Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DefaultAzureCredential does not use az cli login #8934

flytzen opened this issue Nov 27, 2019 · 1 comment

DefaultAzureCredential does not use az cli login #8934

flytzen opened this issue Nov 27, 2019 · 1 comment


Copy link

@flytzen flytzen commented Nov 27, 2019

In the old APIs we had AzureServiceTokenProvider to log in with Managed Identity. If you were running locally and had logged in with the az cli, AzureServiceTokenProvider would simply use your az session.
This code worked locally, as long as you were logged in with az cli in the old APIs:

var tokenProvider = new AzureServiceTokenProvider();
keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(tokenProvider.KeyVaultTokenCallback));
var secretValue = keyVaultClient.GetSecretAsync(keyVaultUrl, supersecretname).Result;

However, this does not work with the new APIs. For example, this code:

var client = new SecretClient(vaultUri: new Uri(keyVaultUrl), credential: new DefaultAzureCredential());
var secretValue = client.GetSecret(supersecretname);

throws this exception:

Exception has occurred: CLR/Azure.Identity.AuthenticationFailedException
An unhandled exception of type 'Azure.Identity.AuthenticationFailedException' occurred in Azure.Security.KeyVault.Secrets.dll: 'The DefaultAzureCredential failed to retrieve a token from the included credentials.
  EnvironmentCredential is unavailable Environment variables not fully configured. AZURE_TENANT_ID and AZURE_CLIENT_ID must be set, along with either AZURE_CLIENT_SECRET or AZURE_USERNAME and AZURE_PASSWORD. Currently set variables [  ].
  ManagedIdentityCredential is unavailable No managed identity endpoint found..
  SharedTokenCacheCredential is unavailable Token acquisition failed for user . To fix, re-authenticate through developer tooling supporting Azure single sign on..

This comment has been minimized.

Copy link

@jongio jongio commented Dec 6, 2019

FYI - We are discussing this internally and should have news in January.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
4 participants
You can’t perform that action at this time.