/” | string | DefaultWorkingDirWindows | “C:\WINDOWS\system32” | string | WinAzureCLIError | “‘az’ is not recognized” | string | ◢ Non-Public members | | | _path | “c:\program files (x86)\microsoft visual studio\2019\enterprise\common7\ide\commonextensions\microsoft\teamfoundation\team explorer\NativeBinaries\x86;C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin;C:\Python27\;C:\Python27\Scripts;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;C:\ProgramData\chocolatey\bin;C:\Program Files\nodejs\;C:\Program Files\Java\jdk1.8.0_211\bin;C:\Program Files (x86)\Yarn\bin\;C:\Users\TomAndrews\AppData\Local\Android\Sdk\platform-tools;C:\Program Files\Git\cmd;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Users\TomAndrews\AppData\Local\Microsoft\WindowsApps;C:\Users\TomAndrews\AppData\Local\Programs\Microsoft VS Code Insiders\bin;C:\Users\TomAndrews\AppData\Roaming\npm;C:\tools\Cmder;C:\Users\TomAndrews\AppData\Local\Yarn\bin;C:\Users\TomAndrews\AppData\Local\Programs\Microsoft Code OSS\bin;C:\tools;C:\Users\TomAndrews\.dotnet\tools;C:\Users\TomAndrews\.dotnet\tools;C:\Users\TomAndrews\AppData\Local\Microsoft\WindowsApps” | string | ▶ _pipeline | {Azure.Identity.CredentialPipeline} | Azure.Identity.CredentialPipeline | ▶ _processService | {Azure.Identity.ProcessService} | Azure.Identity.IProcessService {Azure.Identity.ProcessService} | [6] | null | Azure.Core.TokenCredential
To Reproduce Steps to reproduce the behavior (include a code snippet, screenshot, or any additional information that might help us reproduce the issue)
- I am just running this and inspecting the value of cred
var cred = new DefaultAzureCredential();
Environment:
- Name and version of the Library package used:
#region Assembly Azure.Identity, Version=1.2.2.0, Culture=neutral, PublicKeyToken=92742159e12e44c8
// C:\projects\revoke\rvokeapi\packages\Azure.Identity.1.2.2\lib\netstandard2.0\Azure.Identity.dll
#endregion
using Azure.Core;
using System.Runtime.CompilerServices;
using System.Threading;
using System.Threading.Tasks;
namespace Azure.Identity
{
//
// Summary:
// Provides a default Azure.Core.TokenCredential authentication flow for applications
// that will be deployed to Azure. The following credential types if enabled will
// be tried, in order:
// • Azure.Identity.EnvironmentCredential
// • Azure.Identity.ManagedIdentityCredential
// • Azure.Identity.SharedTokenCacheCredential
// • Azure.Identity.VisualStudioCredential
// • Azure.Identity.VisualStudioCodeCredential
// • Azure.Identity.AzureCliCredential
// • Azure.Identity.InteractiveBrowserCredential
// Consult the documentation of these credential types for more information on how
// they attempt authentication.
//
// Remarks:
// Note that credentials requiring user interaction, such as the Azure.Identity.InteractiveBrowserCredential,
// are not included by default. Callers must explicitly enable this when constructing
// the Azure.Identity.DefaultAzureCredential either by setting the includeInteractiveCredentials
// parameter to true, or the setting the Azure.Identity.DefaultAzureCredentialOptions.ExcludeInteractiveBrowserCredential
// property to false when passing Azure.Identity.DefaultAzureCredentialOptions.
public class DefaultAzureCredential : TokenCredential
{
//
// Summary:
// Creates an instance of the DefaultAzureCredential class.
//
// Parameters:
// includeInteractiveCredentials:
// Specifies whether credentials requiring user interaction will be included in
// the default authentication flow.
public DefaultAzureCredential(bool includeInteractiveCredentials = false);
//
// Summary:
// Creates an instance of the Azure.Identity.DefaultAzureCredential class.
//
// Parameters:
// options:
// Options that configure the management of the requests sent to Azure Active Directory
// services, and determine which credentials are included in the Azure.Identity.DefaultAzureCredential
// authentication flow.
public DefaultAzureCredential(DefaultAzureCredentialOptions options);
//
// Summary:
// Sequentially calls Azure.Core.TokenCredential.GetToken(Azure.Core.TokenRequestContext,System.Threading.CancellationToken)
// on all the included credentials in the order Azure.Identity.EnvironmentCredential,
// Azure.Identity.ManagedIdentityCredential, Azure.Identity.SharedTokenCacheCredential,
// and Azure.Identity.InteractiveBrowserCredential returning the first successfully
// obtained Azure.Core.AccessToken. This method is called by Azure SDK clients.
// It isn't intended for use in application code.
//
// Parameters:
// requestContext:
// The details of the authentication request.
//
// cancellationToken:
// A System.Threading.CancellationToken controlling the request lifetime.
//
// Returns:
// The first Azure.Core.AccessToken returned by the specified sources. Any credential
// which raises a Azure.Identity.CredentialUnavailableException will be skipped.
//
// Remarks:
// Note that credentials requiring user interaction, such as the Azure.Identity.InteractiveBrowserCredential,
// are not included by default.
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = default);
//
// Summary:
// Sequentially calls Azure.Core.TokenCredential.GetToken(Azure.Core.TokenRequestContext,System.Threading.CancellationToken)
// on all the included credentials in the order Azure.Identity.EnvironmentCredential,
// Azure.Identity.ManagedIdentityCredential, Azure.Identity.SharedTokenCacheCredential,
// and Azure.Identity.InteractiveBrowserCredential returning the first successfully
// obtained Azure.Core.AccessToken. This method is called by Azure SDK clients.
// It isn't intended for use in application code.
//
// Parameters:
// requestContext:
// The details of the authentication request.
//
// cancellationToken:
// A System.Threading.CancellationToken controlling the request lifetime.
//
// Returns:
// The first Azure.Core.AccessToken returned by the specified sources. Any credential
// which raises a Azure.Identity.CredentialUnavailableException will be skipped.
//
// Remarks:
// Note that credentials requiring user interaction, such as the Azure.Identity.InteractiveBrowserCredential,
// are not included by default.
[AsyncStateMachine(typeof(<GetTokenAsync>d__11))]
public override ValueTask<AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default);
}
}
- Hosting platform or OS and .NET runtime version (
dotnet --infooutput for .NET Core projects): Windows 10, .Net Framework 4.7.2 - IDE and version : Visual Studio Enterprise 2019 version 16.8.5
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 16 (5 by maintainers)
@lisandro444 can’t say for sure what got this working for me, but make sure you set the below environment variables. I have these being set in an #if DEBUG block
Thank you for your feedback. Tagging and routing to the team member best able to assist.