Search code examples
azureazure-active-directoryazure-storage

@azure/identity node.js cannot authenticate

I have been following every single example I can find on the internet to enable me to authenticate with azure via js / node using an application identity as per the following example:

        const account = process.env.ACCOUNT_NAME || '';

        // Azure AD Credential information is required to run this sample:
        if (
          !process.env.AZURE_TENANT_ID ||
          !process.env.AZURE_CLIENT_ID ||
          !process.env.AZURE_CLIENT_SECRET
        ) {
          console.warn(
            'Azure AD authentication information not provided, but it is required to run this sample. Exiting.'
          );
          return {
            success: false,
            message:
              'Azure AD authentication information not provided, but it is required to run this sample. Exiting.',
          };
        }
        const defaultAzureCredential = new DefaultAzureCredential();

        console.log('credential', defaultAzureCredential);

I have all of the env vars in my code and I've checked, double checked and triple checked these are accurate.

When trying to run the code i get this error in the console.log:

credential DefaultAzureCredential {
  UnavailableMessage: 'DefaultAzureCredential => failed to retrieve a token from the included credentials',
  _sources: [
    EnvironmentCredential { _credential: [ClientSecretCredential] },
    ManagedIdentityCredential {
      isEndpointUnavailable: null,
      identityClient: [IdentityClient]
    },
    ManagedIdentityCredential {
      isEndpointUnavailable: null,
      clientId: '04e6dd8e-0000-0000-0000-eb9b3eb60e27',
      identityClient: [IdentityClient]
    },
    AzureCliCredential {},
    VisualStudioCodeCredential {
      cloudName: 'AzureCloud',
      identityClient: [IdentityClient],
      tenantId: 'common'
    }
  ]
}

I am now completely stuck. I do not want to use shared access tokens due to a requirement to connect to multiple storage accounts (and even use these credentials to create NEW storage accounts going forward.)

Any advice, debugging or suggestions more than welcome....

Solution

  • The DefaultAzureCredential works in your issue, even though it shows the unavailable message.

    You could console the EnvironmentCredential, and it will contain the Environment Variables.

    enter image description here

    Note: If you're just using Environment Variables, I suggest you use EnvironmentCredential.

    DefaultAzureCredential and EnvironmentCredential can be configured with environment variables.

    Get secret in key vault using DefaultAzureCredential:

    enter image description here