Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Azure Toolkit for IntelliJ - IntelliJCredential does not find logged in creds in keychain on Mac #39799

Closed
3 tasks done
gtay003 opened this issue Apr 18, 2024 · 7 comments · Fixed by #41523
Closed
3 tasks done

[BUG] Azure Toolkit for IntelliJ - IntelliJCredential does not find logged in creds in keychain on Mac #39799

gtay003 opened this issue Apr 18, 2024 · 7 comments · Fixed by #41523
Assignees
@billwert
Labels
Azure.Identity azure-spring All azure-spring related issues Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@gtay003
Copy link

gtay003 commented Apr 18, 2024

I am using the Azure Toolkit for IntelliJ (version 3.87.0-2023.3) on IDEA Ultimate 2023.3.2 on a Mac laptop.

I am able to log into the toolkit, but then when running a local development environment (a Spring Boot app), the IntellijCredential (from azure-identity) is not finding the cached login credentials in the Mac Keychain.

From looking at the code in the current azure-identity codebase, it appears that the cache is written to a keychain value with name 'Microsoft.Developer.IdentityService' and account name 'azure-toolkit.cache.nocae' (in PersistentTokenCacheImpl), but the IntellijCredential class is looking for a record without the '.nocae' suffix, i.e. just 'azure-toolkit.cache' (in IntelliJCacheAccessor).

Exception or Stack Trace

When starting a Spring Boot app that makes use of azure identity services (e.g. running with 'com.azure.spring:spring-cloud-azure-starter-keyvault', but likely affects any azure sdk libraries that use DefaultCredential), the following is logged during startup:

2024-04-18 20:29:52.106  INFO --- [                          main] c.azure.identity.ChainedTokenCredential  : Azure Identity => Attempted credential IntelliJCredential is unavailable.

and the app fails to start.

If I manually change the account value on the saved keychain entry using the Mac's Keychain Access utility (to remove the '.nocae' suffix) and retry, the app starts up.

To Reproduce

  • Install IntelliJ Ultimate 2023.3.2 on a Mac
  • Install AZ toolkit plugin and log into an AZ account with access to a key vault
  • Import the attached sample project and run the supplied Spring Boot app (updating the key vault URI in the application.properties file to one the account has access to).
  • Start the application class, the above message will be logged and the startup will fail

Expected behavior

I would expect the toolkit plugin to write the cached creds to a keychain location that the IntelliJCredential class then finds it, and the app should start up successfully as soon as the user has logged into the AZ toolkit in IntelliJ.

Setup (please complete the following information):

  • OS: MacOS 14.4.1
  • IDE: IntelliJ Ultimate 2023.3.2
  • Library/Libraries: com.azure.spring:spring-cloud-azure-starter-keyvault
  • Java version: 18
  • App Server/Environment: Spring Boot/Webflux server app

Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

  • Bug Description Added
  • Repro Steps Added
  • Setup information Added

azure-identity-mac-issue.zip
@github-actions github-actions bot added azure-spring All azure-spring related issues Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Apr 18, 2024
@github-actions GitHub Actions
Copy link

@chenrujun @moarychan @Netyyyy @saragluna

@github-actions GitHub Actions
Copy link

Thank you for your feedback. Tagging and routing to the team member best able to assist.

@saragluna
Copy link
Member

Seems like an azure-identity issue, @g2vinay, @billwert could you please help take a look?

@billwert
Copy link
Contributor

billwert commented May 8, 2024

@gtay003 Could you please re-host the project in a repo or gist and I will take a look?

@gtay003
Copy link
Author

gtay003 commented May 9, 2024

Sure @billwert - see here.

@saragluna saragluna assigned billwert and unassigned billwert May 22, 2024
@saragluna saragluna assigned billwert and unassigned moarychan May 22, 2024
@billwert billwert mentioned this issue Aug 15, 2024
Merged
@billwert
Copy link
Contributor

Hello! Can you please try this with 1.14.0-beta.2 of azure-identity as well as latest Azure Toolkit? We'll GA the fix next month, and I'd appreciate it if you can give it a quick try before we do so in case there is any other issue. Thanks!

@gtay003
Copy link
Author

gtay003 commented Sep 21, 2024
edited
Loading

Hi @billwert, I've just tested this and it's now working fine with the beta version. I upgraded to the latest toolkit plugin for IntelliJ, and also needed to upgrade to the latest published version of spring-cloud-azure-dependencies, i.e. 5.16.0. And I now see the following in the Spring Boot output logs as expected:

2024-09-21 09:50:10.226  INFO --- [                          main] c.azure.identity.ChainedTokenCredential  : Azure Identity => Attempted credential IntelliJCredential returns a token
2024-09-21 09:50:10.226  INFO --- [                          main] c.a.c.implementation.AccessTokenCache    : {"az.sdk.message":"Acquired a new access token."}

See changes in repro project here.

Thanks for looking at this, will watch out for the GA release! 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@billwert billwert

Labels
Azure.Identity azure-spring All azure-spring related issues Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
Azure Identity SDK Improvements
Status: Done
Spring Cloud Azure
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Migrate Identity to azure-json billwert/azure-sdk-for-java
4 participants
@billwert @gtay003 @moarychan @saragluna