Add timeout for GetTokenAsync

PowerShell · adityapatwardhan · Jun 17, 2025 · Jun 13, 2025 · Jun 13, 2025 · Jun 13, 2025
commit ed3218169ba3f14022c7cc10ffbee7eb493bcc27
@@ -394,6 +394,10 @@ internal string GetContainerRegistryAccessToken(out ErrorRecord errRecord)
             else
             {
                 bool isRepositoryUnauthenticated = IsContainerRegistryUnauthenticated(Repository.Uri.ToString(), out errRecord, out accessToken);
+                _cmdletPassedIn.WriteDebug($"Is repository unauthenticated: {isRepositoryUnauthenticated}");
+                _cmdletPassedIn.WriteDebug($"Access token: {accessToken}");
+                _cmdletPassedIn.WriteDebug($"Error Record: {errRecord}");
+
                 if (errRecord != null)
                 {
                     return null;
@@ -407,7 +411,7 @@ internal string GetContainerRegistryAccessToken(out ErrorRecord errRecord)
 
                 if (!isRepositoryUnauthenticated)
                 {
-                    accessToken = Utils.GetAzAccessToken();
+                    accessToken = Utils.GetAzAccessToken(_cmdletPassedIn);
                     if (string.IsNullOrEmpty(accessToken))
                     {
                         errRecord = new ErrorRecord(
@@ -488,6 +492,8 @@ internal bool IsContainerRegistryUnauthenticated(string containerRegistyUrl, out
                                 // get the anonymous access token
                                 var url = $"{realm}?service={service}{defaultScope}";
 
+                                _cmdletPassedIn.WriteDebug($"Getting anonymous access token from the realm: {url}");
+
                                 // we dont check the errorrecord here because we want to return false if we get a 401 and not throw an error
                                 var results = GetHttpResponseJObjectUsingContentHeaders(url, HttpMethod.Get, content, contentHeaders, out _);
 

@@ -650,25 +650,44 @@ public static PSCredential GetRepositoryCredentialFromSecretManagement(
             }
         }
 
-        public static string GetAzAccessToken()
+        public static string GetAzAccessToken(PSCmdlet cmdletPassedIn)
         {
+            cmdletPassedIn.WriteVerbose("Getting Azure access token using DefaultAzureCredential");
+
             var credOptions = new DefaultAzureCredentialOptions
             {
-                ExcludeEnvironmentCredential = true,
-                ExcludeVisualStudioCodeCredential = true,
-                ExcludeVisualStudioCredential = true,
-                ExcludeWorkloadIdentityCredential = true,
-                ExcludeManagedIdentityCredential = true, // ManagedIdentityCredential makes the experience slow
-                ExcludeSharedTokenCacheCredential = true, // SharedTokenCacheCredential is not supported on macOS
-                ExcludeAzureCliCredential = false,
-                ExcludeAzurePowerShellCredential = false,
-                ExcludeInteractiveBrowserCredential = false
+            ExcludeEnvironmentCredential = true,
+            ExcludeVisualStudioCodeCredential = true,
+            ExcludeVisualStudioCredential = true,
+            ExcludeWorkloadIdentityCredential = true,
+            ExcludeManagedIdentityCredential = true, // ManagedIdentityCredential makes the experience slow
+            ExcludeSharedTokenCacheCredential = true, // SharedTokenCacheCredential is not supported on macOS
+            ExcludeAzureCliCredential = false,
+            ExcludeAzurePowerShellCredential = false,
+            ExcludeInteractiveBrowserCredential = false
             };
 
             var dCred = new DefaultAzureCredential(credOptions);
             var tokenRequestContext = new TokenRequestContext(new string[] { "https://management.azure.com/.default" });
-            var token = dCred.GetTokenAsync(tokenRequestContext).Result;
-            return token.Token;
+
+            try
+            {
+                using (var cts = new CancellationTokenSource(TimeSpan.FromSeconds(30)))
+                {
+                    var token = dCred.GetTokenAsync(tokenRequestContext, cts.Token).GetAwaiter().GetResult();
+                    return token.Token;
+                }
+            }
+            catch (OperationCanceledException)
+            {
+                cmdletPassedIn.WriteWarning("Timeout occurred while acquiring Azure access token.");
+                throw;
+            }
+            catch (Exception ex)
+            {
+                cmdletPassedIn.WriteWarning($"Failed to acquire Azure access token: {ex.Message}");
+                throw;
+            }
         }
 
         public static string GetContainerRegistryAccessTokenFromSecretManagement(