-
Notifications
You must be signed in to change notification settings - Fork 3
DefaultAzureCredentials
This tool leverages DefaultAzureCredentials to acquire an access token from Entra ID. It displays detailed internal logs and information about the access token's acquisition, providing valuable insights.
The tool was created to help users better understand how DefaultAzureCredentials operates and to assist in troubleshooting when the process fails to acquire an access token.
Gaining insights into how DefaultAzureCredentials works is challenging by default. To address this, we created a custom version called MyDefaultAzureCredentials, which includes additional mechanisms to extract crucial information about its internal workings.
This tool may expose sensitive information such as authentication tokens, client secrets, or other internal credential data in the log output.
Be cautious when using this tool in production environments or when sharing log files, as they may contain security-critical details. Logs must be properly secured and sanitized before being shared or stored in insecure locations. Ensure that logs are only accessible to trusted personnel and are not retained longer than necessary.
The tool supports testing various Azure credential types:
| Credential | Description |
|---|---|
| DefaultAzureCredential | Tries multiple authentication methods in sequence |
| ManagedIdentityCredential | System or user-assigned managed identity |
| AzureCliCredential | Uses az login authentication |
| AzureDeveloperCliCredential | Uses azd auth login authentication |
| AzurePowerShellCredential | Uses Connect-AzAccount authentication |
| VisualStudioCredential | Uses Visual Studio IDE authentication |
| VisualStudioCodeCredential | Uses VS Code Azure Account extension |
| EnvironmentCredential | Uses environment variables (AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET) |
| WorkloadIdentityCredential | For Kubernetes workload identity |
| AzurePipelinesCredential | For Azure DevOps Pipelines with workload identity federation |
| BrokerCredential | Uses system authentication broker (WAM on Windows) for desktop apps |