Invalid Issuer when connecting to Azure Key Vault
I recently had to load a certificate from an Azure Key Vault and hit an error when retrieving via Visual Studio:
Status: 401 (Unauthorized)
This felt a bit strange as I had the relevant URL for the key vault, and permissions for it. I was using the DefaultCredentialProvider, which handles gathering the relevant credentials from a number of different sources, when working with Visual Studio, it takes the currently authenticated Azure user.
The problem arises from people with access to multiple Azure AD tenancies (which seems way to easy to collect). The library for accessing the Key Vault endpoint cannot decide which credentials to authenticate you with.
The solution is to tell the DefaultCredentialProvider which tenancy to use, and can be done with the Options object that you can pass in, something like this: