Open dtivel opened 2 weeks ago
@KarishmaGhiya @maorleger
Thank you for your feedback. Tagging and routing to the team member best able to assist.
Hey @dtivel - thanks for reaching out about this. You're quite right that only dotnet and python SDKs support the excludeXXXCredential options in DefaultAzureCredential.
Good callout on the documentation discrepancy - I will merge an update to the documentation that will clarify this and remove the excludeXXXCredential content.
Unfortunately at this time we do not have plans to implement those options. DefaultAzureCredential is meant to be an opinionated type of ChainedTokenCredential that should work in most cases for most customers without significant customization.
Our recommendation has been to use your own ChainedTokenCredential
if DefaultAzureCredential
does not fit your scenario - it allows much more control and you can add whatever credentials you'd like to see in the chain. An example of using a ChainedTokenCredential
can be found here. In fact we (the Azure SDK for JS team) did exactly that when DefaultAzureCredential no longer fit our usecase, you can see an example of that here.
Hope that helps, I know it's not the best answer but I tried to offer whatever other options I can
Thanks, @maorleger.
@maorleger, I came at this with first-hand experiences with Azure SDK for .NET. I had a baseline expectation that there was parity across SDK's for ExcludeXXXCredential
support. It may be helpful to others to explicitly say in documentation that the Azure SDK for JS does not support those options.
Hey @dtivel - that is a good suggestion and I agree that the discrepancy can be confusing. I'll work on updating the documentation here.
Just curious - where would you like to see this information displayed? I have https://github.com/Azure/azure-sdk-for-js/pull/30120 which removes the confusing bits in the troubleshooting guide at a minimum.
But that does not call out in a prominent way that ExcludeXXXCredential is not supported - where would you like to see that information?
I think the 3rd option makes sense as this is where you ended up but let me know what you think
@maorleger, I agree with you. It could be anywhere (as long as its searchable), but the 3rd option makes sense to me. To me, it looks like the JS troubleshooting page was based on the .NET one, so having the difference called out there makes sense.
I had a baseline expectation that all Azure SDK's (for .NET, Python, and JS) would have support option parity, but I understand that's not necessarily true. Calling out when there isn't parity is helpful. Thanks much.
Describe the bug It seems that
ExcludeXXXCredential
support does not exist in Azure SDK for JS. Although troubleshooting documentation suggests that these options exist.However, the options are not documented, and I can find no evidence (example) in this repo that the options are honored.
A user tried unsuccessfully to set the options in https://github.com/Azure/azure-sdk-for-js/issues/27608#issuecomment-2134674025.
The SDK for .NET clearly has
ExcludeXXXCredential
support clearly documented here. I also quickly found the support implemented here.To Reproduce Steps to reproduce the behavior:
AZURE_LOG_LEVEL
environment variable toinfo
.az login
Logging will show each authentication strategy being tried.
Expected behavior Logging will show only Azure CLI authentication.
Screenshots If applicable, add screenshots to help explain your problem.
Additional context Add any other context about the problem here.