`DefaultAzureCredential` error when trying to use AZ Key Vault emulator

[chris-parker-bliss]

Describe the bug

Command Name
az account get-access-token

This is when trying to use the Azure Key Vault emulator where I originally raised the issue #324 but it appears the issue is with the DefaultAzureCredential behaviour rather than that package.

As I mentioned on that thread everything works as-expected when talking to an actual Key Vault instance in Azure.

Errors:

The command failed with an unexpected error. Here is the traceback:
Unable to get authority configuration for https://login.microsoftonline.com/secrets. Authority would typically be in a format of https://login.microsoftonline.com/your_tenant Also please double check your tenant name or GUID is correct.
Traceback (most recent call last):
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 100, in __init__
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 169, in tenant_discovery
ValueError: OIDC Discovery endpoint rejects our request. Error: {"error":"invalid_tenant","error_description":"AADSTS90002: Tenant 'secrets' not found. Check to make sure you have the correct tenant ID and are signing into the correct cloud. Check with your subscription administrator, this may happen if there are no active subscriptions for the tenant. Trace ID: aa234603-0692-4569-a1e9-2cfa68280301 Correlation ID: 4dbf0b7c-dac8-4fc5-a59e-a2210f5249bb Timestamp: 2025-08-18 16:30:44Z","error_codes":[90002],"timestamp":"2025-08-18 16:30:44Z","trace_id":"aa234603-0692-4569-a1e9-2cfa68280301","correlation_id":"4dbf0b7c-dac8-4fc5-a59e-a2210f5249bb","error_uri":"https://login.microsoftonline.com/error?code=90002"}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 663, in execute
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 697, in _run_job
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 333, in __call__
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/profile/custom.py", line 66, in get_access_token
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/_profile.py", line 382, in get_raw_token
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/_profile.py", line 592, in _create_credential
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 205, in get_user_credential
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/msal_authentication.py", line 39, in __init__
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 1525, in __init__
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 456, in __init__
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 104, in __init__
ValueError: Unable to get authority configuration for https://login.microsoftonline.com/secrets. Authority would typically be in a format of https://login.microsoftonline.com/your_tenant Also please double check your tenant name or GUID is correct.

Environment Summary

Windows-10-10.0.26100-SP0
Python 3.10.5
Installer: MSI

azure-cli 2.40.0 *

[azure-client-tools-bot-prd]

Hi @chris-parker-bliss,

2.40.0 is not the latest Azure CLI(2.76.0).

If you haven't already attempted to do so, please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.

[yonzhan]

Thank you for opening this issue, we will look into it.

[chris-parker-bliss]

Solid suggestion from the bot - updated to Python 3.12.10 and azure-cli 2.76.0 (and restarted Windows) and still getting what looks to be the exact same error:

Azure.Identity.CredentialUnavailableException: DefaultAzureCredential failed to retrieve a token from the included credentials. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/defaultazurecredential/troubleshoot
- EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
- WorkloadIdentityCredential authentication unavailable. The workload options are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/workloadidentitycredential/troubleshoot
- ManagedIdentityCredential authentication unavailable. No response received from the managed identity endpoint.
- VisualStudioCredential authentication failed: Process "C:\Program Files\Microsoft Visual Studio\2022\Professional\Common7\IDE\CommonExtensions\Microsoft\Asal\TokenService\Microsoft.Asal.TokenService.exe" has failed with unexpected error: TS003: Error, TS009: tenant parameter must be a GUID.
- The VisualStudioCodeCredential requires the Azure.Identity.Broker package to be referenced. VS Code Azure See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/vscodecredential/troubleshoot
- AzureCliCredential authentication failed: Azure CLI authentication failed due to an unknown error. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/azclicredential/troubleshoot ERROR: The command failed with an unexpected error. Here is the traceback:
ERROR: Unable to get authority configuration for https://login.microsoftonline.com/secrets. Authority would typically be in a format of https://login.microsoftonline.com/your_tenant or https://tenant_name.ciamlogin.com or https://tenant_name.b2clogin.com/tenant.onmicrosoft.com/policy.  Also please double check your tenant name or GUID is correct.
Traceback (most recent call last):
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 79, in __init__
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 216, in tenant_discovery
ValueError: OIDC Discovery failed on https://login.microsoftonline.com/secrets/v2.0/.well-known/openid-configuration. HTTP status: 400, Error: {"error":"invalid_tenant","error_description":"AADSTS90002: Tenant 'secrets' not found. Check to make sure you have the correct tenant ID and are signing into the correct cloud. Check with your subscription administrator, this may happen if there are no active subscriptions for the tenant. Trace ID: 3613979e-8600-4855-a2fa-5641670b4900 Correlation ID: 4b6e82da-1337-4f79-ba3e-f7639ebe3a2a Timestamp: 2025-08-18 16:51:57Z","error_codes":[90002],"timestamp":"2025-08-18 16:51:57Z","trace_id":"3613979e-8600-4855-a2fa-5641670b4900","correlation_id":"4b6e82da-1337-4f79-ba3e-f7639ebe3a2a","error_uri":"https://login.microsoftonline.com/error?code=90002"}