Handle Managed Identity json parse errors as CredentialUnAvailableExc…

…eption (Azure#32272) * handle json parse errors as CredentialNotAvailable
schaabs · Nov 8, 2022 · 3a25965 · 3a25965
1 parent 53fdeda
commit 3a25965
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/sdk/identity/Azure.Identity/CHANGELOG.md b/sdk/identity/Azure.Identity/CHANGELOG.md
@@ -8,6 +8,7 @@
 
 ### Bugs Fixed
 - Fixed error message parsing in `AzureCliCredential` which would misinterpret AAD errors with the need to login with `az login`.
+- `ManagedIdentityCredential` will no longer fail when a response received from the endpoint is invalid JSON. It now treats this scenario as if the credential is unavailable.
 
 ### Other Changes
 

diff --git a/sdk/identity/Azure.Identity/src/ManagedIdentitySource.cs b/sdk/identity/Azure.Identity/src/ManagedIdentitySource.cs
@@ -61,6 +61,10 @@ protected virtual async ValueTask<AccessToken> HandleResponseAsync(
 
                 message = GetMessageFromResponse(json.RootElement);
             }
+            catch (JsonException jex)
+            {
+                throw new CredentialUnavailableException(UnexpectedResponse, jex);
+            }
             catch (Exception e)
             {
                 exception = e;

diff --git a/sdk/identity/Azure.Identity/tests/ManagedIdentityCredentialTests.cs b/sdk/identity/Azure.Identity/tests/ManagedIdentityCredentialTests.cs
@@ -15,6 +15,7 @@
 using Azure.Identity.Tests.Mock;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Diagnostics.Runtime.Interop;
+using Newtonsoft.Json;
 using NUnit.Framework;
 
 namespace Azure.Identity.Tests
@@ -691,7 +692,7 @@ public async Task VerifyClientAuthenticateThrows()
         }
 
         [Test]
-        public async Task VerifyClientAuthenticateReturnsInvalidJson([Values(200, 404)] int status)
+        public async Task VerifyClientAuthenticateReturnsInvalidJson([Values(200, 404, 403)] int status)
         {
             using var environment = new TestEnvVar(
                 new()
@@ -709,8 +710,8 @@ public async Task VerifyClientAuthenticateReturnsInvalidJson([Values(200, 404)]
 
             ManagedIdentityCredential credential = InstrumentClient(new ManagedIdentityCredential("mock-client-id", pipeline));
 
-            var ex = Assert.ThrowsAsync<AuthenticationFailedException>(async () => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
-            Assert.IsInstanceOf(typeof(RequestFailedException), ex.InnerException);
+            var ex = Assert.ThrowsAsync<CredentialUnavailableException>(async () => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
+            Assert.IsInstanceOf(typeof(System.Text.Json.JsonException), ex.InnerException);
             Assert.That(ex.Message, Does.Contain(ManagedIdentitySource.UnexpectedResponse));
             await Task.CompletedTask;
         }