I am in the process of integrating the Entra ID to authenticate my Electron application, and to authroize the azure resources for the Service Principal.
Currently, the application is successfully authenticated with Entra ID using the msal-node library, as described in this article https://learn.microsoft.com/en-us/samples/azure-samples/ms-identity-ciam-javascript-tutorial/ms-identity-ciam-javascript-tutorial-3-sign-in-electron/.
However, when I try to access the CosmosDB and other resources with the DefaultAzureCredential, I am getting the following error.
Anything I am missing here?
Is there any other way to directly build the credential using the response, such as, tenent id, client id, authority, and accessToken, obtained from the authentication process?
To resolve the error, make sure to add below environment variables in your system:
AZURE_CLIENT_ID- App ID of your service principalAZURE_TENANT_ID- Your Tenant IDAZURE_CLIENT_SECRET- Secret value of your service principalYou can get values of
AZURE_CLIENT_IDandAZURE_TENANT_IDfrom application's Overview page:For
AZURE_CLIENT_SECRET, you can create one client secret in your app registration and copy it's value that will be visible only once for few seconds:Make sure to assign proper RBAC roles to the service principal under subscription to authorize the Azure resources.
References:
CredentialUnavailableError when using DefaultAzureCredential - Microsoft Q&A by Marilee Turscak-MSFT
azure-sdk-for-js/sdk/identity/identity at main · Azure/azure-sdk-for-js · GitHub