Azure: DefaultAzureCredential is not working

Question

I am trying to use Azure Storage for that I am using DefaultAzureCredential for authentication. I already logged in with the az login command. but when I run my Azure function, it gives me this error response.

{ "message": "{"odata.error":{"code":"AuthorizationPermissionMismatch","message":{"lang":"en-US","value":"This request is not authorized to perform this operation using this permission.\nRequestId:1fedb6ef-3002-0070-7133-fc1d53000000\nTime:2023-10-11T11:09:48.2823331Z"}}}" }

When I try this in console:-

const credential = new DefaultAzureCredential();

console.log(credential)

It's consoling this

DefaultAzureCredential { [2023-10-11T11:17:18.644Z] UnavailableMessage: 'DefaultAzureCredential => failed to retrieve a token from the included credentials. To troubleshoot, visit  [https://aka.ms/azsdk/js/identity/defaultazurecredential/troubleshoot.'](https://aka.ms/azsdk/js/identity/defaultazurecredential/troubleshoot.%27), [2023-10-11T11:17:18.645Z] _sources: [

I don't know why it's not able to retrieve tokens from my CLI. I already tried AzureCliCredential its not working either.

Does anyone know how to fix it?

I am using Macbook Air M1 2020 OS Ventura 13.3

Answer 1

I tried using DefaultAzureCredentials in my local VS Code and tried accessing a blob inside my storage container via typescript Azure function and I was able to access the Blob successfully refer below:-

I added the myself Storage Blob Data Contributor role at the Storage account level like below:-

I have this role assigned at subscription level thus it is inherited, You can add it at the storage account resource level too.

My httpTrigger1.ts:-

import { app, HttpRequest, HttpResponseInit, InvocationContext } from "@azure/functions";
import { BlobServiceClient, ContainerClient } from "@azure/storage-blob";
import { DefaultAzureCredential } from "@azure/identity";

const containerName = "data"; // Replace with your container name
const blobName = "blob.txt"; // Replace with your blob name

export async function httpTrigger1(request: HttpRequest, context: InvocationContext): Promise<HttpResponseInit> {
    context.log(`Http function processed request for url "${request.url}"`);

    const name = request.query.get('name') || await request.text() || 'world';

    // Use DefaultAzureCredential to authenticate
    const credential = new DefaultAzureCredential();

    // Initialize BlobServiceClient with DefaultAzureCredential
    const blobServiceClient = new BlobServiceClient("https://siliconrg54.blob.core.windows.net", credential);

    // Access a container
    const containerClient = blobServiceClient.getContainerClient(containerName);

    // Access a blob
    const blobClient = containerClient.getBlobClient(blobName);
    const blobContent = (await blobClient.download(0)).readableStreamBody;

    return { body: `Hello, ${name}! Blob Content: ${blobContent.toString()}` };
}

app.http('httpTrigger1', {
    methods: ['GET', 'POST'],
    authLevel: 'anonymous',
    handler: httpTrigger1
});

az login
az account set --subscription "Subscription-name"

Output:-

I am also logged into my Account in my Vs code extension here:-

Reference:-

Assign an Azure role for access to blob data - Azure Storage | Microsoft Learn