[QUERY] Identify token source for DefaultAzureCredential

[luckerby]

When calling one of the methods to obtain a token against a DefaultAzureCredential instance, multiple credential types will be tried, in order, as specified here. Once a token is obtained - from one of the credentials that were cycled through - is there a way to find out which type of credential "won"?

An example: suppose when calling DefaultAzureCrendetial's GetTokenAsync method, it's the SharedTokenCacheCredential that is able to retrieve one such token. Would one be able to determine that it was indeed a SharedTokenCacheCredential that generated that token (eg either by looking at the DefaultAzureCrendetial object, or on the resulting Azure.Core.AccessToken result?

I had a look at the code, and also debugged a bit, but wasn't able to come up with anything useful. I briefly thought about catching the exceptions that each credential might generate when GetToken/GetTokenAsync isn't successful, but it appears those are not surfaced to the user's calling code.

There's an SO thread here that asks a similar question, albeit for Python. It appears that there doesn't seem to be a solution there as well, aside from building a wrapper yourself using each type of credential.

[jsquire]

Thank you for your feedback. Tagging and routing to the team best able to assist. Please be aware that due to the holidays, responses may be delayed.

[jongio]

Related: #8948

See that issue for a workaround with AzureEventSourceListener

[christothes]

Will track this in the linked #8948