Redis MI Authentication failed : Token request/renewal failed! Identity provider request failed! - Java Spring + Azure

Question

Redis MI Authentication failed : Token request/renewal failed! Identity provider request failed! - Java Spring + Azure

Opened this issue 3 months ago · 3 comments

// Java code - systemAssignedManagedIdentity
TokenAuthConfig authConfig = EntraIDTokenAuthConfigBuilder.builder().systemAssignedManagedIdentity().build();

// Java code - userAssignedManagedIdentity
TokenAuthConfig authConfig = EntraIDTokenAuthConfigBuilder.builder().userAssignedManagedIdentity(UserManagedIdentityType.CLIENT_ID,"<ID>" ).build();
// we tried both systemAssignedManagedIdentity and userAssignedManagedIdentity but it fails at below line.

//This is where the code crashes with failure to activate AuthXManager.

  ```
  UnifiedJedis jedis2 = new UnifiedJedis(
            new HostAndPort(REDIS_HOST, REDIS_PORT),
            config
        );

// Error

**Caused by: redis.clients.authentication.core.TokenRequestException: Token request/renewal failed! Identity provider request failed!Failed to acquire token!**

// pom configuration

com.azure azure-identity 1.15.0 redis.clients.authentication redis-authx-entraid 0.1.1-beta1 redis.clients jedis 6.1.0 ```

Answer 1 · 2025-08-13T12:35:22.000Z

Hello @ChavanVikram

Thanks for submitting the bug report. To troubleshoot the issue, please try to use DefaultAzureCredential directly
https://learn.microsoft.com/en-us/java/api/com.azure.identity.defaultazurecredential?view=azure-java-stable

with the code like

package org.example;
import com.azure.core.credential.TokenRequestContext;
import com.azure.identity.DefaultAzureCredential;
import com.azure.identity.DefaultAzureCredentialBuilder;

import java.util.*;

public class Main {

    public static void main(String[] args) {
        DefaultAzureCredential dacWithUserAssignedManagedIdentity =
                new DefaultAzureCredentialBuilder()
                        .managedIdentityClientId("<Managed-Identity-Client-Id>")
                        .build();

        Set<String> scopes = new HashSet<String>(List.of("https://redis.azure.com/.default"));
        TokenRequestContext ctx = new TokenRequestContext().setScopes(new ArrayList<String>(scopes));

        try {
            dacWithUserAssignedManagedIdentity.getTokenSync(ctx);
        } catch (Exception e) {
            // Follow the troubleshooting guide to resolve the error 
            // https://aka.ms/azure-identity-java-default-azure-credential-troubleshoot
            System.out.println(e.getMessage());
        }
    }
}

Once you get the specific exception, you can use https://aka.ms/azure-identity-java-default-azure-credential-troubleshoot to troubleshoot your problem.

Answer 2 · 2025-08-15T20:23:53.000Z

Hello @ChavanVikram

Thanks for submitting the bug report. To troubleshoot the issue, please try to use DefaultAzureCredential directly https://learn.microsoft.com/en-us/java/api/com.azure.identity.defaultazurecredential?view=azure-java-stable

with the code like

package org.example;
import com.azure.core.credential.TokenRequestContext;
import com.azure.identity.DefaultAzureCredential;
import com.azure.identity.DefaultAzureCredentialBuilder;

import java.util.*;

public class Main {
public static void main(String[] args) {
    DefaultAzureCredential dacWithUserAssignedManagedIdentity =
            new DefaultAzureCredentialBuilder()
                    .managedIdentityClientId("<Managed-Identity-Client-Id>")
                    .build();

    Set<String> scopes = new HashSet<String>(List.of("https://redis.azure.com/.default"));
    TokenRequestContext ctx = new TokenRequestContext().setScopes(new ArrayList<String>(scopes));

    try {
        dacWithUserAssignedManagedIdentity.getTokenSync(ctx);
    } catch (Exception e) {
        // Follow the troubleshooting guide to resolve the error 
        // https://aka.ms/azure-identity-java-default-azure-credential-troubleshoot
        System.out.println(e.getMessage());
    }
}
}
Once you get the specific exception, you can use https://aka.ms/azure-identity-java-default-azure-credential-troubleshoot to troubleshoot your problem.

Thanks for your response.
We’re able to establish a successful connection, but the authentication token does not refresh automatically after it expires. We’re seeking a solution that eliminates the need for manual token refresh.

Answer 3 · 2025-09-15T06:48:15.000Z

hi @ChavanVikram,

thank you for your patience.

Checking the implementation, i see you can find more details of actual error in your logs, here it is logged with message "Request to identity provider failed with message:"

With the level of information i have, its hard to anticipate but from your sample code,, looks like scope is not configured with EntraIDTokenAuthConfigBuilder, you can check other configuration suggested here .
Also library has a AzureTokenAuthConfigBuilder where you can use it exact the same way suggested above;

TokenAuthConfig authConfig = AzureTokenAuthConfigBuilder.builder()
                   .defaultAzureCredential(yourCredential).build();

you can set scopes, timeout and etc. on AzureTokenAuthConfigBuilder as well in the same way with EntraIDTokenAuthConfigBuilder. Please check default values on java docs and configure as you need for both config builders.

One more thing; for sure you are right to expect more informational message or directions from the exception itself. We will improve the way exceptions handled and may be expose the identity provider exception directly.

Hope this helps.