skwazza09
commented
9 months ago Facing the same issue with AzureAppConfigurationBuilder. Able to load the AppConfig values just fine, however when reading App Configuration Key-value references that reference Key Vault it always uses the default credential which throws a Azure.RequestFailedException.
We are using a CheinedTokenCredential to gain access to the Azure Resource, but unable to use the overridden GetCredential() method as it defaults to the DefaultAzureCredential().
masonhuemmer
Juraj2
AzureAppConfigurationBuilder uses hardcoded DefaultAzureCredential() to read Key Vault but should use existing GetCredential()
AzureAppConfigurationBuilder.cs always uses DefaultAzureCredential() when reading App Configuration
Key-value referencestoKey Vault. It should use already existing virtual method GetCredential() instead.Functional impact
Classes that inherit from
AzureAppConfigurationBuilderand override theprotected virtual TokenCredential GetCredential()still cannot influence whichTokenCredentialis used when reading App Configuration values that are referencingKey Vault.Expected result
When classes that inherit from
AzureAppConfigurationBuilderoverride theprotected virtual TokenCredential GetCredential()then theGetCredential()should also be used for App ConfigurationKey-value referencestoKey VaultActual result
When classes that inherit from
AzureAppConfigurationBuilderoverride theprotected virtual TokenCredential GetCredential()then theGetCredential()is only used to readKey-valuesfrom App Configuration. But when reading App ConfigurationKey-value referencesthat referenceKey Vaultthen always the hardcodednew DefaultAzureCredential()is used.Further technical details
There is a bug in the code in AzureAppConfigurationBuilder.cs in private SecretClient GetSecretClient() method. It should use already existing virtual method GetCredential() instead of hardcoded
new DefaultAzureCredential()- the same way as it is used in AzureKeyVaultConfigBuilder.cs