Skip to content
This repository has been archived by the owner on May 7, 2024. It is now read-only.

DefaultAzureCredential failed to retrieve a token from the included credentials #10

Open
gagwithgaffer opened this issue Apr 4, 2023 · 0 comments
Open

DefaultAzureCredential failed to retrieve a token from the included credentials #10

gagwithgaffer opened this issue Apr 4, 2023 · 0 comments

Comments

@gagwithgaffer
Copy link

Im having issues acquiring an access token for use with this Azure Maps library.

Environment: .NET Core 7.0 using DefaultAzureCredential.
Testing in local development using an account that is logged in to Microsoft through Visual Studio.
I am successfully using the same account with DefaultAzureCredential for connecting to all other services in my app, such as Azure KeyVault, Blob Storage, Azure SignalR etc. So I dont beleive there is an issue with the user account being used in attemtping to acquire this token.

In my Azure Maps Account, I have double checked that my user account has the required role assignment "Reader" in the Access Control (IAM) menu blade.

I have tried re-logging in to Microsoft via Visual Studio but made no difference.

Sample code from my Controller:

private static readonly DefaultAzureCredential tokenProvider = new(new DefaultAzureCredentialOptions()
{
	Diagnostics =
	{
		LoggedHeaderNames = { "x-ms-request-id" },
		LoggedQueryParameters = { "api-version" },
		IsLoggingContentEnabled = true
	},
	TenantId = "d66310f1d-6de38-4f76-a23f-875dae78643e",
	//ExcludeAzureCliCredential = true,
	//ExcludeAzurePowerShellCredential = true,
	//ExcludeInteractiveBrowserCredential = true,
	//ExcludeManagedIdentityCredential = true,
	//ExcludeEnvironmentCredential = true,
	//ExcludeSharedTokenCacheCredential = true,
	//ExcludeVisualStudioCodeCredential = true,
});

private AccessToken AccessToken { get; set; }  

[HttpGet]
[Authorize(Policy = AuthorizationPolicies.AssignmentToViewMapsRoleRequired)]
public async Task<IActionResult> GetAzureMapsToken()
{
	using AzureEventSourceListener listener = AzureEventSourceListener.CreateConsoleLogger();

	try
	{
		// tokenProvider will cache the token in memory, if you would like to reduce the dependency on Azure AD we recommend
		// implementing a distributed cache combined with using the other methods available on tokenProvider.
		AccessToken = await tokenProvider.GetTokenAsync(new TokenRequestContext(new string[] { "https://atlas.microsoft.com/.default" }));
		
	}
	catch (Exception ex) 
	{
		var ex1 = ex;
	}

	return Ok(AccessToken.Token);
}

I get the following logs output, but I cant see any details that gives me any means to properly troubleshoot the issue:

[Informational] Azure-Identity: DefaultAzureCredential.GetToken invoked. Scopes: [ https://atlas.microsoft.com/.default ] ParentRequestId:
[Informational] Azure-Identity: EnvironmentCredential.GetToken invoked. Scopes: [ https://atlas.microsoft.com/.default ] ParentRequestId:
[Informational] Azure-Identity: EnvironmentCredential.GetToken was unable to retrieve an access token. Scopes: [ https://atlas.microsoft.com/.default ] ParentRequestId: Exception: Azure.Identity.CredentialUnavailableException (0x80131500): EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
[Informational] Azure-Identity: ManagedIdentityCredential.GetToken invoked. Scopes: [ https://atlas.microsoft.com/.default ] ParentRequestId:
[Informational] Azure-Identity: False MSAL 4.51.0.0 MSAL.NetCore .NET 7.0.4 Microsoft Windows 10.0.19045 [2023-04-04 21:50:55Z - 11466bb9-b852-41b6-ac6d-964050a73fdc] MSAL MSAL.NetCore with assembly version '4.51.0.0'. CorrelationId(11466bb9-b852-41b6-ac6d-964050a73fdc)
[Informational] Azure-Identity: False MSAL 4.51.0.0 MSAL.NetCore .NET 7.0.4 Microsoft Windows 10.0.19045 [2023-04-04 21:50:55Z - 11466bb9-b852-41b6-ac6d-964050a73fdc] === AcquireTokenForClientParameters ===
SendX5C: False
ForceRefresh: False

[Informational] Azure-Identity: False MSAL 4.51.0.0 MSAL.NetCore .NET 7.0.4 Microsoft Windows 10.0.19045 [2023-04-04 21:50:55Z - 11466bb9-b852-41b6-ac6d-964050a73fdc]
=== Request Data ===
Authority Provided? - True
Scopes - https://atlas.microsoft.com/.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenForClient
IsConfidentialClient - True
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 11466bb9-b852-41b6-ac6d-964050a73fdc
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:

[Informational] Azure-Identity: False MSAL 4.51.0.0 MSAL.NetCore .NET 7.0.4 Microsoft Windows 10.0.19045 [2023-04-04 21:50:55Z - 11466bb9-b852-41b6-ac6d-964050a73fdc] === Token Acquisition (ClientCredentialRequest) started:
Scopes: https://atlas.microsoft.com/.default
Authority Host: login.microsoftonline.com
[Informational] Azure-Identity: False MSAL 4.51.0.0 MSAL.NetCore .NET 7.0.4 Microsoft Windows 10.0.19045 [2023-04-04 21:50:55Z - 11466bb9-b852-41b6-ac6d-964050a73fdc] [Region discovery] Not using a regional authority.
[Informational] Azure-Identity: False MSAL 4.51.0.0 MSAL.NetCore .NET 7.0.4 Microsoft Windows 10.0.19045 [2023-04-04 21:50:55Z - 11466bb9-b852-41b6-ac6d-964050a73fdc] [Instance Discovery] Skipping Instance discovery because it is disabled.
[Informational] Azure-Core: Request [a9ced34e-0ee6-4582-a392-508a0c5c751f] GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=REDACTED
Metadata:REDACTED
x-ms-client-request-id:a9ced34e-0ee6-4582-a392-508a0c5c751f
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.8.2 (.NET 7.0.4; Microsoft Windows 10.0.19045)
client assembly: Azure.Identity
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gagwithgaffer