@azure/identity throw environmental credetials exception on constructor

sdk/identity/identity/src/credentials/azureApplicationCredential.ts

@@ -8,6 +8,31 @@ import {
 
 import type { AzureApplicationCredentialOptions } from "./azureApplicationCredentialOptions.js";
 import { ChainedTokenCredential } from "./chainedTokenCredential.js";
+import { credentialLogger } from "../util/logging.js";
+import { TokenCredential } from "@azure/core-auth";
+
+const logger = credentialLogger("AzureApplicationCredential");
+
+/**
+ * A no-op credential that logs the reason it was skipped if getToken is called.
+ * @internal
+ */
+export class UnavailableAzureApplicationCredential implements TokenCredential {
+  credentialUnavailableErrorMessage: string;
+  credentialName: string;
+
+  constructor(credentialName: string, message: string) {
+    this.credentialName = credentialName;
+    this.credentialUnavailableErrorMessage = message;
+  }
+
+  getToken(): Promise<null> {
+    logger.getToken.info(
+      `Skipping ${this.credentialName}, reason: ${this.credentialUnavailableErrorMessage}`,
+    );
+    return Promise.resolve(null);
+  }
+}
 
 /**
  * Provides a default {@link ChainedTokenCredential} configuration that should
@@ -33,6 +58,17 @@ export class AzureApplicationCredential extends ChainedTokenCredential {
       createEnvironmentCredential,
       createDefaultManagedIdentityCredential,
     ];
-    super(...credentialFunctions.map((createCredentialFn) => createCredentialFn(options)));
+
+    const credentials: TokenCredential[] = credentialFunctions.map((createCredentialFn) => {
+      try {
+        return createCredentialFn(options);
+      } catch (err: any) {
+        logger.warning(
+          `Skipped ${createCredentialFn.name} because of an error creating the credential: ${err}`,
+        );
+        return new UnavailableAzureApplicationCredential(createCredentialFn.name, err.message);
+      }
+    });
+    super(...credentials);
   }
 }

sdk/identity/identity/src/credentials/environmentCredential.ts

@@ -138,7 +138,12 @@ export class EnvironmentCredential implements TokenCredential {
         password,
         newOptions,
       );
+      return;
     }
+
+    throw new CredentialUnavailableError(
+      `${credentialName} is unavailable. No underlying credential could be used. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`,
+    );
   }
 
   /**

sdk/identity/identity/test/public/node/environmentCredential.spec.ts

@@ -50,6 +50,18 @@ describe("EnvironmentCredential", function () {
 
   const scope = "https://vault.azure.net/.default";
 
+  it("throws an CredentialUnavailable without required environment variables", () => {
+    let error: Error | undefined;
+    try {
+      new EnvironmentCredential(recorder.configureClientOptions({}));
+    }
+    catch (e: any) {
+      error = e;
+    }
+
+    assert.equal(error?.name, "CredentialUnavailableError");
+  });
+
   it("authenticates with a client secret on the environment variables", async function () {
     // The following environment variables must be set for this to work.
     // On TEST_MODE="playback", the recorder automatically fills them with stubbed values.
@@ -170,17 +182,6 @@ describe("EnvironmentCredential", function () {
     }).toSupportTracing(["EnvironmentCredential.getToken"]);
   });
 
-  it("throws an CredentialUnavailable when getToken is called and no credential was configured", async () => {
-    const credential = new EnvironmentCredential(recorder.configureClientOptions({}));
-    const error = await getError(credential.getToken(scope));
-    assert.equal(error.name, "CredentialUnavailableError");
-    assert.ok(
-      error.message.indexOf(
-        "EnvironmentCredential is unavailable. No underlying credential could be used.",
-      ) > -1,
-    );
-  });
-
   it("throws an AuthenticationError when getToken is called and EnvironmentCredential authentication failed", async () => {
     process.env.AZURE_TENANT_ID = "tenant";
     process.env.AZURE_CLIENT_ID = "client";