Failed Azure Credential errors not displayed to user without Debug Logging #680
Description
MAPT currently fails to display critical Azure authentication errors to the user unless debug logging is explicitly enabled.
The output shows a generic success-like message (DEBU context initialized for mapt...) followed by a silent failure of DefaultAzureCredential due to an expired client secret (AADSTS7000222: The provided client secret keys for app '***' are expired.).
Impact: Users cannot diagnose the root cause of an apparent application failure without manually enabling verbose logging, leading to poor user experience and increased troubleshooting time.
Required Fix: MAPT should be updated to surface relevant, non-sensitive errors from the underlying Azure (like expired credentials or authorization failures) to the standard output or error stream, regardless of the debug log setting.
Example Log (Requires Debug Mode)
The following log snippet shows the critical error, which was only visible after enabling debug mode:
DEBU context initialized for mapt298473c3 DefaultAzureCredential: failed to acquire a token. Attempted credentials: ClientSecretCredential authentication failed. POST https://login.microsoftonline.com/***/oauth2/v2.0/token -------------------------------------------------------------------------------- RESPONSE 401: 401 Unauthorized -------------------------------------------------------------------------------- { "error": "invalid_client", "error_description": "AADSTS7000222: The provided client secret keys for app '***' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. Trace ID: 20d540d3-389e-4e97-aa72-42c53ac10700 Correlation ID: c704f263-d933-4b48-b46c-04a036f9d060 Timestamp: 2025-12-04 08:33:07Z", "error_codes": [ 7000222 ], "timestamp": "2025-12-04 08:33:07Z", "trace_id": "20d540d3-389e-4e97-aa72-42c53ac10700", "correlation_id": "c704f263-d933-4b48-b46c-04a036f9d060", "error_uri": "https://login.microsoftonline.com/error?code=7000222" } -------------------------------------------------------------------------------- To troubleshoot, visit https://aka.ms/azsdk/go/identity/troubleshoot#client-secret