[BUG]Azure.Identity 1.13 Breaks DefaultAzureCredential On DevBox #46679
Description
Library name and version
Azure.Identity 1.13
Describe the bug
My code is using DefaultAzureCredential(true) to authenticate to remote azure resources. After upgrading Azure.Identity to 1.13 a handful of users are noting that they are getting the following error when running inside of Microsoft DevBox:
'ManagedIdentityCredential authentication failed: [Managed Identity] Authentication unavailable. Either the requested identity has not been assigned to this resource, or other errors could be present
There are no assigned identities to these DevBoxes (we are using the devbox.microsoft.com instances not selfhosted). Downgrading to 1.12 seems to have resolved this issue but putting this bug here as it seems like the detection logic around DefaultAzureCredential may be incorrect in 1.13.
I was under the impression that DefaultAzureCredential was a chained credential and that any failures in the chain would only be thrown back to the user if none of the credentials in the chain succeeded. However, the interactive popup never showed up, also some users have the VSCredential and the MI credential error happens seemingly as soon as it fails.
Expected behavior
Using DefaultAzureCredential(true) inside a DevBox VM with no managed identity would attempt other credentials in the chain before throwing an exception back to the user.
Actual behavior
DefaultAzureCredential(true) throws an exception on DevBoxes if there is no MSI attached to the devbox and doesn't attempt any further credential operations.
Reproduction Steps
- Create a DevBox at (https://devbox.microsoft.com/)
- Create a c# project with Azure.Identity 1.13
- Make a call to
new DefaultAzureCredential(true).GetTokenAsync(<some token request context>) - Observe the ManagedIdentity exception
Environment
Microsoft Devbox (https://devbox.microsoft.com/)