How to throw error for invalid clientId, clientSecret, subscriptionId and tenantId.

Sandip Bhesaniya 0 Reputation points
2024-11-27T05:30:52.8633333+00:00

I was exploring the Azure SDK and encountered an issue while executing the following code:

import { ClientSecretCredential } from "@azure/identity";
import { ResourceManagementClient } from "@azure/arm-resources";

async function validateAzureCredentials(
  clientId: string,
  clientSecret: string,
  tenantId: string,
  subscriptionId: string
) {
  try {
    // Create a credential object
    const credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

    // Initialize the ResourceManagementClient
    const resourceClient = new ResourceManagementClient(credential, subscriptionId);

    // List resource groups to validate subscription
    const resourceGroups = await resourceClient.resourceGroups.list();

    console.log("Azure credentials and subscription are valid!");
    console.log(`Found ${resourceGroups.length} resource groups.`);
    return true;
  } catch (error) {
    console.error("Azure credential validation failed:", error.message);
    throw error;
  }
}

Even when I provide invalid values for clientId, clientSecret, tenantId, or subscriptionId, the program does not throw an error. Instead, it outputs: "Azure credentials and subscription are valid!"
How can I accurately validate these inputs to ensure that invalid credentials or subscriptions trigger an appropriate error?

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,219 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,190 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,492 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. FrankEscarosBuechsel-MSFT 250 Reputation points Microsoft Employee
    2024-11-27T14:55:06.06+00:00

    Hi @Sandip Bhesaniya Thank you for reaching out.

    It seems you want to be able to validate if authentication succeeded prior to interacting with objects via asynchronous actions.

    However it seems that the ClientSecretCredential class does not throw any exceptions/errors to catch by itself if you just call the constructor, however the class does provide a method called getToken which allows you to call an actual authentication call which throws an AuthenticationRequiredError or CredentialUnavailableError which you can catch.

    The Troubleshooting example also follows the same approach of creating the credential and then using the actual object to perform work on in the try-catch block.

    I have written a small example program to illustrate the concept for you.

    import { ClientSecretCredential } from "@azure/identity";
    
    const clientId = "some"
    const clientSecret = "wrong"
    const tenantId= "IDs"
    const subscriptionId = "even more wrong"
    
    const credential = new ClientSecretCredential(tenantId, clientId, clientSecret)
    console.log("Azure credentials and subscription are maybe valid?")
    
    async function validateCredentials() {
        try {
            console.log(await credential.getToken("https://management.azure.com/.default"))
            console.log("Azure credentials and subscription are valid")
        } catch(error) {
            console.log("Azure credentials and subscription are invalid")
        }
    }
    
    validateCredentials();
    
    

    You can see the output of the small test program below.

    Screenshot 2024-11-27 145357


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.