61 строка
30 KiB
YAML
61 строка
30 KiB
YAML
### YamlMime:JavaPackage
|
|
uid: "com.azure.identity"
|
|
fullName: "com.azure.identity"
|
|
name: "com.azure.identity"
|
|
summary: "The Azure Identity library provides [Microsoft Entra ID][] token authentication support across the [Azure SDK][].\n\n\n[Microsoft Entra ID]: https://learn.microsoft.com/entra/fundamentals/\n[Azure SDK]: https://learn.microsoft.com/azure/developer/java/sdk/"
|
|
classes:
|
|
- "com.azure.identity.AadCredentialBuilderBase"
|
|
- "com.azure.identity.AuthenticationRecord"
|
|
- "com.azure.identity.AuthenticationRequiredException"
|
|
- "com.azure.identity.AuthenticationUtil"
|
|
- "com.azure.identity.AuthorizationCodeCredential"
|
|
- "com.azure.identity.AuthorizationCodeCredentialBuilder"
|
|
- "com.azure.identity.AzureAuthorityHosts"
|
|
- "com.azure.identity.AzureCliCredential"
|
|
- "com.azure.identity.AzureCliCredentialBuilder"
|
|
- "com.azure.identity.AzureDeveloperCliCredential"
|
|
- "com.azure.identity.AzureDeveloperCliCredentialBuilder"
|
|
- "com.azure.identity.AzurePipelinesCredential"
|
|
- "com.azure.identity.AzurePipelinesCredentialBuilder"
|
|
- "com.azure.identity.AzurePowerShellCredential"
|
|
- "com.azure.identity.AzurePowerShellCredentialBuilder"
|
|
- "com.azure.identity.BrowserCustomizationOptions"
|
|
- "com.azure.identity.ChainedTokenCredential"
|
|
- "com.azure.identity.ChainedTokenCredentialBuilder"
|
|
- "com.azure.identity.ClientAssertionCredential"
|
|
- "com.azure.identity.ClientAssertionCredentialBuilder"
|
|
- "com.azure.identity.ClientCertificateCredential"
|
|
- "com.azure.identity.ClientCertificateCredentialBuilder"
|
|
- "com.azure.identity.ClientSecretCredential"
|
|
- "com.azure.identity.ClientSecretCredentialBuilder"
|
|
- "com.azure.identity.CredentialBuilderBase"
|
|
- "com.azure.identity.CredentialUnavailableException"
|
|
- "com.azure.identity.DefaultAzureCredential"
|
|
- "com.azure.identity.DefaultAzureCredentialBuilder"
|
|
- "com.azure.identity.DeviceCodeCredential"
|
|
- "com.azure.identity.DeviceCodeCredentialBuilder"
|
|
- "com.azure.identity.DeviceCodeInfo"
|
|
- "com.azure.identity.EnvironmentCredential"
|
|
- "com.azure.identity.EnvironmentCredentialBuilder"
|
|
- "com.azure.identity.IntelliJCredential"
|
|
- "com.azure.identity.IntelliJCredentialBuilder"
|
|
- "com.azure.identity.InteractiveBrowserCredential"
|
|
- "com.azure.identity.InteractiveBrowserCredentialBuilder"
|
|
- "com.azure.identity.ManagedIdentityCredential"
|
|
- "com.azure.identity.ManagedIdentityCredentialBuilder"
|
|
- "com.azure.identity.OnBehalfOfCredential"
|
|
- "com.azure.identity.OnBehalfOfCredentialBuilder"
|
|
- "com.azure.identity.SharedTokenCacheCredential"
|
|
- "com.azure.identity.SharedTokenCacheCredentialBuilder"
|
|
- "com.azure.identity.TokenCachePersistenceOptions"
|
|
- "com.azure.identity.UsernamePasswordCredential"
|
|
- "com.azure.identity.UsernamePasswordCredentialBuilder"
|
|
- "com.azure.identity.VisualStudioCodeCredential"
|
|
- "com.azure.identity.VisualStudioCodeCredentialBuilder"
|
|
- "com.azure.identity.WorkloadIdentityCredential"
|
|
- "com.azure.identity.WorkloadIdentityCredentialBuilder"
|
|
desc: "The Azure Identity library provides [Microsoft Entra ID][] token authentication support across the [Azure SDK][]. The library focuses on OAuth authentication with Microsoft Entra ID, and it offers various credential classes capable of acquiring a Microsoft Entra token to authenticate service requests. All the credential classes in this package are implementations of the TokenCredential interface offered by azure-core, and any of them can be used to construct service clients capable of authenticating with a TokenCredential.\n\n## Getting Started ##\n\nThe <xref uid=\"com.azure.identity.DefaultAzureCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.DefaultAzureCredential\"></xref> is appropriate for most scenarios where the application is intended to ultimately be run in Azure. This is because the <xref uid=\"com.azure.identity.DefaultAzureCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.DefaultAzureCredential\"></xref> combines credentials commonly used to authenticate when deployed, with credentials used to authenticate in a development environment.\n\n**Note:** This credential is intended to simplify getting started with the SDK by handling common scenarios with reasonable default behaviors. Developers who want more control or whose scenario isn't served by the default settings should use other credential types (detailed below). For more information refer to the [default azure credential conceptual documentation][].\n\n**Sample: Construct a simple DefaultAzureCredential**\n\nThe following code sample demonstrates the creation of a <xref uid=\"com.azure.identity.DefaultAzureCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.DefaultAzureCredential\"></xref>, using the <xref uid=\"com.azure.identity.DefaultAzureCredentialBuilder\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.DefaultAzureCredentialBuilder\"></xref> to configure it. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.\n\n```java\nTokenCredential defaultAzureCredential = new DefaultAzureCredentialBuilder().build();\n```\n\nFurther, it is recommended to read <xref uid=\"com.azure.identity.DefaultAzureCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"DefaultAzureCredential JavaDocs\"></xref> for more detailed information about the credential usage and the chain of credentials it runs underneath.\n\nThe <xref uid=\"com.azure.identity.DefaultAzureCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.DefaultAzureCredential\"></xref> works well in most of the scenarios as it executes a chain of credentials underneath which covers well known authentication scenarios for both Azure hosted platforms and development environment. But, in some scenarios where only a specific authentication mechanism will work, it is recommended to use that specific credential to authenticate. Let's take a look at the individual authentication scenarios and their respective credential use below.\n\n--------------------\n\n## Authenticate in Developer Environment ##\n\nAzure supports developer environment authentication via Azure CLI, Azure Powershell and Azure Tools for IntelliJ plugin in IntelliJ IDE. It involves interactively authenticating using user credentials locally on the developer machine. Once authenticated, the login information is persisted.\n\nThe Azure Identity library supports authenticating in developer environment via <xref uid=\"com.azure.identity.AzureCliCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.AzureCliCredential\"></xref>, <xref uid=\"com.azure.identity.AzurePowerShellCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.AzurePowerShellCredential\"></xref> and <xref uid=\"com.azure.identity.IntelliJCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.IntelliJCredential\"></xref>. These credentials offer a seamless authentication experience by utilizing the cached Azure Plugin login information from their respective IDE tool. For more information refer to the [developer environment authentication documentation][].\n\n**Sample: Construct AzureCliCredential**\n\nThe following code sample demonstrates the creation of a <xref uid=\"com.azure.identity.AzureCliCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.AzureCliCredential\"></xref>, using the <xref uid=\"com.azure.identity.AzureCliCredentialBuilder\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.AzureCliCredentialBuilder\"></xref> to configure it .Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.\n\n```java\nTokenCredential azureCliCredential = new AzureCliCredentialBuilder().build();\n```\n\nFurther, it is recommended to read <xref uid=\"com.azure.identity.AzureCliCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AzureCliCredential JavaDocs\"></xref> for more detailed information about the credential usage.\n\nFor other credentials that are compatible with developer tools authentication, refer to the table below.\n\n\n | Credential class | Usage |\n | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n | <xref uid=\"com.azure.identity.AzurePowerShellCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.AzurePowerShellCredential\"></xref> | This credential authenticates in a development environment with the logged in user or service principal in Azure PowerShell. It utilizes the account of the already logged in user on Azure Powershell to get an access token. If there's no user logged in locally on Azure Powershell, then it will not work. Further, it is recommended to read <xref uid=\"com.azure.identity.AzurePowerShellCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AzurePowerShellCredential JavaDocs\"></xref> for more information about the credential usage. |\n | <xref uid=\"com.azure.identity.IntelliJCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.IntelliJCredential\"></xref> | This credential authenticates in a development environment with the logged in user or service principal in Azure Toolkit for IntelliJ plugin on IntelliJ IDE. It utilizes the cached login information of the Azure Toolkit for IntelliJ plugin to seamlessly authenticate the application. If there's no user logged in locally on Azure Toolkit for IntelliJ in IntelliJ IDE, then it will not work. Further, it is recommended to read <xref uid=\"com.azure.identity.IntelliJCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"IntelliJCredential JavaDocs\"></xref> for more information about the credential usage. |\n\n\n--------------------\n\n## Authenticating on Azure Hosted Platforms via Managed Identity ##\n\n[Azure Managed Identity][] is a feature in [Microsoft Entra ID][] that provides a way for applications running on Azure to authenticate themselves with Azure resources without needing to manage or store any secrets like passwords or keys.\n\nThe <xref uid=\"com.azure.identity.ManagedIdentityCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ManagedIdentityCredential\"></xref> authenticates the configured managed identity (system or user assigned) of an Azure resource. So, if the application is running inside an Azure resource that supports Managed Identity through IDENTITY/MSI, IMDS endpoints, or both, then the <xref uid=\"com.azure.identity.ManagedIdentityCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ManagedIdentityCredential\"></xref> will get your application authenticated, and offers a great secretless authentication experience. For more information refer to the [managed identity authentication documentation][].\n\n**Sample: Construct a Managed Identity Credential**\n\nThe following code sample demonstrates the creation of a <xref uid=\"com.azure.identity.ManagedIdentityCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ManagedIdentityCredential\"></xref>, using the <xref uid=\"com.azure.identity.ManagedIdentityCredentialBuilder\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ManagedIdentityCredentialBuilder\"></xref> to configure it. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.\n\n```java\nTokenCredential managedIdentityCredential = new ManagedIdentityCredentialBuilder().build();\n```\n\nFurther, it is recommended to read <xref uid=\"com.azure.identity.ManagedIdentityCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"ManagedIdentityCredential JavaDocs\"></xref> for more detailed information about the credential usage and the Azure platforms it supports.\n\nFor other credentials that work well in Azure Hosted platforms, refer to the table below.\n\n\n | Credential class | Usage |\n | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n | <xref uid=\"com.azure.identity.EnvironmentCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.EnvironmentCredential\"></xref> | This credential authenticates a service principal or user via credential information specified in environment variables. The service principal authentication works well in Azure hosted platforms when Managed Identity is not available. Further, it is recommended to read <xref uid=\"com.azure.identity.EnvironmentCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"EnvironmentCredential JavaDocs\"></xref> for more information about the credential usage. |\n | <xref uid=\"com.azure.identity.ChainedTokenCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ChainedTokenCredential\"></xref> | This credential allows users to define custom authentication flows by chaining multiple credentials together. For example, the <xref uid=\"com.azure.identity.ManagedIdentityCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ManagedIdentityCredential\"></xref> and <xref uid=\"com.azure.identity.EnvironmentCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.EnvironmentCredential\"></xref> can be chained together to sequentially execute on Azure hosted platforms. The credential that first returns the token is used for authentication. Further, it is recommended to read <xref uid=\"com.azure.identity.ChainedTokenCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"ChainedTokenCredential JavaDocs\"></xref> for more information about the credential usage. |\n\n\n--------------------\n\n## Authenticate with Service Principals ##\n\nService Principal authentication is a type of authentication in Azure that enables a non-interactive login to [Microsoft Entra ID][], allowing an application or service to authenticate itself with Azure resources. A Service Principal is essentially an identity created for an application in Microsoft Entra ID that can be used to authenticate with Azure resources. It's like a \"user identity\" for the application or service, and it provides a way for the application to authenticate itself with Azure resources without needing to use a user's credentials. [Microsoft Entra ID][] allows users to register service principals which can be used as an identity for authentication. A client secret and/or a client certificate associated with the registered service principal is used as the password when authenticating the service principal.\n\nThe Azure Identity library supports both client secret and client certificate based service principal authentication via <xref uid=\"com.azure.identity.ClientSecretCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ClientSecretCredential\"></xref> and <xref uid=\"com.azure.identity.ClientCertificateCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ClientCertificateCredential\"></xref> respectively. For more information refer to the [service principal authentication documentation][].\n\n**Sample: Construct a ClientSecretCredential**\n\nThe following code sample demonstrates the creation of a <xref uid=\"com.azure.identity.ClientSecretCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ClientSecretCredential\"></xref>, using the <xref uid=\"com.azure.identity.ClientSecretCredentialBuilder\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ClientSecretCredentialBuilder\"></xref> to configure it. The `tenantId`, `clientId` and `clientSecret` parameters are required to create <xref uid=\"com.azure.identity.ClientSecretCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ClientSecretCredential\"></xref> .Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.\n\n```java\nTokenCredential clientSecretCredential = new ClientSecretCredentialBuilder().tenantId(tenantId)\n .clientId(clientId)\n .clientSecret(clientSecret)\n .build();\n```\n\nFurther, it is recommended to read <xref uid=\"com.azure.identity.ClientSecretCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"ClientSecretCredential JavaDocs\"></xref> for more detailed information about the credential usage.\n\nFor other credentials that are compatible with service principal authentication, refer to the table below.\n\n\n | Credential class | Usage |\n | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n | <xref uid=\"com.azure.identity.ClientAssertionCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ClientAssertionCredential\"></xref> | This credential authenticates a service principal using a signed client assertion. It allows clients to prove their identity to Microsoft Entra ID without requiring them to disclose their credentials (such as a username and password). Further, it is recommended to read <xref uid=\"com.azure.identity.ClientAssertionCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"ClientAssertionCredential JavaDocs\"></xref> for more information about the credential usage. |\n | <xref uid=\"com.azure.identity.ClientCertificateCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ClientCertificateCredential\"></xref> | This credential authenticates a service principal using a certificate. It doesn't require transmission of a client secret and mitigates the security related password storage and network transmission issues. Further, it is recommended to read <xref uid=\"com.azure.identity.ClientCertificateCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"ClientCertificateCredential JavaDocs\"></xref> for more information about the credential usage. |\n\n\n--------------------\n\n## Authenticate with User Credentials ##\n\nUser credential authentication is a type of authentication in Azure that involves a user providing their username and password to authenticate with Azure resources. In Azure, user credential authentication can be used to authenticate with [Microsoft Entra ID][].\n\nThe Azure Identity library supports user credentials based authentication via <xref uid=\"com.azure.identity.InteractiveBrowserCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.InteractiveBrowserCredential\"></xref>, <xref uid=\"com.azure.identity.DeviceCodeCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.DeviceCodeCredential\"></xref> and <xref uid=\"com.azure.identity.UsernamePasswordCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.UsernamePasswordCredential\"></xref>. For more information refer to the [user credential authentication documentation][].\n\n**Sample: Construct InteractiveBrowserCredential**\n\nThe following code sample demonstrates the creation of a <xref uid=\"com.azure.identity.InteractiveBrowserCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.InteractiveBrowserCredential\"></xref>, using the <xref uid=\"com.azure.identity.InteractiveBrowserCredentialBuilder\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.InteractiveBrowserCredentialBuilder\"></xref> to configure it .Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.\n\n```java\nTokenCredential interactiveBrowserCredential = new InteractiveBrowserCredentialBuilder().redirectUrl(\n \"http://localhost:8765\").build();\n```\n\nFurther, it is recommended to read <xref uid=\"com.azure.identity.InteractiveBrowserCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"InteractiveBrowserCredential JavaDocs\"></xref> for more information about the credential usage.\n\nFor other credentials that are compatible with user credentials based authentication, refer to the table below.\n\n\n | Credential class | Usage |\n | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n | <xref uid=\"com.azure.identity.DeviceCodeCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.DeviceCodeCredential\"></xref> | This credential interactively authenticates a user on devices with limited UI. It prompts users to open an authentication URL with a device code on a UI enabled device and requires them to interactively authenticate there. Once authenticated, the original device requesting authentication gets authenticated and receives the access token. Further, it is recommended to read <xref uid=\"com.azure.identity.DeviceCodeCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"DeviceCodeCredential JavaDocs\"></xref> for more information about the credential usage. |\n | <xref uid=\"com.azure.identity.AuthorizationCodeCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.AuthorizationCodeCredential\"></xref> | This credential authenticates a user with a previously obtained authorization code as part of an Oauth 2 flow. This is applicable for applications which control the logic of interactive user authentication to fetch an authorization code first. Once the application has received the authorization code, it can then configure it on this credential and use it to get an access token. Further, it is recommended to read <xref uid=\"com.azure.identity.AuthorizationCodeCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AuthorizationCodeCredential JavaDocs\"></xref> for more information about the credential usage. |\n | <xref uid=\"com.azure.identity.UsernamePasswordCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.UsernamePasswordCredential\"></xref> | This credential authenticates a user with a username and password without multi-factored auth. This credential can be used on developer environment for user principals which do not require 2FA/MFA (multi-facotred) authentication. Further, it is recommended to read <xref uid=\"com.azure.identity.UsernamePasswordCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"UsernamePasswordCredential JavaDocs\"></xref> for more information about the credential usage. |\n\n\n\n[Microsoft Entra ID]: https://learn.microsoft.com/entra/fundamentals/\n[Azure SDK]: https://learn.microsoft.com/azure/developer/java/sdk/\n[default azure credential conceptual documentation]: https://aka.ms/azsdk/java/identity/defaultazurecredential/docs\n[developer environment authentication documentation]: https://aka.ms/azsdk/java/identity/developerenvironment/docs\n[Azure Managed Identity]: https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/\n[managed identity authentication documentation]: https://aka.ms/azsdk/java/identity/managedidentity/docs\n[service principal authentication documentation]: https://aka.ms/azsdk/java/identity/serviceprincipal/docs\n[user credential authentication documentation]: https://aka.ms/azsdk/java/identity/usercredential/docs"
|
|
metadata: {}
|
|
package: "com.azure.identity"
|
|
artifact: com.azure:azure-identity:1.14.1
|