Azure.Identity simplify exception messaging

[schaabs]

Error messaging from authentication failures in Azure.Identity is in many cases too verbose. Nested exceptions and AggregateExceptions lead to duplicated information, and superfluous information being inserted into exception strings. This can often obscure the actual cause of the exception. This is especially true in error messages from the DefaultAzureCredential.

This change simplifies exception messaging across the library and removes the use of AggregateException as the inner exception of failures from the DefaultAzureCredential. Below are two examples of how this simplifies the exception messaging from the DefaultAzureCredential.

DefaultAzureCredential when no credentials are available

Without this update

// Message

The DefaultAzureCredential failed to retrieve a token from the included credentials.
  EnvironmentCredential is unavailable Environment variables not fully configured. AZURE_TENANT_ID and AZURE_CLIENT_ID must be set, along with either AZURE_CLIENT_SECRET or AZURE_USERNAME and AZURE_PASSWORD. Alternately, AZURE_AUTH_LOCATION ca be set.  Currently set variables [ AZURE_CLIENT_ID AZURE_CLIENT_SECRET ].
  ManagedIdentityCredential is unavailable No managed identity endpoint found..
  SharedTokenCacheCredential is unavailable No accounts were found in thecache.  To authenticate with the SharedTokenCacheCredential, login an account through developer tooling supporting Azure single sign on..
See inner exception for more detail.

// ToString

Azure.Identity.AuthenticationFailedException: The DefaultAzureCredential failed to retrieve a token from the included credentials.
  EnvironmentCredential is unavailable Environment variables not fully configured. AZURE_TENANT_ID and AZURE_CLIENT_ID must be set, along with either AZURE_CLIENT_SECRET or AZURE_USERNAME and AZURE_PASSWORD. Alternately, AZURE_AUTH_LOCATION ca be set.  Currently set variables [ AZURE_CLIENT_ID AZURE_CLIENT_SECRET ].
  ManagedIdentityCredential is unavailable No managed identity endpoint found..
  SharedTokenCacheCredential is unavailable No accounts were found in thecache.  To authenticate with the SharedTokenCacheCredential, login an account through developer tooling supporting Azure single sign on..
See inner exception for more detail. ---> System.AggregateException: The DefaultAzureCredential failed to retrieve a token from the included credentials. (Environment variables not fully configured. AZURE_TENANT_ID and AZURE_CLIENT_ID must be set, along with either AZURE_CLIENT_SECRET or AZURE_USERNAME and AZURE_PASSWORD. Alternately, AZURE_AUTH_LOCATION ca be set.  Currently set variables [ AZURE_CLIENT_ID AZURE_CLIENT_SECRET ]) (No managed identity endpoint found.) (No accounts were found in thecache.  To authenticate with the SharedTokenCacheCredential, login an account through developer tooling supporting Azure single sign on.) ---> Azure.Identity.CredentialUnavailableException: Environment variables not fully configured. AZURE_TENANT_ID and AZURE_CLIENT_ID must be set, along with either AZURE_CLIENT_SECRET or AZURE_USERNAME and AZURE_PASSWORD. Alternately, AZURE_AUTH_LOCATION ca be set.  Currently set variables [ AZURE_CLIENT_ID AZURE_CLIENT_SECRET ]
  --- End of inner exception stack trace ---
  --- End of inner exception stack trace ---
  at Azure.Identity.DefaultAzureCredential.GetTokenAsync(Boolean isAsync, TokenRequestContext requestContext, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\DefaultAzureCredential.cs:line 122
  at Azure.Identity.DefaultAzureCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\DefaultAzureCredential.cs:line 90
  at Azure.Identity.Tests.DefaultAzureCredentialTests.<>c__DisplayClass8_0.<<ValidateEnvironmentCredentialUnhandledException>b__0>d.MoveNext() in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\tests\DefaultAzureCredentialTests.cs:line 351
--- End of stack trace from previous location where exception was thrown ---
  at NUnit.Framework.Internal.TaskAwaitAdapter.GenericAdapter`1.BlockUntilCompleted() in D:\a\1\s\src\NUnitFramework\framework\Internal\TaskAwaitAdapter.cs:line 95
  at NUnit.Framework.Internal.AsyncToSyncAdapter.Await(Func`1 invoke) in D:\a\1\s\src\NUnitFramework\framework\Internal\AsyncToSyncAdapter.cs:line 60
  at NUnit.Framework.Assert.ThrowsAsync(IResolveConstraint expression, AsyncTestDelegate code, String message, Object[] args) in D:\a\1\s\src\NUnitFramework\framework\Assert.Exceptions.Async.cs:line 48

With this update

//Message 

DefaultAzureCredential failed to retrieve a token from the included credentials. ( EnvironmentCredential authentication unavailable, environment variables are not fully configured. ManagedIdentityCredential not available, no managed identity endpoint found. SharedTokenCacheCredential authentication unavailable, no accounts were found in the cache. )

// ToString

Azure.Identity.CredentialUnavailableException: DefaultAzureCredential failed to retrieve a token from the included credentials. ( EnvironmentCredential authentication unavailable, environment variables are not fully configured. ManagedIdentityCredential not available, no managed identity endpoint found. SharedTokenCacheCredential authentication unavailable, no accounts were found in the cache. )
   at Azure.Identity.DefaultAzureCredential.GetTokenAsync(Boolean isAsync, TokenRequestContext requestContext, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\DefaultAzureCredential.cs:line 127
   at Azure.Identity.DefaultAzureCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\DefaultAzureCredential.cs:line 90
   at Azure.Identity.Tests.DefaultAzureCredentialTests.<>c__DisplayClass8_0.<<ValidateEnvironmentCredentialUnhandledException>b__0>d.MoveNext() in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\tests\DefaultAzureCredentialTests.cs:line 351
--- End of stack trace from previous location where exception was thrown ---
   at NUnit.Framework.Internal.TaskAwaitAdapter.GenericAdapter`1.BlockUntilCompleted() in D:\a\1\s\src\NUnitFramework\framework\Internal\TaskAwaitAdapter.cs:line 95
   at NUnit.Framework.Internal.AsyncToSyncAdapter.Await(Func`1 invoke) in D:\a\1\s\src\NUnitFramework\framework\Internal\AsyncToSyncAdapter.cs:line 60
   at NUnit.Framework.Assert.ThrowsAsync(IResolveConstraint expression, AsyncTestDelegate code, String message, Object[] args) in D:\a\1\s\src\NUnitFramework\framework\Assert.Exceptions.Async.cs:line 48

DefaultAzureCredential when authentication fails

Without this update

// Message

The DefaultAzureCredential failed due to an unhandled exception:  EnvironmentCredential failed with unhandled exception The authentication request failed due to an unhandled exception.  See inner exception for details..
  EnvironmentCredential failed with The authentication request failed due to an unhandled exception.  See inner exception for details..
See inner exception for more detail.

// ToString

    Azure.Identity.AuthenticationFailedException: The DefaultAzureCredential failed due to an unhandled exception:  EnvironmentCredential failed with unhandled exception The authentication request failed due to an unhandled exception.  See inner exception for details..
  EnvironmentCredential failed with The authentication request failed due to an unhandled exception.  See inner exception for details..
See inner exception for more detail. ---> System.AggregateException: The DefaultAzureCredential failed due to an unhandled exception:  EnvironmentCredential failed with unhandled exception The authentication request failed due to an unhandled exception.  See inner exception for details.. (The authentication request failed due to an unhandled exception.  See inner exception for details.) ---> Azure.Identity.AuthenticationFailedException: The authentication request failed due to an unhandled exception.  See inner exception for details. ---> Azure.RequestFailedException: Service request failed.
Status: 400 (Bad Request)

Content:
{"error":"unauthorized_client","error_description":"AADSTS700016: Application with identifier 'c0f6fc62-8bf3-449c-afc5-06f074e52af2' was not found in the directory 'a7fc734e-9961-43ce-b4de-21b8b38403ba'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.\r\nTrace ID: 88bac1cd-156e-44cb-8aee-7de442711300\r\nCorrelation ID: 3e26d973-b3cc-43bc-85f3-e9014aa6743b\r\nTimestamp: 2020-02-06 01:03:43Z","error_codes":[700016],"timestamp":"2020-02-06 01:03:43Z","trace_id":"88bac1cd-156e-44cb-8aee-7de442711300","correlation_id":"3e26d973-b3cc-43bc-85f3-e9014aa6743b","error_uri":"https://login.microsoftonline.com/error?code=700016"}

Headers:
Cache-Control: no-store, no-cache
Pragma: no-cache
Strict-Transport-Security: REDACTED
X-Content-Type-Options: REDACTED
x-ms-request-id: REDACTED
x-ms-ests-server: REDACTED
P3P: REDACTED
Set-Cookie: REDACTED
Date: Thu, 06 Feb 2020 01:03:43 GMT
Content-Type: application/json; charset=utf-8
Expires: -1
Content-Length: 779

  at Azure.Identity.AadIdentityClient.SendAuthRequestAsync(Request request, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\AadIdentityClient.cs:line 72
  at Azure.Identity.AadIdentityClient.AuthenticateAsync(String tenantId, String clientId, String clientSecret, String[] scopes, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\AadIdentityClient.cs:line 37
  at Azure.Identity.ClientSecretCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\ClientSecretCredential.cs:line 96
  --- End of inner exception stack trace ---
  at Azure.Identity.ClientSecretCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\ClientSecretCredential.cs:line 106
  at Azure.Identity.EnvironmentCredential.GetTokenImplAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\EnvironmentCredential.cs:line 209
  --- End of inner exception stack trace ---
  --- End of inner exception stack trace ---
  at Azure.Identity.DefaultAzureCredential.GetTokenAsync(Boolean isAsync, TokenRequestContext requestContext, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\DefaultAzureCredential.cs:line 120
  at Azure.Identity.DefaultAzureCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\DefaultAzureCredential.cs:line 90
  at Azure.Identity.Tests.DefaultAzureCredentialTests.<>c__DisplayClass8_0.<<ValidateEnvironmentCredentialUnhandledException>b__0>d.MoveNext() in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\tests\DefaultAzureCredentialTests.cs:line 351
--- End of stack trace from previous location where exception was thrown ---
  at NUnit.Framework.Internal.TaskAwaitAdapter.GenericAdapter`1.BlockUntilCompleted() in D:\a\1\s\src\NUnitFramework\framework\Internal\TaskAwaitAdapter.cs:line 95
  at NUnit.Framework.Internal.AsyncToSyncAdapter.Await(Func`1 invoke) in D:\a\1\s\src\NUnitFramework\framework\Internal\AsyncToSyncAdapter.cs:line 60
  at NUnit.Framework.Assert.ThrowsAsync(IResolveConstraint expression, AsyncTestDelegate code, String message, Object[] args) in D:\a\1\s\src\NUnitFramework\framework\Assert.Exceptions.Async.cs:line 48

With this update

// Message

DefaultAzureCredential authentication failed.

// ToString

Azure.Identity.AuthenticationFailedException: DefaultAzureCredential authentication failed. ---> Azure.Identity.AuthenticationFailedException: ClientSecretCredential authentication failed. ---> Azure.RequestFailedException: Service request failed.
Status: 400 (Bad Request)

Content:
{"error":"unauthorized_client","error_description":"AADSTS700016: Application with identifier '78e8f606-0950-4210-906d-1d321511c09d' was not found in the directory 'a7fc734e-9961-43ce-b4de-21b8b38403ba'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.\r\nTrace ID: 9f3624a7-49ca-4097-a339-780fd4e41600\r\nCorrelation ID: b1acfa40-06cc-42a1-a2f1-d35b94db3628\r\nTimestamp: 2020-02-06 01:13:33Z","error_codes":[700016],"timestamp":"2020-02-06 01:13:33Z","trace_id":"9f3624a7-49ca-4097-a339-780fd4e41600","correlation_id":"b1acfa40-06cc-42a1-a2f1-d35b94db3628","error_uri":"https://login.microsoftonline.com/error?code=700016"}

Headers:
Cache-Control: no-store, no-cache
Pragma: no-cache
Strict-Transport-Security: REDACTED
X-Content-Type-Options: REDACTED
x-ms-request-id: REDACTED
x-ms-ests-server: REDACTED
P3P: REDACTED
Set-Cookie: REDACTED
Date: Thu, 06 Feb 2020 01:13:33 GMT
Content-Type: application/json; charset=utf-8
Expires: -1
Content-Length: 779

  at Azure.Identity.AadIdentityClient.SendAuthRequestAsync(Request request, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\AadIdentityClient.cs:line 72
  at Azure.Identity.AadIdentityClient.AuthenticateAsync(String tenantId, String clientId, String clientSecret, String[] scopes, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\AadIdentityClient.cs:line 37
  at Azure.Identity.ClientSecretCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\ClientSecretCredential.cs:line 96
  --- End of inner exception stack trace ---
  at Azure.Identity.ClientSecretCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\ClientSecretCredential.cs:line 106
  at Azure.Identity.EnvironmentCredential.GetTokenImplAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\EnvironmentCredential.cs:line 172
  --- End of inner exception stack trace ---
  at Azure.Identity.DefaultAzureCredential.GetTokenAsync(Boolean isAsync, TokenRequestContext requestContext, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\DefaultAzureCredential.cs:line 118
  at Azure.Identity.DefaultAzureCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\src\DefaultAzureCredential.cs:line 90
  at Azure.Identity.Tests.DefaultAzureCredentialTests.<>c__DisplayClass8_0.<<ValidateEnvironmentCredentialUnhandledException>b__0>d.MoveNext() in d:\azure-sdk-for-net\sdk\identity\Azure.Identity\tests\DefaultAzureCredentialTests.cs:line 351
--- End of stack trace from previous location where exception was thrown ---
  at NUnit.Framework.Internal.TaskAwaitAdapter.GenericAdapter`1.BlockUntilCompleted() in D:\a\1\s\src\NUnitFramework\framework\Internal\TaskAwaitAdapter.cs:line 95
  at NUnit.Framework.Internal.AsyncToSyncAdapter.Await(Func`1 invoke) in D:\a\1\s\src\NUnitFramework\framework\Internal\AsyncToSyncAdapter.cs:line 60
  at NUnit.Framework.Assert.ThrowsAsync(IResolveConstraint expression, AsyncTestDelegate code, String message, Object[] args) in D:\a\1\s\src\NUnitFramework\framework\Assert.Exceptions.Async.cs:line 48

[pakrym]

DefaultAzureCredential failed to retrieve a token from the included credentials. ( EnvironmentCredential authentication unavailable, environment variables are not fully configured. ManagedIdentityCredential not available, no managed identity endpoint found. SharedTokenCacheCredential authentication unavailable, no accounts were found in the cache. )

For me this is rather hard to read as a single line, I liked when messages were on separate lines
.

[ellismg]

LGTM

[pakrym]

DefaultAzureCredential authentication failed.

Should we try and concatenate messages here?

Adressed your feedback