Improve Authentication Integration and Experience in MCP Server.#56
Merged
g2vinay merged 10 commits intomicrosoft:mainfrom Sep 18, 2025
Merged
Conversation
Member
|
Labeling as Do Not Merge to make it obvious this doesn't require a code review yet. |
g2vinay
changed the title
g2vinay
requested review from
JonathanCrd,
KarishmaGhiya,
alzimmermsft,
Copilot,
hallipr,
jairmyree,
jongio and
wbreza
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR improves Azure authentication by replacing the rigid DefaultAzureCredential with a flexible credential targeting system via the new AZURE_TOKEN_CREDENTIALS environment variable, while maintaining smart VS Code integration and adding robust error handling.
- Introduces
AZURE_TOKEN_CREDENTIALSenvironment variable for targeted credential selection with options for development ("dev"), production ("prod"), or specific credential types - Replaces
DefaultAzureCredentialwith explicit credential chain construction for better control and transparency - Adds
SafeTokenCredentialwrapper to ensure proper exception handling and credential chaining behavior
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| servers/Azure.Mcp.Server/TROUBLESHOOTING.md | Documents the new AZURE_TOKEN_CREDENTIALS environment variable usage and available credential options |
| servers/Azure.Mcp.Server/CHANGELOG.md | Records the authentication enhancement features and removal of deprecated environment variable |
| core/Azure.Mcp.Core/src/Services/Azure/Authentication/CustomChainedCredential.cs | Refactors authentication logic to use explicit credential chains with the new environment variable and adds SafeTokenCredential wrapper |
joshfree
added
the
tools-Core
xiangyan99
reviewed
Sep 16, 2025
joshfree
reviewed
Sep 16, 2025
jongio
approved these changes
Sep 17, 2025
joshfree
approved these changes
Sep 18, 2025
colbytimm
pushed a commit
to colbytimm/microsoft-mcp
that referenced
this pull request
Sep 27, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replaces rigid
DefaultAzureCredentialwith flexible credential targeting via the newAZURE_TOKEN_CREDENTIALSenvironment variable.Key Changes
New Environment Variable:
AZURE_TOKEN_CREDENTIALS"dev"- Development credentials (VS → VSCode → CLI → PowerShell → AzD)"prod"- Production credentials (Environment → WorkloadIdentity → ManagedIdentity)"AzureCliCredential"- Target specific credentialSmart VS Code Integration (Retains this logic with the refactor).
VSCODE_PID)AZURE_TOKEN_CREDENTIALSover auto-detectionRobust Error Handling
SafeTokenCredentialCredentialUnavailableExceptionfor proper chaining as DAC is no longer used.Breaking Changes
AZURE_MCP_INCLUDE_PRODUCTION_CREDENTIALSAZURE_TOKEN_CREDENTIALS="prod"instead