github-actions[bot]
commented
2 weeks ago @KarishmaGhiya @maorleger
Open dtivel opened 2 weeks ago
github-actions[bot]
commented
2 weeks ago @KarishmaGhiya @maorleger
github-actions[bot]
commented
2 weeks ago Thank you for your feedback. Tagging and routing to the team member best able to assist.
maorleger
commented
2 weeks ago Hey @dtivel - thanks for reaching out about this. You're quite right that only dotnet and python SDKs support the excludeXXXCredential options in DefaultAzureCredential.
Good callout on the documentation discrepancy - I will merge an update to the documentation that will clarify this and remove the excludeXXXCredential content.
Unfortunately at this time we do not have plans to implement those options. DefaultAzureCredential is meant to be an opinionated type of ChainedTokenCredential that should work in most cases for most customers without significant customization.
Our recommendation has been to use your own ChainedTokenCredential if DefaultAzureCredential does not fit your scenario - it allows much more control and you can add whatever credentials you'd like to see in the chain. An example of using a ChainedTokenCredential can be found here. In fact we (the Azure SDK for JS team) did exactly that when DefaultAzureCredential no longer fit our usecase, you can see an example of that here.
Hope that helps, I know it's not the best answer but I tried to offer whatever other options I can
dtivel
commented
2 weeks ago Thanks, @maorleger.
dtivel
commented
2 weeks ago @maorleger, I came at this with first-hand experiences with Azure SDK for .NET. I had a baseline expectation that there was parity across SDK's for ExcludeXXXCredential support. It may be helpful to others to explicitly say in documentation that the Azure SDK for JS does not support those options.
maorleger
commented
2 weeks ago Hey @dtivel - that is a good suggestion and I agree that the discrepancy can be confusing. I'll work on updating the documentation here.
Just curious - where would you like to see this information displayed? I have https://github.com/Azure/azure-sdk-for-js/pull/30120 which removes the confusing bits in the troubleshooting guide at a minimum.
But that does not call out in a prominent way that ExcludeXXXCredential is not supported - where would you like to see that information?
I think the 3rd option makes sense as this is where you ended up but let me know what you think
dtivel
commented
2 weeks ago @maorleger, I agree with you. It could be anywhere (as long as its searchable), but the 3rd option makes sense to me. To me, it looks like the JS troubleshooting page was based on the .NET one, so having the difference called out there makes sense.
I had a baseline expectation that all Azure SDK's (for .NET, Python, and JS) would have support option parity, but I understand that's not necessarily true. Calling out when there isn't parity is helpful. Thanks much.
Describe the bug It seems that
ExcludeXXXCredentialsupport does not exist in Azure SDK for JS. Although troubleshooting documentation suggests that these options exist.However, the options are not documented, and I can find no evidence (example) in this repo that the options are honored.
A user tried unsuccessfully to set the options in https://github.com/Azure/azure-sdk-for-js/issues/27608#issuecomment-2134674025.
The SDK for .NET clearly has
ExcludeXXXCredentialsupport clearly documented here. I also quickly found the support implemented here.To Reproduce Steps to reproduce the behavior:
AZURE_LOG_LEVELenvironment variable toinfo.az loginLogging will show each authentication strategy being tried.
Expected behavior Logging will show only Azure CLI authentication.
Screenshots If applicable, add screenshots to help explain your problem.
Additional context Add any other context about the problem here.