CODEWITHSUNDEEP
azureazure-active-directoryazure-storage
kalabo
kalabo

Reputation: 564

@azure/identity node.js cannot authenticate

I have been following every single example I can find on the internet to enable me to authenticate with azure via js / node using an application identity as per the following example:

        const account = process.env.ACCOUNT_NAME || '';

        // Azure AD Credential information is required to run this sample:
        if (
          !process.env.AZURE_TENANT_ID ||
          !process.env.AZURE_CLIENT_ID ||
          !process.env.AZURE_CLIENT_SECRET
        ) {
          console.warn(
            'Azure AD authentication information not provided, but it is required to run this sample. Exiting.'
          );
          return {
            success: false,
            message:
              'Azure AD authentication information not provided, but it is required to run this sample. Exiting.',
          };
        }
        const defaultAzureCredential = new DefaultAzureCredential();

        console.log('credential', defaultAzureCredential);

I have all of the env vars in my code and I've checked, double checked and triple checked these are accurate.

When trying to run the code i get this error in the console.log:

credential DefaultAzureCredential {
  UnavailableMessage: 'DefaultAzureCredential => failed to retrieve a token from the included credentials',
  _sources: [
    EnvironmentCredential { _credential: [ClientSecretCredential] },
    ManagedIdentityCredential {
      isEndpointUnavailable: null,
      identityClient: [IdentityClient]
    },
    ManagedIdentityCredential {
      isEndpointUnavailable: null,
      clientId: '04e6dd8e-0000-0000-0000-eb9b3eb60e27',
      identityClient: [IdentityClient]
    },
    AzureCliCredential {},
    VisualStudioCodeCredential {
      cloudName: 'AzureCloud',
      identityClient: [IdentityClient],
      tenantId: 'common'
    }
  ]
}

I am now completely stuck. I do not want to use shared access tokens due to a requirement to connect to multiple storage accounts (and even use these credentials to create NEW storage accounts going forward.)

Any advice, debugging or suggestions more than welcome....

Upvotes: 3

Views: 3617

Answers (1)

unknown
unknown

Reputation: 7483

The DefaultAzureCredential works in your issue, even though it shows the unavailable message.

You could console the EnvironmentCredential, and it will contain the Environment Variables.

enter image description here

Note: If you're just using Environment Variables, I suggest you use EnvironmentCredential.

DefaultAzureCredential and EnvironmentCredential can be configured with environment variables.

Get secret in key vault using DefaultAzureCredential:

enter image description here

Upvotes: 2

Related Questions