问题描述

使用JavaScript通过SDK进行monitor-query的client初始化时候，需要进行认证时报错AADSTS90002。

代码如下：

const credential = new DefaultAzureCredential();
const logsQueryClient = new LogsQueryClient(credential , {
    endpoint: "https://api.loganalytics.azure.cn/v1"   
    ,audience: "https://api.loganalytics.azure.cn/.default",
  });

截图如下：

报错如下：

2024-06-26 16:26:05 [error] AuthenticationError: EnvironmentCredential authentication failed. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.

Status code: 400More details:invalid_request: 90002 -

[2024-06-26 08:26:05Z]: AADSTS90002: Tenant 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' not found. Check to make sure you have the correct tenant ID and are signing into the correct cloud. Check with your subscription administrator, this may happen if there are no active subscriptions for the tenant.

Trace ID: xxxxxxxx-hgef-dre9-xxxx-xxxxxxxxxxxx

Correlation ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Timestamp: 2024-06-26 08:26:05Z -

Correlation ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -

Trace ID: xxxxxxxx-hgef-dre9-xxxx-xxxxxxxxxxxx

at (/code/node_modules/@azure/identity/dist/index.js:3673:49) at processTicksAndRejections (node:internal/process/task_queues:96:5)

at withSpan (/code/node_modules/@azure/core-tracing/dist/commonjs/tracingClient.js:36:28)

at (/code/node_modules/@azure/identity/dist/index.js:3340:29)

at withSpan (/code/node_modules/@azure/core-tracing/dist/commonjs/tracingClient.js:36:28)

at getToken (/code/node_modules/@azure/identity/dist/index.js:3330:27)

at tryGetAccessToken (/code/node_modules/@azure/core-rest-pipeline/dist/commonjs/util/tokenCycler.js:36:32)

at beginRefresh (/code/node_modules/@azure/core-rest-pipeline/dist/commonjs/util/tokenCycler.js:44:17)

at defaultAuthorizeRequest (/code/node_modules/@azure/core-rest-pipeline/dist/commonjs/policies/bearerTokenAuthenticationPolicy.js:21:25)

at sendRequest (/code/node_modules/@azure/core-rest-pipeline/dist/commonjs/policies/bearerTokenAuthenticationPolicy.js:72:13)

{

statusCode: 400,

errorResponse:

{

error: 'EnvironmentCredential authentication failed. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.',

errorDescription: "invalid_request: 90002 - [2024-06-26 08:26:05Z]: AADSTS90002: Tenant 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' not found. Check to make sure you have the correct tenant ID and are signing into the correct cloud. Check with your subscription administrator, this may happen if there are no active subscriptions for the tenant. Trace ID: xxxxxxxx-hgef-dre9-xxxx-xxxxxxxxxxxx Correlation ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Timestamp: 2024-06-26 08:26:05Z - Correlation ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - Trace ID: xxxxxxxx-hgef-dre9-xxxx-xxxxxxxxxxxx",

correlationId: undefined,

errorCodes: undefined,

timestamp: undefined,

traceId: undefined

}

}

问题解答

经过对JS SDK源码的分析，最后Azure Monitor团队找到了原因，是需要指定正确的Audience，正确的值为：audience: "https://api.loganalytics.azure.cn"。修改Audience后JS代码可以在中国区正常运行。

原代码

const logsQueryClient = new LogsQueryClient(credential , {
    endpoint: "https://api.loganalytics.azure.cn/v1"   
    ,audience: "https://api.loganalytics.azure.cn/.default",
  });

改为：

const logsQueryClient = new LogsQueryClient(credential , {
    endpoint: "https://api.loganalytics.azure.cn/v1"   
    ,audience: "https://api.loganalytics.azure.cn",
  });

当在复杂的环境中面临问题，格物之道需：浊而静之徐清，安以动之徐生。 云中，恰是如此!