Add troubleshooting aka link for ClientCertificateCredential (Azure#2…

…7825)
AzureSDKAutomation · Mar 31, 2022 · 7d9e5f4 · 7d9e5f4
1 parent b9f809a
commit 7d9e5f4
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 3 deletions.
diff --git a/sdk/identity/Azure.Identity/src/Credentials/ClientCertificateCredential.cs b/sdk/identity/Azure.Identity/src/Credentials/ClientCertificateCredential.cs
@@ -5,8 +5,6 @@
 using Azure.Core.Pipeline;
 using Microsoft.Identity.Client;
 using System;
-using System.Collections.Generic;
-using System.IO;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading;
 using System.Threading.Tasks;
@@ -20,6 +18,8 @@ namespace Azure.Identity
     /// </summary>
     public class ClientCertificateCredential : TokenCredential
     {
+        internal const string Troubleshooting = "See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/clientcertificatecredential/troubleshoot";
+
         /// <summary>
         /// Gets the Azure Active Directory tenant (directory) Id of the service principal
         /// </summary>
@@ -181,7 +181,7 @@ public override AccessToken GetToken(TokenRequestContext requestContext, Cancell
             }
             catch (Exception e)
             {
-                throw scope.FailWrapAndThrow(e);
+                throw scope.FailWrapAndThrow(e, Troubleshooting);
             }
         }
 

diff --git a/sdk/identity/Azure.Identity/tests/ClientCertificateCredentialTests.cs b/sdk/identity/Azure.Identity/tests/ClientCertificateCredentialTests.cs
@@ -86,6 +86,25 @@ public void VerifyBadCertificateFileBehavior()
             Assert.ThrowsAsync<CredentialUnavailableException>(async () => await unsupportedCertCredential.GetTokenAsync(tokenContext));
         }
 
+        public async Task ExceptionContainsTroubleshootingLink()
+        {
+            var response = new MockResponse(400);
+            response.SetContent($"{{ \"error_code\": \"InvalidSecret\", \"message\": \"The specified client_secret is incorrect\" }}");
+            var mockTransport = new MockTransport(response);
+            var options = new TokenCredentialOptions() { Transport = mockTransport };
+            var expectedTenantId = Guid.NewGuid().ToString();
+            var expectedClientId = Guid.NewGuid().ToString();
+            var certificatePath = Path.Combine(TestContext.CurrentContext.TestDirectory, "Data", "cert.pfx");
+            var certificatePathPem = Path.Combine(TestContext.CurrentContext.TestDirectory, "Data", "cert.pem");
+            var mockCert = new X509Certificate2(certificatePath);
+
+            ClientCertificateCredential credential = InstrumentClient(new ClientCertificateCredential(expectedTenantId, expectedClientId, mockCert, options));
+
+            var exception = Assert.ThrowsAsync<AuthenticationFailedException>(async () => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
+            Assert.That(exception.Message, Does.Contain(ClientCertificateCredential.Troubleshooting));
+            await Task.CompletedTask;
+        }
+
         [TestCase(true)]
         [TestCase(false)]
         public async Task VerifyClientCertificateRequestFailedAsync(bool usePemFile)