Azure-sdk-for-js: @azure/identity doesn't get MSI token for Azure CLI
I'm trying to use the new library for Authentication, and my problem is that i can't use DefaultAzureCredential to get MSI token from Azure CLI which i used to have before when using @azure/ms-rest-nodeauth .
- Package Name:
"dependencies": {
"@azure/identity": "^1.0.2",
"@azure/keyvault-secrets": "^4.0.2",
"typescript": "^3.7.3"
}
- Package Version:
- Operating system:
MacOs - [X] nodejs
- version:
- [ ] browser
- name/version:
- [X] typescript
- version:
- Is the bug related to documentation in
- [ ] README.md
- [ ] source code documentation
- [ ] SDK API docs on https://docs.microsoft.com
Describe the bug
I used to have @azure/ms-rest-nodeauth to get MSI token, i replaced it with @azure/identity and expected the same behavior but it didn't match.
My code used to look like this
const msiCredentials = await msRestNodeAuth.loginWithAppServiceMSI({ resource: resource });
const cliCredentials = await msRestNodeAuth.AzureCliCredentials.create({ resource: resource });
With the new way of using @azure/identity it just turned to be
const azCredentialManager = new DefaultAzureCredential();
const msiCredentials = await azCredentialManager.getToken((resource));
It didn't work and it didn't do a fallback to Azure CLI as i expected.
And i got this message
AggregateAuthenticationError: Authentication failed to complete due to the following errors:
AuthenticationError: An error was returned while authenticating to Azure Active Directory (status code 400).
More details:
{
"error": "missing_environment_variables",
"errorDescription": "EnvironmentCredential cannot return a token because one or more of the following environment variables is missing:\n\nAZURE_TENANT_ID\nAZURE_CLIENT_ID\nAZURE_CLIENT_SECRET\nAZURE_CLIENT_CERTIFICATE_PATH\nAZURE_USERNAME\nAZURE_PASSWORD\n\nTo authenticate with a service principal AZURE_TENANT_ID, AZURE_CLIENT_ID, and either AZURE_CLIENT_SECRET or AZURE_CLIENT_CERTIFICATE_PATH must be set. To authenticate with a user account AZURE_TENANT_ID, AZURE_USERNAME, and AZURE_PASSWORD must be set.\n"
}.
To Reproduce
Steps to reproduce the behavior:
- Use DefaultAzureCredential without providing credentials.
Expected behavior
A clear and concise description of what you expected to happen.
To be compatible with Azure CLI.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
ahmedspiir
All 8 comments
@ahmedspiir - Thank you for the report. We're investigating this and will reply here with more information.
jonathandturner
on 29 Dec 2019
We're currently working on a solution to this which will allow you to reach the Azure CLI: https://github.com/Azure/azure-sdk-for-js/pull/6521
jonathandturner
on 3 Jan 2020
Thanks for the update @jonathandturner , any ETA for when it will be out?
ahmedspiir
on 3 Jan 2020
@jonathandturner Any update?
ahmedspiir
on 11 Feb 2020
Would be great to get an update on that issue
tmschbgr
on 6 Mar 2020
We just released a preview that enables az cli credentials via DefaultAzureCredential: https://www.npmjs.com/package/@azure/identity/v/1.1.0-preview1
Please try it out and provide feedback.
Thanks,
Jon
jongio
on 11 Mar 2020
Just tried https://www.npmjs.com/package/@azure/identity/v/1.1.0-preview1 and it works.
henriktuszynski
on 12 Mar 2020
Going ahead and closing as the preview should provide the Azure CLI credentials. If this new feature needs further improvement, please let us know by filing any issues you have with it.
jonathandturner
on 2 Apr 2020
Related issues
nguerrera
路
3Comments
kaerm
路
4Comments
pjblakey
路
3Comments
AElharouny
路
4Comments
isaacjoe
路
4Comments
Most helpful comment
We just released a preview that enables az cli credentials via DefaultAzureCredential: https://www.npmjs.com/package/@azure/identity/v/1.1.0-preview1
Please try it out and provide feedback.
Thanks,
Jon