[BUG] Authentication Regression in Azure MCP Versions 0.6.x - 0.8.x: Falls Back to Interactive Browser Instead of Using Azure CLI Credentials

[SachinDangui]

Related to #710 - This is a more general case of the InteractiveBrowserCredential issue, affecting Claude Desktop and other headless
Linux environments, not just Docker.

Environment

• OS: Linux (Manjaro)
• Azure MCP Version: 0.8.6 (tested), 0.6.x-0.8.x affected
• Working Version: 0.5.8
• Client: Claude Desktop
• Azure CLI Version: Working and authenticated (az login successful)
• Environment: Headless (no X11 display server)

Description

Starting from version 0.6.x, Azure MCP server fails to use Azure CLI credentials and falls back to Interactive Browser authentication,
which fails in headless Linux environments with the error "No X display available."

Version 0.5.8 correctly uses Azure CLI credentials without attempting browser authentication.

Steps to Reproduce

1. Install Azure MCP 0.8.6:
   npm install -g @azure/mcp@0.8.6
2. Ensure Azure CLI is authenticated:
   az login
   az account show # Verify authentication works
3. Configure Claude Desktop (or any MCP client) in ~/.config/Claude/claude_desktop_config.json:
   {
   "mcpServers": {
   "azure": {
   "command": "/path/to/node",
   "args": [
   "/path/to/@azure/mcp/index.js",
   "server",
   "start",
   "--transport",
   "stdio"
   ],
   "env": {
   "HOME": "/home/username",
   "PATH": "/usr/local/bin:/usr/bin:/bin:/home/username/bin",
   "AZURE_SUBSCRIPTION_ID": "your-subscription-id",
   "AZURE_TENANT_ID": "your-tenant-id",
   "AZURE_AUTHORITY_HOST": "https://login.microsoftonline.com"
   }
   }
   }
   }
4. Start Claude Desktop and try to use any Azure MCP tool (e.g., subscription_list)

Expected Behavior

Azure MCP server should use the Azure CLI credential from the authentication chain and successfully authenticate without user
interaction.

Actual Behavior

1. Server attempts interactive browser authentication
2. Opens a browser authentication window (or attempts to)
3. In headless environments, outputs "No X display available. Running in headless mode." to stdout
4. This corrupts the JSON-RPC protocol, causing parsing errors:
   SyntaxError: Unexpected token 'N', "No X displ"... is not valid JSON
5. Request times out after 4 minutes with error: MCP error -32001: Request timed out

Logs

From ~/.config/Claude/logs/mcp-server-azure.log:
2025-10-11T08:20:22.559Z [azure] [info] Message from client:
{"method":"tools/call","params":{"name":"subscription_list","arguments":{"intent":"list all subscriptions"}},"jsonrpc":"2.0","id":4}
2025-10-11T08:20:22.603Z [azure] [error] Unexpected token 'N', "No X displ"... is not valid JSON
at JSON.parse ()

Root Cause Analysis

The Azure Identity library's credential chain appears to be failing at the Azure CLI Credential step and falling back to Interactive
Browser Credential:

1. Environment Credential
2. Visual Studio Credential
3. Azure CLI Credential ← Failing here in 0.6.x-0.8.x
4. Azure PowerShell Credential
5. Interactive Browser Credential ← Falls back to this

Workaround

Downgrade to version 0.5.8:
npm uninstall -g @azure/mcp
npm install -g @azure/mcp@0.5.8

Version 0.5.8 correctly uses Azure CLI credentials without browser fallback.

Additional Context

• Python test using AzureCliCredential from @azure/identity works correctly (gets token successfully)
• The az CLI command is in PATH and accessible
• Azure CLI authentication is valid and not expired
• This is a regression - the behavior changed between 0.5.8 and 0.6.x

Impact

• Breaks Azure MCP functionality in headless Linux environments (CI/CD, servers, WSL)
• Forces users to downgrade to 0.5.8
• Affects any environment without X11/Wayland display server

Related Issues

• [BUG] Docker run fails. Throws InteractiveBrowserCredential in docker #710 - Similar issue in Docker environments with InteractiveBrowserCredential
• Puppeteer MCP fails to launch Chromium in Ubuntu (WSL) due to sandbox/X display issues modelcontextprotocol/servers#819 - Similar pattern in other MCP servers

Related Information

• Azure MCP Server: https://github.com/microsoft/mcp/tree/main/servers/Azure.Mcp.Server
• Azure MCP Authentication Docs: https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/get-started

[joshfree]

Thank you for sharing this issue, @SachinDangui! @g2vinay please take a look for October

[alzimmermsft]

Can confirm this is still occurring as this popped up in one of our CI runs

[xUnit.net 00:00:47.93] Azure.Mcp.Core.LiveTests.Areas.Server.ServerCommandTests.ConsolidatedProxyMode_WithNamespaceFilter_LoadsFilteredConsolidatedTools [FAIL]
[xUnit.net 00:00:47.93] Azure.Identity.AuthenticationFailedException : The ChainedTokenCredential failed due to an unhandled exception: InteractiveBrowserCredential authentication failed: Persistence check failed. Reason: An exception was encountered while processing libsecret error information during saving in the Storage. Error code: 0. OS error code 0.
[xUnit.net 00:00:47.93] ---- Azure.Identity.AuthenticationFailedException : InteractiveBrowserCredential authentication failed: Persistence check failed. Reason: An exception was encountered while processing libsecret error information during saving in the Storage. Error code: 0. OS error code 0.
[xUnit.net 00:00:47.93] -------- Microsoft.Identity.Client.Extensions.Msal.MsalCachePersistenceException : Persistence check failed. Reason: An exception was encountered while processing libsecret error information during saving in the Storage. Error code: 0. OS error code 0.
[xUnit.net 00:00:47.93] ------------ Microsoft.Identity.Extensions.InteropException : An exception was encountered while processing libsecret error information during saving in the Storage. Error code: 0
[xUnit.net 00:00:47.93] ---------------- Microsoft.Identity.Extensions.InteropException : An error was encountered while saving secret to keyring in the Storage domain:'137' code:'0' message:'Cannot autolaunch D-Bus without X11 $DISPLAY' .Error code: 0

[g2vinay]

I have tested in these 3 headless linux environments

1. Ubuntu 24.04 Linux VM
2. WSL Ubuntu
3. Azure Cloud Shell

All these 3 environments succeeded to authenticate with Azure CLI auth in Azure MCP Server below.
Tried various versions including 0.8.0, 0.6.0, 0.8.6, latest.

npx -y @azure/mcp@0.8.6 subscription list
No X display available. Running in headless mode.
{
  "status": 200,
  "message": "Success",
  "results": {
    "subscriptions": [
      { ...

Regarding the Exception of Interactive Browser Credential, we should ideally skip interactive auth in headless env.
fixing that here
#947

[g2vinay]

Can confirm this is still occurring as this popped up in one of our CI runs

[xUnit.net 00:00:47.93] Azure.Mcp.Core.LiveTests.Areas.Server.ServerCommandTests.ConsolidatedProxyMode_WithNamespaceFilter_LoadsFilteredConsolidatedTools [FAIL] [xUnit.net 00:00:47.93] Azure.Identity.AuthenticationFailedException : The ChainedTokenCredential failed due to an unhandled exception: InteractiveBrowserCredential authentication failed: Persistence check failed. Reason: An exception was encountered while processing libsecret error information during saving in the Storage. Error code: 0. OS error code 0. [xUnit.net 00:00:47.93] ---- Azure.Identity.AuthenticationFailedException : InteractiveBrowserCredential authentication failed: Persistence check failed. Reason: An exception was encountered while processing libsecret error information during saving in the Storage. Error code: 0. OS error code 0. [xUnit.net 00:00:47.93] -------- Microsoft.Identity.Client.Extensions.Msal.MsalCachePersistenceException : Persistence check failed. Reason: An exception was encountered while processing libsecret error information during saving in the Storage. Error code: 0. OS error code 0. [xUnit.net 00:00:47.93] ------------ Microsoft.Identity.Extensions.InteropException : An exception was encountered while processing libsecret error information during saving in the Storage. Error code: 0 [xUnit.net 00:00:47.93] ---------------- Microsoft.Identity.Extensions.InteropException : An error was encountered while saving secret to keyring in the Storage domain:'137' code:'0' message:'Cannot autolaunch D-Bus without X11 $DISPLAY' .Error code: 0

Can you point me to the CI ?
Is that something that shows up consistently there ?