Skip to content

Document breaking change: DefaultAzureCredential defaults to ManagedIdentityCredential on ACA and App Service #5303

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 20, 2025
Merged

Document breaking change: DefaultAzureCredential defaults to ManagedIdentityCredential on ACA and App Service #5303

merged 4 commits into from
Oct 20, 2025

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented Oct 17, 2025
edited by github-actions bot
Loading

This PR documents a breaking change in Aspire 13.0 where DefaultAzureCredential behavior changes when deploying to Azure Container Apps and Azure App Service.

Background

With dotnet/aspire#11832, Aspire now automatically sets the AZURE_TOKEN_CREDENTIALS environment variable when deploying to Azure Container Apps and Azure App Service. This forces DefaultAzureCredential to only use ManagedIdentityCredential instead of trying the full chain of credential providers (EnvironmentCredential, WorkloadIdentityCredential, then ManagedIdentityCredential).

Changes Made

This PR adds comprehensive documentation for this breaking change:

  • Created docs/compatibility/13.0/ folder structure - New directory for Aspire 13.0 breaking changes
  • Added breaking change document - defaultazurecredential-managedidentity-default.md with:
    • Clear explanation of previous vs. new behavior
    • Rationale based on Azure SDK best practices for deterministic credentials
    • Two recommended workaround options with code examples:
      1. Explicitly use EnvironmentCredential or WorkloadIdentityCredential instead of DefaultAzureCredential
      2. Remove the AZURE_TOKEN_CREDENTIALS environment variable via PublishAsAzureContainerApp or PublishAsAzureAppService callbacks
    • Proper xref links for affected APIs (AddAzureContainerAppEnvironment, AddAzureAppServiceEnvironment)
  • Created index page - docs/compatibility/13.0/index.md for the 13.0 breaking changes
  • Updated TOC - Added Aspire 13.0 section to docs/compatibility/toc.yml

Documentation Quality

  • ✅ Followed all guidelines from .github/prompts/breaking-change.md
  • ✅ Markdown linting passed
  • ✅ Code review completed with no issues
  • ✅ Includes ai-usage: ai-assisted frontmatter as required
  • ✅ Past tense for previous behavior, present tense for new behavior
  • ✅ Links to Azure SDK best practices and related PRs

Fixes #5154

Original prompt

Please create a draft PR to address @dotnet/docs-aspire/issues/5154 - also please rely on the @dotnet/docs-aspire/files/.github/prompts/breaking-change.md prompt to help guide you through the creation of this PR.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Internal previews

📄 File 🔗 Preview link
docs/compatibility/13.0/defaultazurecredential-managedidentity-default.md DefaultAzureCredential defaults to ManagedIdentityCredential on ACA and App Service
docs/compatibility/13.0/index.md Breaking changes in Aspire 13.0
docs/compatibility/toc.yml docs/compatibility/toc

Copilot AI and others added 2 commits October 17, 2025 14:32
@Copilot @IEvangelist
Add breaking change documentation for DefaultAzureCredential in 13.0
1f994b8 
Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com>
@Copilot @IEvangelist
Fix markdown linting error - add blank line before list
c11a5b7 
Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com>
@Copilot Copilot AI changed the title [WIP] Fix breaking change issue outlined in issue 5154 Document breaking change: DefaultAzureCredential defaults to ManagedIdentityCredential on ACA and App Service Oct 17, 2025
@Copilot Copilot AI requested a review from IEvangelist October 17, 2025 14:36
Copilot finished work on behalf of IEvangelist October 17, 2025 14:36
IEvangelist
IEvangelist approved these changes Oct 17, 2025
View reviewed changes
Copy link
Member

@IEvangelist IEvangelist left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me. Let's have @eerhardt verify it too.

@IEvangelist IEvangelist marked this pull request as ready for review October 17, 2025 15:41
eerhardt
eerhardt approved these changes Oct 17, 2025
View reviewed changes
Copy link
Member

@eerhardt eerhardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@IEvangelist IEvangelist merged commit bea2f8e into release-13 Oct 20, 2025
5 of 6 checks passed
@IEvangelist IEvangelist deleted the copilot/address-breaking-change-issue-5154 branch October 20, 2025 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eerhardt eerhardt eerhardt approved these changes

+1 more reviewer

@IEvangelist IEvangelist IEvangelist approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@IEvangelist IEvangelist

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Copilot @IEvangelist @eerhardt