diff --git a/sdk/identity/Azure.Identity/CHANGELOG.md b/sdk/identity/Azure.Identity/CHANGELOG.md
index 056a7e389f1a2..8746c78a3a788 100644
--- a/sdk/identity/Azure.Identity/CHANGELOG.md
+++ b/sdk/identity/Azure.Identity/CHANGELOG.md
@@ -12,6 +12,7 @@
- `EnvironmentCredential` updated to support specifying a certificate password via the `AZURE_CLIENT_CERTIFICATE_PASSWORD` environment variable
### Breaking Changes
+- Excluded `VisualStudioCodeCredential` from `DefaultAzureCredential` token chain by default as SDK authentication via Visual Studio Code is broken due to issue [#27263](https://github.com/Azure/azure-sdk-for-net/issues/27263). The `VisualStudioCodeCredential` will be re-enabled in the `DefaultAzureCredential` flow once a fix is in place. Issue [#30525](https://github.com/Azure/azure-sdk-for-net/issues/30525) tracks this. In the meantime Visual Studio Code users can authenticate their development environment using the [Azure CLI](https://learn.microsoft.com/cli/azure/).
### Bugs Fixed
diff --git a/sdk/identity/Azure.Identity/README.md b/sdk/identity/Azure.Identity/README.md
index 44b5ddc417ea3..c2f109ca8dea6 100644
--- a/sdk/identity/Azure.Identity/README.md
+++ b/sdk/identity/Azure.Identity/README.md
@@ -76,7 +76,7 @@ The `DefaultAzureCredential` will attempt to authenticate via the following mech
1. **Environment** - The `DefaultAzureCredential` will read account information specified via [environment variables](#environment-variables) and use it to authenticate.
2. **Managed Identity** - If the application is deployed to an Azure host with Managed Identity enabled, the `DefaultAzureCredential` will authenticate with that account.
3. **Visual Studio** - If the developer has authenticated via Visual Studio, the `DefaultAzureCredential` will authenticate with that account.
-4. **Visual Studio Code** - If the developer has authenticated via the Visual Studio Code Azure Account plugin, the `DefaultAzureCredential` will authenticate with that account.
+4. **Visual Studio Code** - Currently excluded by default as SDK authentication via Visual Studio Code is broken due to issue [#27263](https://github.com/Azure/azure-sdk-for-net/issues/27263). The `VisualStudioCodeCredential` will be re-enabled in the `DefaultAzureCredential` flow once a fix is in place. Issue [#30525](https://github.com/Azure/azure-sdk-for-net/issues/30525) tracks this. In the meantime Visual Studio Code users can authenticate their development environment using the [Azure CLI](https://learn.microsoft.com/cli/azure/).
5. **Azure CLI** - If the developer has authenticated an account via the Azure CLI `az login` command, the `DefaultAzureCredential` will authenticate with that account.
6. **Azure PowerShell** - If the developer has authenticated an account via the Azure PowerShell `Connect-AzAccount` command, the `DefaultAzureCredential` will authenticate with that account.
7. **Interactive browser** - If enabled, the `DefaultAzureCredential` will interactively authenticate the developer via the current system's default browser. By default, this credential type is disabled.
diff --git a/sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredentialOptions.cs b/sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredentialOptions.cs
index 76f2295283ba6..2c19120088d79 100644
--- a/sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredentialOptions.cs
+++ b/sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredentialOptions.cs
@@ -238,8 +238,9 @@ public string VisualStudioCodeTenantId
///
/// Specifies whether the will be excluded from the authentication flow.
+ /// The default is true.
///
- public bool ExcludeVisualStudioCodeCredential { get; set; }
+ public bool ExcludeVisualStudioCodeCredential { get; set; } = true;
///
/// Specifies whether the will be excluded from the authentication flow.
diff --git a/sdk/identity/Azure.Identity/tests/DefaultAzureCredentialLiveTests.cs b/sdk/identity/Azure.Identity/tests/DefaultAzureCredentialLiveTests.cs
index 36f0be49f9ab8..8ef5f8aca62d8 100644
--- a/sdk/identity/Azure.Identity/tests/DefaultAzureCredentialLiveTests.cs
+++ b/sdk/identity/Azure.Identity/tests/DefaultAzureCredentialLiveTests.cs
@@ -33,6 +33,7 @@ public async Task DefaultAzureCredential_UseVisualStudioCredential()
ExcludeInteractiveBrowserCredential = true,
ExcludeSharedTokenCacheCredential = true,
ExcludeAzureCliCredential = true,
+ ExcludeVisualStudioCodeCredential = false,
});
var fileSystem = CredentialTestHelpers.CreateFileSystemForVisualStudio();
@@ -71,6 +72,7 @@ public async Task DefaultAzureCredential_UseVisualStudioCodeCredential()
ExcludeManagedIdentityCredential = true,
ExcludeVisualStudioCredential = true,
ExcludeAzureCliCredential = true,
+ ExcludeVisualStudioCodeCredential = false,
VisualStudioCodeTenantId = TestEnvironment.TestTenantId
});
@@ -109,6 +111,7 @@ public async Task DefaultAzureCredential_UseVisualStudioCodeCredential_ParallelC
ExcludeSharedTokenCacheCredential = true,
ExcludeManagedIdentityCredential = true,
ExcludeAzureCliCredential = true,
+ ExcludeVisualStudioCodeCredential = false,
VisualStudioCodeTenantId = TestEnvironment.TestTenantId
});
@@ -145,6 +148,7 @@ public async Task DefaultAzureCredential_UseAzureCliCredential()
ExcludeInteractiveBrowserCredential = true,
ExcludeSharedTokenCacheCredential = true,
ExcludeManagedIdentityCredential = true,
+ ExcludeVisualStudioCodeCredential = false,
VisualStudioCodeTenantId = TestEnvironment.TestTenantId
});
@@ -183,6 +187,7 @@ public async Task DefaultAzureCredential_UseAzureCliCredential_ParallelCalls()
ExcludeInteractiveBrowserCredential = true,
ExcludeSharedTokenCacheCredential = true,
ExcludeManagedIdentityCredential = true,
+ ExcludeVisualStudioCodeCredential = false,
VisualStudioCodeTenantId = TestEnvironment.TestTenantId
});
@@ -218,6 +223,7 @@ public void DefaultAzureCredential_AllCredentialsHaveFailed_CredentialUnavailabl
ExcludeInteractiveBrowserCredential = true,
ExcludeManagedIdentityCredential = true,
ExcludeSharedTokenCacheCredential = true,
+ ExcludeVisualStudioCodeCredential = false,
});
var vscAdapter = new TestVscAdapter(ExpectedServiceName, "AzureCloud", "{}");
@@ -249,6 +255,7 @@ public void DefaultAzureCredential_AllCredentialsHaveFailed_FirstAuthenticationF
ExcludeInteractiveBrowserCredential = true,
ExcludeSharedTokenCacheCredential = true,
ExcludeManagedIdentityCredential = true,
+ ExcludeVisualStudioCodeCredential = false,
});
var vscAdapter = new TestVscAdapter(ExpectedServiceName, "AzureCloud", null);
@@ -279,6 +286,7 @@ public void DefaultAzureCredential_AllCredentialsHaveFailed_LastAuthenticationFa
ExcludeInteractiveBrowserCredential = true,
ExcludeSharedTokenCacheCredential = true,
ExcludeManagedIdentityCredential = true,
+ ExcludeVisualStudioCodeCredential = false,
});
var vscAdapter = new TestVscAdapter(ExpectedServiceName, "AzureCloud", null);
diff --git a/sdk/identity/Azure.Identity/tests/DefaultAzureCredentialTests.cs b/sdk/identity/Azure.Identity/tests/DefaultAzureCredentialTests.cs
index 4fd429e28950f..80494a2d74fbb 100644
--- a/sdk/identity/Azure.Identity/tests/DefaultAzureCredentialTests.cs
+++ b/sdk/identity/Azure.Identity/tests/DefaultAzureCredentialTests.cs
@@ -34,9 +34,8 @@ public void ValidateCtorNoOptions()
Assert.IsInstanceOf(typeof(EnvironmentCredential), sources[0]);
Assert.IsInstanceOf(typeof(ManagedIdentityCredential), sources[1]);
Assert.IsInstanceOf(typeof(VisualStudioCredential), sources[2]);
- Assert.IsInstanceOf(typeof(VisualStudioCodeCredential), sources[3]);
- Assert.IsInstanceOf(typeof(AzureCliCredential), sources[4]);
- Assert.IsInstanceOf(typeof(AzurePowerShellCredential), sources[5]);
+ Assert.IsInstanceOf(typeof(AzureCliCredential), sources[3]);
+ Assert.IsInstanceOf(typeof(AzurePowerShellCredential), sources[4]);
Assert.IsNull(sources[7]);
}
@@ -52,17 +51,16 @@ public void ValidateCtorIncludedInteractiveParam([Values(true, false)] bool incl
Assert.IsInstanceOf(typeof(EnvironmentCredential), sources[0]);
Assert.IsInstanceOf(typeof(ManagedIdentityCredential), sources[1]);
Assert.IsInstanceOf(typeof(VisualStudioCredential), sources[2]);
- Assert.IsInstanceOf(typeof(VisualStudioCodeCredential), sources[3]);
- Assert.IsInstanceOf(typeof(AzureCliCredential), sources[4]);
- Assert.IsInstanceOf(typeof(AzurePowerShellCredential), sources[5]);
+ Assert.IsInstanceOf(typeof(AzureCliCredential), sources[3]);
+ Assert.IsInstanceOf(typeof(AzurePowerShellCredential), sources[4]);
if (includeInteractive)
{
- Assert.IsInstanceOf(typeof(InteractiveBrowserCredential), sources[6]);
+ Assert.IsInstanceOf(typeof(InteractiveBrowserCredential), sources[5]);
}
else
{
- Assert.IsNull(sources[6]);
+ Assert.IsNull(sources[5]);
}
}
@@ -163,6 +161,8 @@ public void ValidateUnhandledException(Type credentialType)
ExcludeEnvironmentCredential = false,
ExcludeManagedIdentityCredential = false,
ExcludeSharedTokenCacheCredential = false,
+ ExcludeVisualStudioCredential = false,
+ ExcludeVisualStudioCodeCredential = false,
ExcludeAzureCliCredential = false,
ExcludeAzurePowerShellCredential = false,
ExcludeInteractiveBrowserCredential = false
@@ -237,6 +237,8 @@ public async Task ValidateSelectedCredentialCaching(Type availableCredential)
ExcludeEnvironmentCredential = false,
ExcludeManagedIdentityCredential = false,
ExcludeSharedTokenCacheCredential = false,
+ ExcludeVisualStudioCredential = false,
+ ExcludeVisualStudioCodeCredential = false,
ExcludeAzureCliCredential = false,
ExcludeAzurePowerShellCredential = false,
ExcludeInteractiveBrowserCredential = false
@@ -282,8 +284,11 @@ public async Task CredentialTypeLogged(Type availableCredential)
ExcludeEnvironmentCredential = false,
ExcludeManagedIdentityCredential = false,
ExcludeSharedTokenCacheCredential = false,
+ ExcludeVisualStudioCredential = false,
+ ExcludeVisualStudioCodeCredential = false,
ExcludeAzureCliCredential = false,
- ExcludeInteractiveBrowserCredential = false,
+ ExcludeAzurePowerShellCredential = false,
+ ExcludeInteractiveBrowserCredential = false
};
var credFactory = GetMockDefaultAzureCredentialFactory(options, availableCredential, expToken, calledCredentials);