Missing resource principal output misinterpreted as PowerShell not installed

[elKei24]

When the AzurePowerShellCredential interprets the output for finding the reason for a failed token retrieval, every output that contains "not found" is interpreted as "Powershell not installed":

azure-sdk-for-net/sdk/identity/Azure.Identity/src/Credentials/AzurePowerShellCredential.cs

Line 173 in 58be25f

bool noPowerShell = output.IndexOf("not found", StringComparison.OrdinalIgnoreCase) != -1 ||

This causes very misleading error messages because "not found" is also output for other error cases, for example:

SharedTokenCacheCredential authentication failed: AADSTS500011: The resource principal named <RESOURCE> was not found in the tenant named <TENANT>. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

[jsquire]

//cc: @christothes

[jsquire]

Thank you for your feedback. Tagging and routing to the team member best able to assist.

[christothes]

Hi @elKei24 - It appears that this error came from SharedTokenCacheCredential. Did you get this error from AzurePowerShellCredential also?

[elKei24]

Hi @elKei24 - It appears that this error came from SharedTokenCacheCredential. Did you get this error from AzurePowerShellCredential also?

Hi @christothes and sorry for the late reply: Yes, this error is from AzurePowerShellCredentials. I extracted it from the output variable in the line I referenced above. The whole output looks like this:

#< CLIXML
<Objs Version="1.1.0.1" xmlns="http://schemas.microsoft.com/powershell/2004/04"><S S="Error">_x001B_[31;1mGet-AzAccessToken: _x000A_</S><S S="Error">_x001B_[36;1mLine |_x000A_</S><S S="Error">_x001B_[36;1m  12 | _x001B_[0m $token = _x001B_[36;1mGet-AzAccessToken -ResourceUrl '<RESOURCE>._x001B_[0m …_x000A_</S><S S="Error">_x001B_[36;1m     | _x001B_[31;1m          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~_x000A_</S><S S="Error">_x001B_[31;1m_x001B_[36;1m     | _x001B_[31;1mSharedTokenCacheCredential authentication failed: AADSTS500011: The resource principal named <RESOURCE> was not found in the tenant named <TENANT>. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant._x000A_</S><S S="Error">Trace ID: 8f28f1c5-b01d-4523-abf2-fba6999a2100_x000A_</S><S S="Error">Correlation ID: 72c93312-60ad-4ca1-9593-f218d77cb2f7_x000A_</S><S S="Error">Timestamp: 2022-11-02 09:20:23Z_x001B_[0m_x000A_</S></Objs>

I guess that the PowerShell command itself uses SharedTokenCacheCredential under the hood.