Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]Unexpected Exception thrown when authenticate with chaining credentials #8476

Closed
3 tasks
tzhanl opened this issue Oct 28, 2019 · 2 comments
Closed
3 tasks

[BUG]Unexpected Exception thrown when authenticate with chaining credentials #8476

tzhanl opened this issue Oct 28, 2019 · 2 comments
Assignees
@schaabs
Labels
Azure.Identity bug This issue requires a change to an existing behavior in the product in order to be resolved. Client This issue points to a problem in the data-plane of the library.

Comments

@tzhanl
Copy link
Contributor

tzhanl commented Oct 28, 2019

Describe the bug
Authenticate service client with chaining credentials will throw an unexpected exception when the first credential of chaining credentials is invalid in C#. It works in JavaScript,Python and Java. Verified that this bug occurred in KeyClient, SecretClient, CertificateClient, BlobContainerClient, QueueClient and EventHubClient (FileService client cannot verified because it's don't support authenticate with TokenCredential).

Code Snippet
image

Exception or Stack Trace
Message: "The request to the identity service failed. See inner exception for details."
at Azure.Identity.ManagedIdentityCredential.GetToken(TokenRequest request, CancellationToken cancellationToken) at Azure.Identity.ChainedTokenCredential.GetToken(TokenRequest request, CancellationToken cancellationToken) at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.d__8.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.ValueTaskAwaiter.GetResult() at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task) at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.Process(HttpPipelineMessage message, ReadOnlyMemory1 pipeline) at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpPipelineMessage message, ReadOnlyMemory1 pipeline) at Azure.Core.Pipeline.SynchronousHttpPipelinePolicy.Process(HttpPipelineMessage message, ReadOnlyMemory1 pipeline) at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpPipelineMessage message, ReadOnlyMemory1 pipeline) at Azure.Core.Pipeline.RetryPolicy.d__11.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Azure.Core.Pipeline.RetryPolicy.d__11.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.ValueTaskAwaiter.GetResult() at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task) at Azure.Core.Pipeline.RetryPolicy.Process(HttpPipelineMessage message, ReadOnlyMemory1 pipeline) at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpPipelineMessage message, ReadOnlyMemory1 pipeline) at Azure.Core.Pipeline.SynchronousHttpPipelinePolicy.Process(HttpPipelineMessage message, ReadOnlyMemory1 pipeline) at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpPipelineMessage message, ReadOnlyMemory1 pipeline) at Azure.Core.Pipeline.SynchronousHttpPipelinePolicy.Process(HttpPipelineMessage message, ReadOnlyMemory1 pipeline) at Azure.Core.Pipeline.HttpPipeline.Send(HttpPipelineMessage message, CancellationToken cancellationToken) at Azure.Storage.Blobs.BlobRestClient.Container.d__0.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Threading.Tasks.ValueTask1.get_Result() at System.Runtime.CompilerServices.ConfiguredValueTaskAwaitable1.ConfiguredValueTaskAwaiter.GetResult() at Azure.Storage.Blobs.BlobContainerClient.d__29.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.ConfiguredTaskAwaitable1.ConfiguredTaskAwaiter.GetResult() at Azure.Storage.TaskExtensions.EnsureCompleted[T](Task1 task) at Azure.Storage.Blobs.BlobContainerClient.Create(PublicAccessType publicAccessType, IDictionary2 metadata, CancellationToken cancellationToken) at StorageBlobAuthIssue.Class.ChainingCredentialsStroageBlobAsync() in C:\Users\azuretest\source\repos\ConsoleApp1\ConsoleApp1\Program.cs:line 45 at StorageBlobAuthIssue.Class.Main() in C:\Users\azuretest\source\repos\ConsoleApp1\ConsoleApp1\Program.cs:line 20

To Reproduce
Repro App:https://github.com/wantedfast/ChainingCredentialsIssue

Expected behavior
Authenticate with the second Credential in the ChainingCredential.

Setup (please complete the following information):

  • Package version: Azure.Identity -Version 1.0.0-preview.5

Additional context
Step into Debug works as expected, Step over or F5 get the unexpected exception.

Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

  • Bug Description Added
  • Repro Steps Added
  • Setup information Added
@triage-new-issues triage-new-issues bot added the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Oct 28, 2019
@adrianhall adrianhall added Authentication Az Net SDK Team bug This issue requires a change to an existing behavior in the product in order to be resolved. Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. and removed needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. labels Oct 28, 2019
@AlexGhiondea AlexGhiondea added Azure.Identity and removed Authentication customer-reported Issues that are reported by GitHub users external to the Azure organization. labels Oct 28, 2019
@schaabs
Copy link
Member

schaabs commented Oct 28, 2019

@tzhanl Thanks for filing this issue. This is expected behavior. The ChainedTokenCredential l specifically will not handle unexpected exceptions thrown when trying to authenticate. This is by design to prevent clients from using unexpected credentials when authenticating (for instance in the case an environment variable was copied incorrectly). If you desire the behavior of continuing when an unhandled exception is raised you would need to implement your own version of the ChainedTokenCredential, or provide derived implementations of the credential types you want to include in the chain which catch exceptions thrown from the base GetToken / GetTokenAsync. Unfortunately there's not an easy way to extend the ChainedTokenCredential to give it the behavior you desire here.

As a related aside. The next release of Azure.Identity will provide an exception type which will be handled by the ChainedTokenCredential and DefaultAzureCredential. PR #8306 introduces the CredentialUnavailableException which will be thrown in the case that a credential type is not able to get a token due to incomplete configuration. While the above exception still wouldn't be covered by this, implementers of TokenCredential can raise this exception to allow chained credentials to continue walking the chain.

@joshfree joshfree added blocking-release Blocks release and removed blocking-release Blocks release labels Oct 28, 2019
@schaabs
Copy link
Member

schaabs commented Oct 30, 2019

Closing this issue. I have opened issues against the other languages to update their behavior.

@schaabs schaabs closed this as completed Oct 30, 2019
openapi-sdkautomation bot pushed a commit to AzureSDKAutomation/azure-sdk-for-net that referenced this issue Feb 21, 2020
Generated from 6b46480ebd9b2f2c7220f2e9a9c6754dd524e2d1
cbc8927 
Add default=90 to softDeleteRetentionInDays (Azure#8476)

* Add default=90 to softDeleteRetentionInDays

Add default=90  to softDeleteRetentionInDays

* Remove default softDeleteRetentionInDays  when patching

Remove default softDeleteRetentionInDays  when patching.
openapi-sdkautomation bot pushed a commit to AzureSDKAutomation/azure-sdk-for-net that referenced this issue Feb 22, 2020
Generated from 6b46480ebd9b2f2c7220f2e9a9c6754dd524e2d1
7676de9 
Add default=90 to softDeleteRetentionInDays (Azure#8476)

* Add default=90 to softDeleteRetentionInDays

Add default=90  to softDeleteRetentionInDays

* Remove default softDeleteRetentionInDays  when patching

Remove default softDeleteRetentionInDays  when patching.
@github-actions github-actions bot locked and limited conversation to collaborators Mar 29, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@schaabs schaabs

Labels
Azure.Identity bug This issue requires a change to an existing behavior in the product in order to be resolved. Client This issue points to a problem in the data-plane of the library.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@joshfree @adrianhall @AlexGhiondea @schaabs @tzhanl