Skip to content

DefaultAzureCredential fails to get a token when attempted from an Azure Function with a VNet integration #16175

New issue
New issue
Closed
Closed
DefaultAzureCredential fails to get a token when attempted from an Azure Function with a VNet integration#16175

Description

@aangelisc

aangelisc
openedon Jul 2, 2021

  • Package Name: @azure/identity
  • Package Version: 1.3.0
  • Operating system: Linux
  • nodejs
    • version: 14
  • browser
    • name/version:
  • typescript
    • version: 4.4.0
  • Is the bug related to documentation in

Describe the bug
A clear and concise description of what the bug is.

When attempting to use the @azure/identity package in an Azure Function (Linux) with a VNet integration the GET request to the /msi/token endpoint fails with a 500 status code and the following error message:

More details:
unknown_error(status code 500).
More details:
An unknown error occurred and no additional details are available.
    at ManagedIdentityCredential.<anonymous> (/home/site/wwwroot/node_modules/@azure/identity/dist/index.js:1301:23)
    at Generator.throw (<anonymous>)
    at rejected (/home/site/wwwroot/node_modules/@azure/identity/node_modules/tslib/tslib.js:115:69)
    at process._tickCallback (internal/process/next_tick.js:68:7)
  statusCode: 500,
  errorResponse:
   { error: 'ManagedIdentityCredential authentication failed.',
     errorDescription:
      'unknown_error(status code 500).\nMore details:\nAn unknown error occurred and no additional details are available.',
     correlationId: undefined,
     errorCodes: undefined,
     timestamp: undefined,
     traceId: undefined },
  name: 'AuthenticationError' }

I can see that the request is made to the following endpoint: http://169.254.129.5:8081/msi/token?resource=https%3A%2F%2Fstorage.azure.com&api-version=2017-09-01

To Reproduce
Steps to reproduce the behavior:

  1. Create a function app with a system-assigned managed identity
  2. Integrate function app with VNet
  3. Attempt to retrieve a token using the @azure/identity library (const defaultAzureCredential = new DefaultAzureCredential();)

Expected behavior
A clear and concise description of what you expected to happen.

The function app should successfully retrieve a token.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

Labels

Azure.IdentityClientThis issue points to a problem in the data-plane of the library.Managed Identitycustomer-reportedIssues that are reported by GitHub users external to the Azure organization.needs-author-feedbackWorkflow: More information is needed from author to address the issue.no-recent-activityThere has been no recent activity on this issue.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions