From 27fb2d9696f572d62762eeb3b52a00945d813347 Mon Sep 17 00:00:00 2001
From: Scott Addie <10702007+scottaddie@users.noreply.github.com>
Date: Mon, 16 Oct 2023 10:05:26 -0500
Subject: [PATCH] Replace AAD references in Azure Identity libraries (#27408)
Replace Azure AD references in Markdown files and code comments with
Microsoft Entra ID, per the guidance at
https://learn.microsoft.com/azure/active-directory/fundamentals/how-to-rename-azure-ad.
---
.vscode/cspell.json | 8 +++
documentation/using-azure-identity.md | 67 +++++++++----------
.../identity-cache-persistence/README.md | 2 +-
.../samples-dev/extension.ts | 4 +-
sdk/identity/identity-vscode/README.md | 2 +-
.../identity-vscode/samples-dev/extension.ts | 2 +-
.../identity-vscode/samples-dev/nodeEnv.ts | 2 +-
sdk/identity/identity/CHANGELOG.md | 6 +-
sdk/identity/identity/README.md | 28 ++++----
sdk/identity/identity/TOKEN_CACHING.md | 14 ++--
sdk/identity/identity/TROUBLESHOOTING.md | 20 +++---
.../interactive-browser-credential.md | 10 +--
sdk/identity/identity/migration-v1-v2.md | 2 +-
.../samples-dev/clientSecretCredential.ts | 4 +-
.../samples-dev/environmentCredential.ts | 4 +-
.../interactiveBrowserCedential.ts | 4 +-
.../samples/AzureCacheForRedis/ioredis.md | 56 ++++++++--------
.../samples/AzureCacheForRedis/node-redis.md | 54 +++++++--------
.../identity/samples/AzureIdentityExamples.md | 46 ++++++-------
.../identity/samples/v2/javascript/README.md | 2 +-
.../v2/javascript/clientSecretCredential.js | 4 +-
.../v2/javascript/environmentCredential.js | 4 +-
.../identity/samples/v2/typescript/README.md | 2 +-
.../typescript/src/clientSecretCredential.ts | 4 +-
.../typescript/src/environmentCredential.ts | 4 +-
.../samples/v3-beta/javascript/README.md | 2 +-
.../javascript/clientSecretCredential.js | 4 +-
.../javascript/environmentCredential.js | 4 +-
.../samples/v3-beta/typescript/README.md | 2 +-
.../typescript/src/clientSecretCredential.ts | 4 +-
.../typescript/src/environmentCredential.ts | 4 +-
.../identity/samples/v3/javascript/README.md | 2 +-
.../v3/javascript/clientSecretCredential.js | 4 +-
.../v3/javascript/environmentCredential.js | 4 +-
.../identity/samples/v3/typescript/README.md | 2 +-
.../typescript/src/clientSecretCredential.ts | 4 +-
.../typescript/src/environmentCredential.ts | 4 +-
.../credentials/authorityValidationOptions.ts | 2 +-
.../authorizationCodeCredential.ts | 16 ++---
.../src/credentials/azureCliCredential.ts | 2 +-
.../azureDeveloperCliCredential.ts | 8 +--
.../credentials/azurePowerShellCredential.ts | 2 +-
.../credentials/clientAssertionCredential.ts | 6 +-
.../clientCertificateCredential.browser.ts | 2 +-
.../clientCertificateCredential.ts | 16 ++---
.../clientSecretCredential.browser.ts | 8 +--
.../src/credentials/clientSecretCredential.ts | 10 +--
.../deviceCodeCredential.browser.ts | 2 +-
.../src/credentials/deviceCodeCredential.ts | 8 +--
.../deviceCodeCredentialOptions.ts | 2 +-
.../environmentCredential.browser.ts | 2 +-
.../src/credentials/environmentCredential.ts | 6 +-
.../environmentCredentialOptions.ts | 2 +-
.../interactiveBrowserCredential.browser.ts | 10 +--
.../interactiveBrowserCredential.ts | 12 ++--
.../interactiveBrowserCredentialOptions.ts | 4 +-
.../managedIdentityCredential/index.ts | 2 +-
.../onBehalfOfCredential.browser.ts | 2 +-
.../src/credentials/onBehalfOfCredential.ts | 8 +--
.../onBehalfOfCredentialOptions.ts | 4 +-
.../usernamePasswordCredential.browser.ts | 8 +--
.../credentials/usernamePasswordCredential.ts | 8 +--
.../workloadIdentityCredential.browser.ts | 4 +-
.../credentials/workloadIdentityCredential.ts | 10 +--
.../workloadIdentityCredentialOptions.ts | 4 +-
.../identity/src/tokenCredentialOptions.ts | 2 +-
.../authorization-code-credential/README.md | 6 +-
.../authorizationCodeSample.ts | 6 +-
.../interactive-browser-credential/README.md | 18 ++---
69 files changed, 301 insertions(+), 296 deletions(-)
diff --git a/.vscode/cspell.json b/.vscode/cspell.json
index 8d779dd36b3..23ec4d39c6d 100644
--- a/.vscode/cspell.json
+++ b/.vscode/cspell.json
@@ -68,6 +68,7 @@
"eastus",
"ECONNRESET",
"Eloqua",
+ "entra",
"Esdni",
"ESDNI",
"etags",
@@ -317,6 +318,13 @@
"Dicom"
]
},
+ {
+ "filename": "sdk/identity/**/*.md",
+ "words": [
+ "MSAL",
+ "PKCE"
+ ]
+ },
{
"filename": "sdk/iot/iot-modelsrepository/review/**/*.md",
"words": [
diff --git a/documentation/using-azure-identity.md b/documentation/using-azure-identity.md
index 7d69bfa2f38..7f9f0c094e8 100644
--- a/documentation/using-azure-identity.md
+++ b/documentation/using-azure-identity.md
@@ -1,10 +1,8 @@
-# Using @azure/identity with the Microsoft Identity Platform (AAD v2)
+# Using @azure/identity with Microsoft Entra ID
This document intends to demystify the configuration and use of [Microsoft
-identity
-platform](https://docs.microsoft.com/azure/active-directory/develop/),
-also known as Azure Active Directory v2, with the Azure SDK libraries.
-Microsoft identity platform implements the [OAuth 2.0 and OpenID Connect
+Entra ID](https://learn.microsoft.com/azure/active-directory/develop/) with the Azure SDK libraries.
+Microsoft Entra ID implements the [OAuth 2.0 and OpenID Connect
standards](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols)
to provide authentication for users and services who may be granted access to
Azure services.
@@ -19,19 +17,18 @@ Azure services.
## Getting Started
-Any application that must support authentication through Microsoft identity
-platform needs two things: a tenant and an app registration created for that
+Any application that must support authentication through Microsoft Entra ID needs two things: a tenant and an app registration created for that
tenant.
-A "tenant" is basically instance of Azure Active Directory associated with your
-Azure account. You can follow the instructions on [this quick start guide for
+A "tenant" is basically instance of Microsoft Entra ID associated with your
+Azure account. You can follow the instructions on [this quickstart guide for
setting up a
-tenant](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
-to check if you have AAD tenant already or, if not, create one.
+tenant](https://learn.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
+to check if you have a Microsoft Entra tenant already or, if not, create one.
Once you have a tenant, you can create an app registration by following [this
quickstart guide for app
-registrations](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app).
+registrations](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app).
Your app registration holds the configuration for how your application will
authenticate users and services, so it's very important to it set up correctly
before using any of the credential types below. The section on each credential
@@ -43,11 +40,11 @@ One decision you will need to make up front when registering your app is whether
it will be single or multi-tenant, and more importantly, if the multi-tenant app
registration also supports personal Microsoft accounts. The primary deciding
factor is whether your application will be used only by users and services
-inside of your AAD tenant or if you'd like other organizations and individuals
+inside of your Microsoft Entra tenant or if you'd like other organizations and individuals
to use it.
The [app registration quickstart
-guide](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app#register-a-new-application-using-the-azure-portal)
+guide](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#register-a-new-application-using-the-azure-portal)
gives a helpful breakdown for the various tenancy options in the "Supported
account types" documentation.
@@ -57,12 +54,12 @@ personal Microsoft accounts after it's already created.
## Understanding the Credential Types
-Microsoft identity platform provides a variety of authentication flows that
+Microsoft Entra ID provides a variety of authentication flows that
serve different use cases and application types. A primary differentiator
between these flows is whether the "client" that initiates the flow is running
on a user device or on a system managed by the application developer (like a web
server). The [Microsoft Authentication
-Library](https://docs.microsoft.com/azure/active-directory/develop/msal-client-applications)
+Library](https://learn.microsoft.com/azure/active-directory/develop/msal-client-applications)
documentation describes this distinction as _public_ versus _confidential_
clients.
@@ -70,7 +67,7 @@ Most of the credential types are strictly public or confidential as they serve a
specific purpose, like authenticating a backend service for use with storage
APIs. Some credentials may be both public or confidential depending on how you
configure them. For example, the [authorization code
-flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow)
+flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow)
can be initiated from a mobile application _or_ from within a web application
running in a server.
@@ -106,7 +103,7 @@ credential for your application:
The identity platform provides an authorization model for Azure services with
[two types of
-permissions](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent#troubleshooting-permissions-and-consent):
+permissions](https://learn.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent#troubleshooting-permissions-and-consent):
- **Application permissions** authorize an application to access resources
directly. Administrator consent must be granted to your application.
@@ -118,9 +115,9 @@ If you are only using _confidential credentials_ you should only need to be
concerned with application permissions. If you will be authenticating users
with a _public credential_, you must configure API permissions for the Azure
service you need to access (Key Vault, Storage, etc) so that user accounts can
-be authorized to use them through your application. The [quick start guide for
+be authorized to use them through your application. The [quickstart guide for
configuring API
-permissions](https://docs.microsoft.com/azure/active-directory/develop/quickstart-configure-app-access-web-apis)
+permissions](https://learn.microsoft.com/azure/active-directory/develop/quickstart-configure-app-access-web-apis)
explains how to do this in detail.
### User-Granted Consent
@@ -130,19 +127,19 @@ delegated permissions, they may be presented with a consent screen that asks
whether they want to grant your application permission to access resources on
their behalf. An example of this consent flow can be found in the [consent
framework documentation
-page](https://docs.microsoft.com/azure/active-directory/develop/consent-framework).
+page](https://learn.microsoft.com/azure/active-directory/develop/consent-framework).
An administrator can also grant consent for your application on behalf of all
users. In this case, users may never see a consent screen. If you'd like to
make it easy for an administrator to grant access to all users, follow the
instructions in the [admin consent endpoint request
-documentation](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent#request-the-permissions-from-a-directory-admin).
+documentation](https://learn.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent#request-the-permissions-from-a-directory-admin).
There are some cases where a user may not be allowed to grant consent to an
application. When this occurs, the user may have to speak with an administrator
to have the permissions granted on their behalf. The [user consent
troubleshooting
-page](https://docs.microsoft.com/azure/active-directory/manage-apps/application-sign-in-unexpected-user-consent-error)
+page](https://learn.microsoft.com/azure/active-directory/manage-apps/application-sign-in-unexpected-user-consent-error)
provides more details on the consent errors a user might encounter.
## Credential Types in @azure/identity
@@ -150,7 +147,7 @@ provides more details on the consent errors a user might encounter.
### ClientSecretCredential and ClientCertificateCredential
The `ClientSecretCredential` implements the [client credentials
-flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow)
+flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow)
to enable confidential clients, like web services, to access Azure resources.
To use this credential, you will need to create a client secret using the
"Certificates & secrets" page for your app registration.
@@ -159,7 +156,7 @@ The `ClientCertificateCredential` implements the same client credentials flow,
but instead uses a certificate as the means to authenticate the client. You must
must generate your own PEM-formatted certificate for use in this flow and then
[register
-it](https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad)
+it](https://learn.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad)
in the "Certificates & secrets" page for your app registration. Using a
certificate to authenticate is recommended as it is generally more secure than
using a client secret.
@@ -174,7 +171,7 @@ on which credential you are using.
### UsernamePasswordCredential
The `UsernamePasswordCredential` follows the [resource owner password credential
-flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth-ropc)
+flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth-ropc)
to authenticate public or confidential clients. To use this credential, you
will need the `tenantId` and `clientId` of your app and a `username` and
`password` of the user you are authenticating.
@@ -193,7 +190,7 @@ directly is a major security risk.
> NOTE: This credential type does not work with personal Microsoft accounts or
> multi-factor authentication at this time. See the
-> [documentation](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth-ropc)
+> [documentation](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth-ropc)
> for more information.
### EnvironmentCredential
@@ -228,7 +225,7 @@ application to learn how to configure environment variables for your deployment.
The `ManagedIdentityCredential` takes advantage of authentication endpoints that
are hosted within the virtual network of applications deployed to Azure virtual
machines, App Services, Functions, Container Services, [and
-more](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities).
+more](https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities).
One important distinction of this credential compared to the others is that it
_does not require an app registration_. This authentication scheme relates to
@@ -240,10 +237,10 @@ to grant one of two types of managed identity to the resource that runs your
code:
- A [system-assigned
- identity](https://docs.microsoft.com/azure/app-service/overview-managed-identity#adding-a-system-assigned-identity)
+ identity](https://learn.microsoft.com/azure/app-service/overview-managed-identity#adding-a-system-assigned-identity)
which uniquely identifies your resource
- A [user-assigned
- identity](https://docs.microsoft.com/azure/app-service/overview-managed-identity#adding-a-user-assigned-identity)
+ identity](https://learn.microsoft.com/azure/app-service/overview-managed-identity#adding-a-user-assigned-identity)
which can be assigned to your resource (and others)
Once your resource has an identity assigned, that identity can be granted access
@@ -256,15 +253,15 @@ the managed identity you wish to use for authentication.
More information on configuring and using managed identities can be found in the
[Managed identities for Azure
-resources](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview)
+resources](https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview)
documentation. There is also a [list of Azure
-services](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities#azure-services-that-support-azure-ad-authentication)
+services](https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities#azure-services-that-support-azure-ad-authentication)
that have been tested to confirm support for managed identity authentication.
### InteractiveBrowserCredential
The `InteractiveBrowserCredential` follows the [implicit grant
-flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-implicit-grant-flow)
+flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-implicit-grant-flow)
which enables authentication for clients that run completely in the browser. It
is primarily useful for single-page web applications (SPAs) which need to
authenticate to access Azure resources and APIs directly.
@@ -285,7 +282,7 @@ creating an `InteractiveBrowserCredential`.
### DeviceCodeCredential
The `DeviceCodeCredential` follows the [device code authorization
-flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-device-code)
+flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-device-code)
which enables input-constrained devices, like TVs or IoT devices, to
authenticate by having the user enter a provided "device code" into an
authorization site that the user visits on another device.
@@ -297,7 +294,7 @@ section of the **Authentication** page of your app registration.
### AuthorizationCodeCredential
The `AuthorizationCodeCredential` follows the [authorization code
-flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow)
+flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow)
which enables server-hosted web applications, native desktop and mobile
applications, and web APIs to access resources on the user's behalf.
diff --git a/sdk/identity/identity-cache-persistence/README.md b/sdk/identity/identity-cache-persistence/README.md
index 32628b1db4d..1cef969c375 100644
--- a/sdk/identity/identity-cache-persistence/README.md
+++ b/sdk/identity/identity-cache-persistence/README.md
@@ -32,7 +32,7 @@ Azure Identity plugins for JavaScript support stable (even numbered) versions of
## Key concepts
-If this is your first time using `@azure/identity` or the Microsoft identity platform (Azure Active Directory), we recommend that you read [Using `@azure/identity` with Microsoft Identity Platform](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/using-azure-identity.md) first. This document will give you a deeper understanding of the platform and how to configure your Azure account correctly.
+If this is your first time using `@azure/identity` or Microsoft Entra ID, we recommend that you read [Using `@azure/identity` with Microsoft Entra ID](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/using-azure-identity.md) first. This document will give you a deeper understanding of the platform and how to configure your Azure account correctly.
### Azure Identity Plugins
diff --git a/sdk/identity/identity-cache-persistence/samples-dev/extension.ts b/sdk/identity/identity-cache-persistence/samples-dev/extension.ts
index 0be68984e74..b5b843d7e31 100644
--- a/sdk/identity/identity-cache-persistence/samples-dev/extension.ts
+++ b/sdk/identity/identity-cache-persistence/samples-dev/extension.ts
@@ -6,7 +6,7 @@
* using the persistence plugin. Once the persistence plugin is added
* through `useIdentityPlugin`, some credentials, such as
* `DeviceCodeCredential`, will be able to retrieve tokens from the cache rather
- * than requesting new tokens from the Azure Active Directory token endpoint.
+ * than requesting new tokens from the Microsoft Entra token endpoint.
*
* In order to utilize the persistent token cache, the `enabled` property must
* be set to `true` within `tokenCachePersistenceOptions` in the credential's
@@ -32,7 +32,7 @@ async function main() {
},
});
- // This is the scope we will use to get a token from the AAD token endpoint.
+ // This is the scope we will use to get a token from the Microsoft Entra token endpoint.
// By default, we'll use the Microsoft Graph scope as an example, but when
// you use the credential with an Azure SDK package, it will configure the
// scope for you automatically.
diff --git a/sdk/identity/identity-vscode/README.md b/sdk/identity/identity-vscode/README.md
index fb89b63c9a3..d5d99bb64ec 100644
--- a/sdk/identity/identity-vscode/README.md
+++ b/sdk/identity/identity-vscode/README.md
@@ -33,7 +33,7 @@ Azure Identity plugins for JavaScript support stable (even numbered) versions of
## Key concepts
-If this is your first time using `@azure/identity` or the Microsoft identity platform (Azure Active Directory), we recommend that you read [Using `@azure/identity` with Microsoft Identity Platform](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/using-azure-identity.md) first. This document will give you a deeper understanding of the platform and how to configure your Azure account correctly.
+If this is your first time using `@azure/identity` or Microsoft Entra ID, we recommend that you read [Using `@azure/identity` with Microsoft Entra ID](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/using-azure-identity.md) first. This document will give you a deeper understanding of the platform and how to configure your Azure account correctly.
### Azure Identity Plugins
diff --git a/sdk/identity/identity-vscode/samples-dev/extension.ts b/sdk/identity/identity-vscode/samples-dev/extension.ts
index d7ed4c1fb7c..4d37cf7c630 100644
--- a/sdk/identity/identity-vscode/samples-dev/extension.ts
+++ b/sdk/identity/identity-vscode/samples-dev/extension.ts
@@ -23,7 +23,7 @@ useIdentityPlugin(vsCodePlugin);
export async function main() {
const credential = new DefaultAzureCredential();
- // This is the scope we will use to get a token from the AAD token endpoint.
+ // This is the scope we will use to get a token from the Microsoft Entra token endpoint.
// By default, we'll use the Microsoft Graph scope as an example, but when
// you use the credential with an Azure SDK package, it will configure the
// scope for you automatically.
diff --git a/sdk/identity/identity-vscode/samples-dev/nodeEnv.ts b/sdk/identity/identity-vscode/samples-dev/nodeEnv.ts
index 3b59444463b..4143be64672 100644
--- a/sdk/identity/identity-vscode/samples-dev/nodeEnv.ts
+++ b/sdk/identity/identity-vscode/samples-dev/nodeEnv.ts
@@ -38,7 +38,7 @@ if (!isProduction) {
export async function main() {
const credential = new DefaultAzureCredential();
- // This is the scope we will use to get a token from the AAD token endpoint.
+ // This is the scope we will use to get a token from the Microsoft Entra token endpoint.
// By default, we'll use the Microsoft Graph scope as an example, but when
// you use the credential with an Azure SDK package, it will configure the
// scope for you automatically.
diff --git a/sdk/identity/identity/CHANGELOG.md b/sdk/identity/identity/CHANGELOG.md
index 6ea7745e7bd..2dd0736caf7 100644
--- a/sdk/identity/identity/CHANGELOG.md
+++ b/sdk/identity/identity/CHANGELOG.md
@@ -79,7 +79,7 @@
### Features Added
-- Added support to disable instance discovery on AAD credentials.
+- Added support to disable instance discovery on Microsoft Entra credentials.
- Added `AzureDeveloperCliCredential` [#24180](https://github.com/Azure/azure-sdk-for-js/pull/24180) and added it to the `DefaultAzureCredential` [#24826](https://github.com/Azure/azure-sdk-for-js/pull/24826) auth flow
- Added support for `WokloadIdentityCredential`[#24830](https://github.com/Azure/azure-sdk-for-js/pull/24830), added it to `DefaultAzureCredential` auth flow and replaced the in-house implementation of `Token Exchange MSI` in `ManagedIdentity` with `WorkloadIdentityCredential`.
@@ -155,7 +155,7 @@
### Features Added
- Added support in `EnvironmentCredential` to read a certificate password from an environment variable `AZURE_CLIENT_CERTIFICATE_PASSWORD`
-- Added samples for supporting AAD authentication in Azure Redis Cache
+- Added samples for supporting Microsoft Entra authentication in Azure Redis Cache
### Breaking Changes
@@ -695,7 +695,7 @@ This release doesn't have the changes from `1.2.4-beta.1`.
## 1.0.0-preview.4 (2019-10-07)
-- Introduced the `AuthorizationCodeCredential` for performing the [authorization code flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow) with AAD ([PR #5356](https://github.com/Azure/azure-sdk-for-js/pull/5356))
+- Introduced the `AuthorizationCodeCredential` for performing the [authorization code flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow) with Microsoft Entra ID ([PR #5356](https://github.com/Azure/azure-sdk-for-js/pull/5356))
- Fixed an issue preventing the `ManagedIdentityCredential` from working inside of Azure Function Apps ([PR #5144](https://github.com/Azure/azure-sdk-for-js/pull/5144))
- Added tracing to `IdentityClient` and credential implementations ([PR #5283](https://github.com/Azure/azure-sdk-for-js/pull/5283))
- Improved the exception message for `AggregateAuthenticationError` so that errors thrown from `DefaultAzureCredential` are now more actionable ([PR #5409](https://github.com/Azure/azure-sdk-for-js/pull/5409))
diff --git a/sdk/identity/identity/README.md b/sdk/identity/identity/README.md
index eb53e466cf5..b1ade9dc51c 100644
--- a/sdk/identity/identity/README.md
+++ b/sdk/identity/identity/README.md
@@ -1,6 +1,6 @@
# Azure Identity client library for JavaScript
-The Azure Identity library provides [Azure Active Directory (Azure AD)](https://learn.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) token authentication through a set of convenient [TokenCredential](https://learn.microsoft.com/javascript/api/@azure/core-auth/tokencredential) implementations.
+The Azure Identity library provides [Microsoft Entra ID](https://learn.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) ([formerly Azure Active Directory](https://learn.microsoft.com/azure/active-directory/fundamentals/new-name)) token authentication through a set of convenient [TokenCredential](https://learn.microsoft.com/javascript/api/@azure/core-auth/tokencredential) implementations.
For examples of various credentials, see the [Azure Identity examples page](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md).
@@ -9,7 +9,7 @@ Key links:
- [Source code](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/identity/identity)
- [Package (npm)](https://www.npmjs.com/package/@azure/identity)
- [API Reference Documentation](https://learn.microsoft.com/javascript/api/@azure/identity)
-- [Azure AD documentation](https://azure.microsoft.com/services/active-directory/)
+- [Microsoft Entra ID documentation](https://azure.microsoft.com/services/active-directory/)
- [Samples](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2)
## Getting started
@@ -110,13 +110,13 @@ To authenticate Azure SDK clients within web browsers, we offer the `Interactive
## Key concepts
-If this is your first time using `@azure/identity` or the Microsoft Identity platform (Azure AD), read [Using `@azure/identity` with Microsoft Identity Platform](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/using-azure-identity.md) first. This document provides a deeper understanding of the platform and how to configure your Azure account correctly.
+If this is your first time using `@azure/identity` or Microsoft Entra ID, read [Using `@azure/identity` with Microsoft Entra ID](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/using-azure-identity.md) first. This document provides a deeper understanding of the platform and how to configure your Azure account correctly.
### Credentials
A credential is a class which contains or can obtain the data needed for a service client to authenticate requests. Service clients across the Azure SDK accept credentials when they're constructed. Service clients use those credentials to authenticate requests to the service.
-The Azure Identity library focuses on OAuth authentication with Azure AD, and it offers a variety of credential classes capable of acquiring an Azure AD token to authenticate service requests. All of the credential classes in this library are implementations of the [TokenCredential](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/core/core-auth/src/tokenCredential.ts) abstract class, and any of them can be used by to construct service clients capable of authenticating with a TokenCredential.
+The Azure Identity library focuses on OAuth authentication with Microsoft Entra ID, and it offers a variety of credential classes capable of acquiring a Microsoft Entra token to authenticate service requests. All of the credential classes in this library are implementations of the [TokenCredential](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/core/core-auth/src/tokenCredential.ts) abstract class, and any of them can be used by to construct service clients capable of authenticating with a TokenCredential.
See [Credential Classes](#credential-classes).
@@ -217,7 +217,7 @@ For examples of how to use managed identity for authentication, see [the example
## Cloud configuration
-Credentials default to authenticating to the Azure AD endpoint for Azure Public Cloud. To access resources in other clouds, such as Azure Government or a private cloud, configure credentials with the `authorityHost` argument in the constructor. The `AzureAuthorityHosts` interface defines authorities for well-known clouds. For the US Government cloud, you could instantiate a credential this way:
+Credentials default to authenticating to the Microsoft Entra endpoint for Azure Public Cloud. To access resources in other clouds, such as Azure Government or a private cloud, configure credentials with the `authorityHost` argument in the constructor. The `AzureAuthorityHosts` interface defines authorities for well-known clouds. For the US Government cloud, you could instantiate a credential this way:
```typescript
import { AzureAuthorityHosts, ClientSecretCredential } from "@azure/identity";
@@ -243,7 +243,7 @@ Not all credentials require this configuration. Credentials that authenticate th
| [`ChainedTokenCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/chainedtokencredential?view=azure-node-latest) | Allows users to define custom authentication flows composing multiple credentials. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#chaining-credentials) |
| [`EnvironmentCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/environmentcredential?view=azure-node-latest) | Authenticates a service principal or user via credential information specified in environment variables. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-service-principal-with-environment-credentials) |
| [`ManagedIdentityCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/managedidentitycredential?view=azure-node-latest) | Authenticates the managed identity of an Azure resource. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-in-azure-with-managed-identity) |
-| [`WorkloadIdentityCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/workloadidentitycredential?view=azure-node-latest)| Supports [Azure AD workload identity](https://learn.microsoft.com/azure/aks/workload-identity-overview) on Kubernetes. | |
+| [`WorkloadIdentityCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/workloadidentitycredential?view=azure-node-latest)| Supports [Microsoft Entra Workload ID](https://learn.microsoft.com/azure/aks/workload-identity-overview) on Kubernetes. | |
### Authenticate service principals
@@ -280,16 +280,16 @@ Not all credentials require this configuration. Credentials that authenticate th
| Variable name | Value |
| --------------------- | --------------------------------------- |
-| `AZURE_CLIENT_ID` | ID of an Azure AD application |
-| `AZURE_TENANT_ID` | ID of the application's Azure AD tenant |
+| `AZURE_CLIENT_ID` | ID of a Microsoft Entra application |
+| `AZURE_TENANT_ID` | ID of the application's Microsoft Entra tenant |
| `AZURE_CLIENT_SECRET` | one of the application's client secrets |
#### Service principal with certificate
| Variable name | Value |
| ----------------------------------- | ------------------------------------------------------------ |
-| `AZURE_CLIENT_ID` | ID of an Azure AD application |
-| `AZURE_TENANT_ID` | ID of the application's Azure AD tenant |
+| `AZURE_CLIENT_ID` | ID of a Microsoft Entra application |
+| `AZURE_TENANT_ID` | ID of the application's Microsoft Entra tenant |
| `AZURE_CLIENT_CERTIFICATE_PATH` | path to a PEM-encoded certificate file including private key |
| `AZURE_CLIENT_CERTIFICATE_PASSWORD` | password of the certificate file, if any |
@@ -297,8 +297,8 @@ Not all credentials require this configuration. Credentials that authenticate th
| Variable name | Value |
| ----------------- | --------------------------------------- |
-| `AZURE_CLIENT_ID` | ID of an Azure AD application |
-| `AZURE_TENANT_ID` | ID of the application's Azure AD tenant |
+| `AZURE_CLIENT_ID` | ID of a Microsoft Entra application |
+| `AZURE_TENANT_ID` | ID of the application's Microsoft Entra tenant |
| `AZURE_USERNAME` | a username (usually an email address) |
| `AZURE_PASSWORD` | that user's password |
@@ -314,7 +314,7 @@ Token caching is a feature provided by the Azure Identity library that allows ap
- Cache tokens in memory (default) and on disk (opt-in).
- Improve resilience and performance.
-- Reduce the number of requests made to Azure AD to obtain access tokens.
+- Reduce the number of requests made to Microsoft Entra ID to obtain access tokens.
The Azure Identity library offers both in-memory and persistent disk caching. For more details, see the [token caching documentation](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/TOKEN_CACHING.md).
@@ -330,7 +330,7 @@ API documentation for this library can be found on our [documentation site](http
### Client library support
-Client and management libraries listed on the [Azure SDK releases page](https://azure.github.io/azure-sdk/releases/latest/js.html) that support Azure AD authentication accept credentials from this library. Learn more about using these libraries in their documentation, which is linked from the releases page.
+Client and management libraries listed on the [Azure SDK releases page](https://azure.github.io/azure-sdk/releases/latest/js.html) that support Microsoft Entra authentication accept credentials from this library. Learn more about using these libraries in their documentation, which is linked from the releases page.
### Known issues
diff --git a/sdk/identity/identity/TOKEN_CACHING.md b/sdk/identity/identity/TOKEN_CACHING.md
index 7465b18776e..6d2ac753e11 100644
--- a/sdk/identity/identity/TOKEN_CACHING.md
+++ b/sdk/identity/identity/TOKEN_CACHING.md
@@ -3,16 +3,16 @@
*Token caching* is a feature provided by the Azure Identity library that allows apps to:
- Improve their resilience and performance.
-- Reduce the number of requests made to Azure Active Directory (Azure AD) to obtain access tokens.
+- Reduce the number of requests made to Microsoft Entra ID to obtain access tokens.
- Reduce the number of times the user is prompted to authenticate.
-When an app needs to access a protected Azure resource, it typically needs to obtain an access token from Azure AD. Obtaining that token typically involves sending a request to Azure AD and may also involve prompting the user. Azure AD then validates the credentials provided in the request and issues an access token.
+When an app needs to access a protected Azure resource, it typically needs to obtain an access token from Microsoft Entra ID. Obtaining that token typically involves sending a request to Microsoft Entra ID and may also involve prompting the user. Microsoft Entra ID then validates the credentials provided in the request and issues an access token.
-Token caching, via the Azure Identity library, allows the app to store this access token [in memory](#in-memory-token-caching), where it's accessible to the current process, or [on disk](#persistent-token-caching) where it can be accessed across application or process invocations. The token can then be retrieved quickly and easily the next time the app needs to access the same resource. The app can avoid making another request to Azure AD, which reduces network traffic and improves resilience. Additionally, in scenarios where the app is authenticating users, token caching avoids prompting the user each time new tokens are requested.
+Token caching, via the Azure Identity library, allows the app to store this access token [in memory](#in-memory-token-caching), where it's accessible to the current process, or [on disk](#persistent-token-caching) where it can be accessed across application or process invocations. The token can then be retrieved quickly and easily the next time the app needs to access the same resource. The app can avoid making another request to Microsoft Entra ID, which reduces network traffic and improves resilience. Additionally, in scenarios where the app is authenticating users, token caching avoids prompting the user each time new tokens are requested.
### In-memory token caching
-*In-memory token caching* is the default option provided by the Azure Identity library. This caching approach allows apps to store access tokens in memory. With in-memory token caching, the library first determines if a valid access token for the requested resource is already stored in memory. If a valid token is found, it's returned to the app without the need to make another request to Azure AD. If a valid token isn't found, the library will automatically acquire a token by sending a request to Azure AD.
+*In-memory token caching* is the default option provided by the Azure Identity library. This caching approach allows apps to store access tokens in memory. With in-memory token caching, the library first determines if a valid access token for the requested resource is already stored in memory. If a valid token is found, it's returned to the app without the need to make another request to Microsoft Entra ID. If a valid token isn't found, the library will automatically acquire a token by sending a request to Microsoft Entra ID.
The in-memory token cache provided by the Azure Identity library:
@@ -35,10 +35,10 @@ As there are many levels of cache, it's not possible disable in-memory caching.
| macOS | Keychain |
| Windows | DPAPI |
-With persistent disk token caching enabled, the library first determines if a valid access token for the requested resource is already stored in the persistent cache. If a valid token is found, it's returned to the app without the need to make another request to Azure AD. Additionally, the tokens are preserved across app runs, which:
+With persistent disk token caching enabled, the library first determines if a valid access token for the requested resource is already stored in the persistent cache. If a valid token is found, it's returned to the app without the need to make another request to Microsoft Entra ID. Additionally, the tokens are preserved across app runs, which:
- Makes the app more resilient to failures.
-- Ensures the app can continue to function during an Azure AD outage or disruption.
+- Ensures the app can continue to function during a Microsoft Entra ID outage or disruption.
- Avoids having to prompt users to authenticate each time the process is restarted.
#### Code sample
@@ -78,4 +78,4 @@ The following table indicates the state of in-memory and persistent caching in e
| `ManagedIdentityCredential` | Supported | Not Supported |
| `OnBehalfOfCredential` | Supported | Supported |
| `UsernamePasswordCredential` | Supported | Supported |
-| `WorkloadIdentityCredential` | Supported | Supported |
\ No newline at end of file
+| `WorkloadIdentityCredential` | Supported | Supported |
diff --git a/sdk/identity/identity/TROUBLESHOOTING.md b/sdk/identity/identity/TROUBLESHOOTING.md
index b5ed38f10df..3aeae3df1e9 100644
--- a/sdk/identity/identity/TROUBLESHOOTING.md
+++ b/sdk/identity/identity/TROUBLESHOOTING.md
@@ -40,7 +40,7 @@ An `AggregateAuthenticationError` will be raised by `ChainedTokenCredential` wit
### AuthenticationError
-The `AuthenticationError` is used to indicate a failure to authenticate with Azure Active Directory (Azure AD). The `errorResponse` field contains more details about the specific failure.
+The `AuthenticationError` is used to indicate a failure to authenticate with Microsoft Entra ID. The `errorResponse` field contains more details about the specific failure.
```ts
import * from "@azure/identity";
@@ -56,7 +56,7 @@ async function main() {
// Retrieving the properties of the existing keys in that specific Key Vault.
console.log(await client.listPropertiesOfKeys().next());
} catch (error) {
- console.log("Azure Active Directory service response with error", error.errorResponse);
+ console.log("Microsoft Entra ID service response with error", error.errorResponse);
}
}
@@ -96,7 +96,7 @@ The `CredentialUnavailableError` is used to indicate that the credential can't a
## Find relevant information in error messages
-`AuthenticationRequiredError` is thrown when unexpected errors occurred while a credential is authenticating. This can include errors received from requests to the Azure AD Security Token Service (STS) and often contains information helpful to diagnosis. Consider the following `AuthenticationRequiredError` message:
+`AuthenticationRequiredError` is thrown when unexpected errors occurred while a credential is authenticating. This can include errors received from requests to the Microsoft Entra Security Token Service (STS) and often contains information helpful to diagnosis. Consider the following `AuthenticationRequiredError` message:
` AuthenticationRequiredError: invalid_request: 9002331 - [2022-02-04 00:28:06Z]: AADSTS9002331: Application '6b666991-4567-4982-9981-61877200efy1'(kaghiya-identity) is configured for use by Microsoft Account users only. Please use the /consumers endpoint to serve this request.
Trace ID: 00a7e15c-4557-4974-91d5-886428b00e00
@@ -108,7 +108,7 @@ This error contains several pieces of information:
- **Failing Credential Type**: The type of credential that failed to authenticate. This can be helpful when diagnosing issues with chained credential types, such as `DefaultAzureCredential` or `ChainedTokenCredential`.
-- **STS Error Code and Message**: The error code and message returned from the Azure AD STS. This can give insight into the specific reason the request failed. In this specific case, the request failed because the provided client secret is incorrect. For more information, see [Azure AD STS error codes](https://learn.microsoft.com/azure/active-directory/develop/reference-aadsts-error-codes#aadsts-error-codes).
+- **STS Error Code and Message**: The error code and message returned from the Microsoft Entra STS. This can give insight into the specific reason the request failed. In this specific case, the request failed because the provided client secret is incorrect. For more information, see [Microsoft Entra STS error codes](https://learn.microsoft.com/azure/active-directory/develop/reference-aadsts-error-codes#aadsts-error-codes).
- **Correlation ID and Timestamp**: The correlation ID and call timestamp used to identify the request in server-side logs. This information can be useful to support engineers when diagnosing unexpected STS failures.
@@ -188,7 +188,7 @@ const credential = new DefaultAzureCredential({
## Permission issues
-If you're using app registration to authenticate the service, ensure the app registration has the correct permissions and role assignments in the service you want to use. For example, if you want to have access to the Azure App Configuration service through Azure AD, ensure your app registration has the permissions and role assignments for access to Azure AD. You can either be assigned the role directly or be in a group that's assigned the role. The "Contributor" and the "Owner" roles allow you to manage the App Configuration resource. In this case, you can either use "App Configuration Data Owner" directly on the user or the Azure AD group. Alternatively, use "Owner" on the Azure AD group. While the App Configuration data can be accessed using access keys, these keys don't grant direct access to the data using Azure AD.
+If you're using app registration to authenticate the service, ensure the app registration has the correct permissions and role assignments in the service you want to use. For example, if you want to have access to the Azure App Configuration service through Microsoft Entra ID, ensure your app registration has the permissions and role assignments for access to Microsoft Entra ID. You can either be assigned the role directly or be in a group that's assigned the role. The "Contributor" and the "Owner" roles allow you to manage the App Configuration resource. In this case, you can either use "App Configuration Data Owner" directly on the user or the Microsoft Entra group. Alternatively, use "Owner" on the Microsoft Entra group. While the App Configuration data can be accessed using access keys, these keys don't grant direct access to the data using Microsoft Entra ID.
## Troubleshoot default Azure credential authentication issues
@@ -228,13 +228,13 @@ Follow the troubleshooting guidelines below for the respective authentication ty
### Two-factor authentication required error
-The `UsernamePasswordCredential` works only for users whose two-factor authentication has been disabled in Azure AD. You can change the multi-factor authentication in the Azure portal with the steps [here](https://learn.microsoft.com/azure/active-directory/authentication/howto-mfa-userstates#change-the-status-for-a-user).
+The `UsernamePasswordCredential` works only for users whose two-factor authentication has been disabled in Microsoft Entra ID. You can change the multi-factor authentication in the Azure portal with the steps [here](https://learn.microsoft.com/azure/active-directory/authentication/howto-mfa-userstates#change-the-status-for-a-user).
### Request body must contain the following parameter: 'client_assertion' or 'client_secret'
-The error `The request body must contain the following parameter: 'client_assertion' or 'client_secret'`, occurs because of how the Azure AD app is configured. The Azure AD app registration seems to be configured as a confidential app. The `UsernamePasswordCredential` works only with public clients and doesn't support confidential apps. To support confidential apps, use either `ClientSecretCredential` or `ClientCertificateCredential` instead.
+The error `The request body must contain the following parameter: 'client_assertion' or 'client_secret'`, occurs because of how the Microsoft Entra app is configured. The Microsoft Entra app registration seems to be configured as a confidential app. The `UsernamePasswordCredential` works only with public clients and doesn't support confidential apps. To support confidential apps, use either `ClientSecretCredential` or `ClientCertificateCredential` instead.
-To allow public client authentication on your Azure AD tenant:
+To allow public client authentication on your Microsoft Entra tenant:
1. In the Azure portal, navigate to the **Authentication** page.
2. Scroll to the bottom of the page. You'll see something that says **Allow public client flows**. Near that, you'll see a **yes** / **no** toggle. Set this toggle to **yes**.
@@ -247,7 +247,7 @@ After that, you shouldn't need to specify a client secret to authenticate with t
#### Client Id
-The Client ID is the app ID of the registered app / service principal in Azure AD. It's a required parameter for `ClientSecretCredential`, `ClientCertificateCredential`, and `ClientAssertionCredential`. If you've already created your service principal, you can retrieve the client/app ID by following the instructions [here](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#get-tenant-and-app-id-values-for-signing-in).
+The Client ID is the app ID of the registered app / service principal in Microsoft Entra ID. It's a required parameter for `ClientSecretCredential`, `ClientCertificateCredential`, and `ClientAssertionCredential`. If you've already created your service principal, you can retrieve the client/app ID by following the instructions [here](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#get-tenant-and-app-id-values-for-signing-in).
#### Tenant Id
@@ -460,7 +460,7 @@ If the preceding command isn't working properly, follow the instructions to reso
| Error |Description| Mitigation |
|---|---|---|
-|`CredentialUnavailableException` raised with message. "WorkloadIdentityCredential authentication unavailable. The workload options are not fully configured."|The `WorkloadIdentityCredential` requires `clientId`, `tenantId`, and `tokenFilePath` to authenticate with Azure Active Directory.|
- If using `DefaultAzureCredential` then:
- Ensure client ID is specified via the `workloadIdentityClientId` option or the `AZURE_CLIENT_ID` environment variable.
- Ensure tenant ID is specified via the `AZURE_TENANT_ID` environment variable.
- Ensure the token file path is specified via the `AZURE_FEDERATED_TOKEN_FILE` environment variable.
- Ensure the authority host is specified via the `AZURE_AUTHORITY_HOST` environment variable.
- If using `WorkloadIdentityCredential` then:
- Ensure the tenant ID is specified via the `tenantId` options to the credential constructor or the `AZURE_TENANT_ID` environment variable.
- Ensure client ID is specified via the `clientId` options to the credential constructor.
- Ensure the token file path is specified via the `tokenFilePath` options to credential constructor or the `AZURE_FEDERATED_TOKEN_FILE` environment variable.
- Consult the [product troubleshooting guide](https://azure.github.io/azure-workload-identity/docs/troubleshooting.html) for other issues.
|
+|`CredentialUnavailableException` raised with message. "WorkloadIdentityCredential authentication unavailable. The workload options are not fully configured."|The `WorkloadIdentityCredential` requires `clientId`, `tenantId`, and `tokenFilePath` to authenticate with Microsoft Entra ID.| - If using `DefaultAzureCredential` then:
- Ensure client ID is specified via the `workloadIdentityClientId` option or the `AZURE_CLIENT_ID` environment variable.
- Ensure tenant ID is specified via the `AZURE_TENANT_ID` environment variable.
- Ensure the token file path is specified via the `AZURE_FEDERATED_TOKEN_FILE` environment variable.
- Ensure the authority host is specified via the `AZURE_AUTHORITY_HOST` environment variable.
- If using `WorkloadIdentityCredential` then:
- Ensure the tenant ID is specified via the `tenantId` options to the credential constructor or the `AZURE_TENANT_ID` environment variable.
- Ensure client ID is specified via the `clientId` options to the credential constructor.
- Ensure the token file path is specified via the `tokenFilePath` options to credential constructor or the `AZURE_FEDERATED_TOKEN_FILE` environment variable.
- Consult the [product troubleshooting guide](https://azure.github.io/azure-workload-identity/docs/troubleshooting.html) for other issues.
|
## Troubleshoot multi-tenant authentication issues
diff --git a/sdk/identity/identity/interactive-browser-credential.md b/sdk/identity/identity/interactive-browser-credential.md
index 6f525d1ec1b..e53580a5b83 100644
--- a/sdk/identity/identity/interactive-browser-credential.md
+++ b/sdk/identity/identity/interactive-browser-credential.md
@@ -6,7 +6,7 @@ The `InteractiveBrowserCredential` uses [Authorization Code Flow][AuthCodeFlow],
## For Node.js
-For Node.js, if a `clientId` is provided, the Azure Active Directory application will need to be configured to have a "Mobile and desktop applications" redirect endpoint. Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://docs.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).
+For Node.js, if a `clientId` is provided, the Microsoft Entra application will need to be configured to have a "Mobile and desktop applications" redirect endpoint. Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://learn.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).
When using `InteractiveBrowserCredential` on Node, you may specify a `clientId` and `tenantId`, but otherwise we try to authenticate using a public client that's available for all Azure accounts and the default tenant of your account. For Node, this credential uses a web server to fulfill the redirection. This web server tries to use the port `80` by default. A `redirectUri` can be provided to determine the proper redirection URI with the adequate port, as follows:
@@ -16,14 +16,14 @@ const credential = new InteractiveBrowserCredential({
clientId: "my-client-id",
// You may provide a tenant ID based on the resource you are trying to access.
tenantId: "my-tenant-id",
- // You may provide a redirectUri based on the redirectUri configured in your AAD application:
+ // You may provide a redirectUri based on the redirectUri configured in your Microsoft Entra application:
redirectUri: "http://localhost:8080/"
});
```
## For browsers
-Follow the instructions for [creating and configuring an Azure Active Directory application to authenticate a single-page application](https://docs.microsoft.com/azure/active-directory/develop/scenario-spa-app-registration#redirect-uri-msaljs-20-with-auth-code-flow) to correctly mark your redirect URI as enabled for CORS.
+Follow the instructions for [creating and configuring a Microsoft Entra application to authenticate a single-page application](https://learn.microsoft.com/azure/active-directory/develop/scenario-spa-app-registration#redirect-uri-msaljs-20-with-auth-code-flow) to correctly mark your redirect URI as enabled for CORS.
When using `InteractiveBrowserCredential` in the browser, you will be required to pass a `clientId` in the constructor parameters, such as:
@@ -33,12 +33,12 @@ const credential = new InteractiveBrowserCredential({
clientId: "my-client-id",
// You may provide a tenant ID based on the resource you are trying to access.
tenantId: "my-tenant-id",
- // You may provide a redirectUri based on the redirectUri configured in your AAD application:
+ // You may provide a redirectUri based on the redirectUri configured in your Microsoft Entra application:
redirectUri: "http://localhost:8080/"
});
```
-Azure Active Directory enterprise applications configured with redirect URIs for `Web` environments are no longer supported by the Authorization Code Flow. You will have to configure your AAD application to use Single Page Application redirect URis (type `spa`).
+Microsoft Entra enterprise applications configured with redirect URIs for `Web` environments are no longer supported by the Authorization Code Flow. You will have to configure your Microsoft Entra application to use Single Page Application redirect URis (type `spa`).
### CORS error
diff --git a/sdk/identity/identity/migration-v1-v2.md b/sdk/identity/identity/migration-v1-v2.md
index 3cc7155be8e..b3a959f27b3 100644
--- a/sdk/identity/identity/migration-v1-v2.md
+++ b/sdk/identity/identity/migration-v1-v2.md
@@ -139,7 +139,7 @@ try {
On the browser, the `InteractiveBrowserCredential` now uses the [Auth Code Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow) with [PKCE](https://tools.ietf.org/html/rfc7636) rather than [Implicit Grant Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-implicit-grant-flow) to better support browsers with enhanced security restrictions.
-To migrate to v2 of the `InteractiveBrowserCredential`, your Azure Active Directory app registration needs to change. Take one of the following actions:
+To migrate to v2 of the `InteractiveBrowserCredential`, your Microsoft Entra app registration needs to change. Take one of the following actions:
- Create a [new app registration](https://docs.microsoft.com/azure/active-directory/develop/scenario-spa-app-registration#create-the-app-registration).
- [Update your existing app registration to support the Auth Code Flow](https://docs.microsoft.com/azure/active-directory/develop/migrate-spa-implicit-to-auth-code).
diff --git a/sdk/identity/identity/samples-dev/clientSecretCredential.ts b/sdk/identity/identity/samples-dev/clientSecretCredential.ts
index 3bc505d3739..7adc92e80f7 100644
--- a/sdk/identity/identity/samples-dev/clientSecretCredential.ts
+++ b/sdk/identity/identity/samples-dev/clientSecretCredential.ts
@@ -13,8 +13,8 @@ require("dotenv").config();
export async function main(): Promise {
const credential = new ClientSecretCredential(
- process.env.AZURE_TENANT_ID!, // The tenant ID in Azure Active Directory
- process.env.AZURE_CLIENT_ID!, // The app registration client Id in the AAD tenant
+ process.env.AZURE_TENANT_ID!, // The tenant ID in Microsoft Entra ID
+ process.env.AZURE_CLIENT_ID!, // The app registration client Id in the Microsoft Entra tenant
process.env.AZURE_CLIENT_SECRET! // The app registration secret for the registered application
);
diff --git a/sdk/identity/identity/samples-dev/environmentCredential.ts b/sdk/identity/identity/samples-dev/environmentCredential.ts
index 4c65691c285..ceb625072ea 100644
--- a/sdk/identity/identity/samples-dev/environmentCredential.ts
+++ b/sdk/identity/identity/samples-dev/environmentCredential.ts
@@ -13,8 +13,8 @@ require("dotenv").config();
export async function main(): Promise {
// EnvironmentCredential expects the following three environment variables:
- // - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
- // - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
+ // - AZURE_TENANT_ID: The tenant ID in Microsoft Entra ID
+ // - AZURE_CLIENT_ID: The application (client) ID registered in the Microsoft Entra tenant
// - AZURE_CLIENT_SECRET: The client secret for the registered application
const credential = new EnvironmentCredential();
diff --git a/sdk/identity/identity/samples-dev/interactiveBrowserCedential.ts b/sdk/identity/identity/samples-dev/interactiveBrowserCedential.ts
index 3de09789897..7576392fe22 100644
--- a/sdk/identity/identity/samples-dev/interactiveBrowserCedential.ts
+++ b/sdk/identity/identity/samples-dev/interactiveBrowserCedential.ts
@@ -10,8 +10,8 @@ import dotenv from "dotenv";
dotenv.config();
-const clientId = process.env.AZURE_CLIENT_ID; // The app registration client Id in the AAD tenant
-const tenantId = process.env.AZURE_TENANT_ID; // The tenant ID in Azure Active Directory
+const clientId = process.env.AZURE_CLIENT_ID; // The app registration client Id in the Microsoft Entra tenant
+const tenantId = process.env.AZURE_TENANT_ID; // The tenant ID in Microsoft Entra ID
async function main(): Promise {
const credential = new InteractiveBrowserCredential({
diff --git a/sdk/identity/identity/samples/AzureCacheForRedis/ioredis.md b/sdk/identity/identity/samples/AzureCacheForRedis/ioredis.md
index fce7642f506..d939da23d8d 100644
--- a/sdk/identity/identity/samples/AzureCacheForRedis/ioredis.md
+++ b/sdk/identity/identity/samples/AzureCacheForRedis/ioredis.md
@@ -1,11 +1,11 @@
-## Azure Cache for Redis: Azure AD with ioredis client library
+## Azure Cache for Redis: Microsoft Entra ID with ioredis client library
### Table of contents
- [Prerequisites](#prerequisites)
-- [Authenticate with Azure AD - Hello World](#authenticate-with-azure-ad-ioredis-hello-world)
-- [Authenticate with Azure AD - Handle Reauthentication](#authenticate-with-azure-ad-handle-reauthentication)
-- [Authenticate with Azure AD - Using Token Cache](#authenticate-with-azure-ad-using-token-cache)
+- [Authenticate with Microsoft Entra ID - Hello World](#authenticate-with-azure-ad-ioredis-hello-world)
+- [Authenticate with Microsoft Entra ID - Handle Reauthentication](#authenticate-with-azure-ad-handle-reauthentication)
+- [Authenticate with Microsoft Entra ID - Using Token Cache](#authenticate-with-azure-ad-using-token-cache)
- [Troubleshooting](#troubleshooting)
#### Prerequisites
@@ -24,23 +24,23 @@
#### Samples Guidance
-* [Authenticate with Azure AD - Hello World](#authenticate-with-azure-ad-hello-world):
- This sample is recommended for users getting started to use Azure AD authentication with Azure Cache for Redis.
-* [Authenticate with Azure AD - Handle Reauthentication](#authenticate-with-azure-ad-handle-reauthentication):
- This sample is recommended to users looking to build long-running applications and would like to handle reauthenticating with Azure AD upon token expiry.
-* [Authenticate with Azure AD - Using Token Cache](#authenticate-with-azure-ad-using-token-cache):
- This sample is recommended to users looking to build long-running applications that would like to handle reauthenticating with a token cache. The token cache stores and proactively refreshes the Azure AD access token 2 minutes before expiry and ensures a non-expired token is available for use when the cache is accessed.
+* [Authenticate with Microsoft Entra ID - Hello World](#authenticate-with-azure-ad-hello-world):
+ This sample is recommended for users getting started to use Microsoft Entra authentication with Azure Cache for Redis.
+* [Authenticate with Microsoft Entra ID - Handle Reauthentication](#authenticate-with-azure-ad-handle-reauthentication):
+ This sample is recommended to users looking to build long-running applications and would like to handle reauthenticating with Microsoft Entra ID upon token expiry.
+* [Authenticate with Microsoft Entra ID - Using Token Cache](#authenticate-with-azure-ad-using-token-cache):
+ This sample is recommended to users looking to build long-running applications that would like to handle reauthenticating with a token cache. The token cache stores and proactively refreshes the Microsoft Entra access token 2 minutes before expiry and ensures a non-expired token is available for use when the cache is accessed.
-#### Authenticate with Azure AD: Hello World
+#### Authenticate with Microsoft Entra ID: Hello World
-This sample is intended to assist in authenticating a hosted Azure Cache for Redis instance with Azure AD via the ioredis client library. It focuses on displaying the logic required to fetch an Azure AD access token and to use it as the password when setting up the ioredis instance.
+This sample is intended to assist in authenticating a hosted Azure Cache for Redis instance with Microsoft Entra ID via the ioredis client library. It focuses on displaying the logic required to fetch a Microsoft Entra access token and to use it as the password when setting up the ioredis instance.
##### Migration Guidance
-When migrating your existing application code to authenticate with Azure AD, replace the password input with Azure AD token. Azure Redis Cache name, username, Azure AD token, and use of SSL are required while connecting with the cache.
+When migrating your existing application code to authenticate with Microsoft Entra ID, replace the password input with Microsoft Entra token. Azure Redis Cache name, username, Microsoft Entra token, and use of SSL are required while connecting with the cache.
The username will depend on whether you're using service principal, managed identity, or Microsoft username. In case of service principal, the name of the app registration should be used as the username. In case of system-assigned managed identity, the username should be the name of the resource on which the system-assigned managed identity is enabled. In case of user-assigned managed identity, the name should be the username.
-Integrate the logic in your application code to fetch an Azure AD access token via the Azure Identity library, as shown below. Replace it with the password configuring/retrieving logic in your application code.
+Integrate the logic in your application code to fetch a Microsoft Entra access token via the Azure Identity library, as shown below. Replace it with the password configuring/retrieving logic in your application code.
```ts
import Redis from "ioredis";
@@ -53,7 +53,7 @@ async function main() {
const credential = new DefaultAzureCredential();
const redisScope = "acca5fbb-b7e4-4009-81f1-37e38fd66d78/.default";
- // Fetch an Azure AD token to be used for authentication. This token will be used as the password.
+ // Fetch a Microsoft Entra token to be used for authentication. This token will be used as the password.
let accessToken = await credential.getToken(
redisScope
);
@@ -82,9 +82,9 @@ main().catch((err) => {
});
```
-##### Supported Token Credentials for Azure AD Authentication
+##### Supported Token Credentials for Microsoft Entra Authentication
-**Note:** The samples in this doc use the Azure Identity library's `DefaultAzureCredential` to fetch an Azure AD access token. The samples also use the service principal name as the username. The other supported `TokenCredential` implementations that can be used from the [Azure Identity for JavaScript](https://docs.microsoft.com/javascript/api/overview/azure/identity-readme?view=azure-node-latest) library are as follows:
+**Note:** The samples in this doc use the Azure Identity library's `DefaultAzureCredential` to fetch a Microsoft Entra access token. The samples also use the service principal name as the username. The other supported `TokenCredential` implementations that can be used from the [Azure Identity for JavaScript](https://learn.microsoft.com/javascript/api/overview/azure/identity-readme?view=azure-node-latest) library are as follows:
* [Client Certificate Credential](https://docs.microsoft.com/javascript/api/@azure/identity/clientcertificatecredential?view=azure-node-latest)
* [Client Secret Credential](https://docs.microsoft.com/javascript/api/@azure/identity/clientsecretcredential?view=azure-node-latest)
@@ -94,14 +94,14 @@ main().catch((err) => {
* [Interactive Browser Credential](https://docs.microsoft.com/javascript/api/@azure/identity/interactivebrowsercredential?view=azure-node-latest)
* [Device Code Credential](https://docs.microsoft.com/javascript/api/@azure/identity/devicecodecredential?view=azure-node-latest)
-#### Authenticate with Azure AD: Handle Reauthentication
+#### Authenticate with Microsoft Entra ID: Handle Reauthentication
-This sample is intended to assist in authenticating a hosted Azure Cache for Redis instance with Azure AD via ioredis. It shows the logic required to fetch an Azure AD access token and to use it as the password when setting up the ioredis instance. It further shows how to recreate and authenticate the ioredis instance when its connection is broken in error/exception scenarios.
+This sample is intended to assist in authenticating a hosted Azure Cache for Redis instance with Microsoft Entra ID via ioredis. It shows the logic required to fetch a Microsoft Entra access token and to use it as the password when setting up the ioredis instance. It further shows how to recreate and authenticate the ioredis instance when its connection is broken in error/exception scenarios.
##### Migration Guidance
-When migrating your existing application code to authenticate with Azure AD, replace the password input with Azure AD token.
-Integrate the logic in your application code to fetch an Azure AD access token via the Azure Identity library, as shown below. Replace the password configuring/retrieving logic in your application code.
+When migrating your existing application code to authenticate with Microsoft Entra ID, replace the password input with Microsoft Entra token.
+Integrate the logic in your application code to fetch a Microsoft Entra access token via the Azure Identity library, as shown below. Replace the password configuring/retrieving logic in your application code.
```ts
import Redis from "ioredis";
@@ -112,7 +112,7 @@ dotenv.config();
async function returnPassword(credential: TokenCredential) {
const redisScope = "acca5fbb-b7e4-4009-81f1-37e38fd66d78/.default";
- // Fetch an Azure AD token to be used for authentication. This token will be used as the password.
+ // Fetch a Microsoft Entra token to be used for authentication. This token will be used as the password.
return credential.getToken(redisScope);
}
@@ -163,14 +163,14 @@ main().catch((err) => {
});
```
-#### Authenticate with Azure AD: Using Token Cache
+#### Authenticate with Microsoft Entra ID: Using Token Cache
-This sample is intended to assist in authenticating a hosted Azure Cache for Redis instance with Azure AD via the ioredis client library. It focuses on displaying the logic required to fetch an Azure AD access token using a token cache and to use it as password when setting up the ioredis instance. It also shows how to recreate and authenticate the ioredis instance using the cached access token when the client's connection is broken in error/exception scenarios. The token cache stores and proactively refreshes the Azure AD access token 2 minutes before expiry and ensures a non-expired token is available for use when the cache is accessed.
+This sample is intended to assist in authenticating a hosted Azure Cache for Redis instance with Microsoft Entra ID via the ioredis client library. It focuses on displaying the logic required to fetch a Microsoft Entra access token using a token cache and to use it as password when setting up the ioredis instance. It also shows how to recreate and authenticate the ioredis instance using the cached access token when the client's connection is broken in error/exception scenarios. The token cache stores and proactively refreshes the Microsoft Entra access token 2 minutes before expiry and ensures a non-expired token is available for use when the cache is accessed.
##### Migration Guidance
-When migrating your existing your application code to authenticate with Azure AD, you need to replace the password input with the Azure AD token.
-Integrate the logic in your application code to fetch an Azure AD access token via the Azure Identity library. Store the token in a token cache, as shown below. Replace the token with the password configuring/retrieving logic in your application code.
+When migrating your existing your application code to authenticate with Microsoft Entra ID, you need to replace the password input with the Microsoft Entra token.
+Integrate the logic in your application code to fetch a Microsoft Entra access token via the Azure Identity library. Store the token in a token cache, as shown below. Replace the token with the password configuring/retrieving logic in your application code.
```ts
import Redis from "ioredis";
@@ -187,7 +187,7 @@ function randomNumber(min, max) {
async function returnPassword(credential: TokenCredential) {
const redisScope = "acca5fbb-b7e4-4009-81f1-37e38fd66d78/.default";
- // Fetch an Azure AD token to be used for authentication. This token will be used as the password.
+ // Fetch a Microsoft Entra token to be used for authentication. This token will be used as the password.
let accessToken = await credential.getToken(redisScope);
return accessToken;
}
@@ -261,7 +261,7 @@ main().catch((err) => {
In this error scenario, the username provided and the access token used as password are not compatible. To mitigate this error, navigate to your Azure Cache for Redis resource in the Azure portal. Confirm that:
- In **Data Access Configuration**, you've assigned the required role to your user/service principal identity.
-- In **Advanced settings**, the **Azure AD access authorization** box is selected. If not, select it and select the **Save** button.
+- In **Advanced settings**, the **Microsoft Entra Authentication** box is selected. If not, select it and select the **Save** button.
##### Permissions not granted / NOPERM Error
diff --git a/sdk/identity/identity/samples/AzureCacheForRedis/node-redis.md b/sdk/identity/identity/samples/AzureCacheForRedis/node-redis.md
index 4cc8d08977e..17ca0172d0f 100644
--- a/sdk/identity/identity/samples/AzureCacheForRedis/node-redis.md
+++ b/sdk/identity/identity/samples/AzureCacheForRedis/node-redis.md
@@ -1,11 +1,11 @@
-## Azure Cache for Redis: Azure AD with node-redis client library
+## Azure Cache for Redis: Microsoft Entra ID with node-redis client library
### Table of contents
- [Prerequisites](#prerequisites)
-- [Authenticate with Azure AD - Hello World](#authenticate-with-azure-ad-node-redis-hello-world)
-- [Authenticate with Azure AD - Handle Reauthentication](#authenticate-with-azure-ad-handle-reauthentication)
-- [Authenticate with Azure AD - Using Token Cache](#authenticate-with-azure-ad-using-token-cache)
+- [Authenticate with Microsoft Entra ID - Hello World](#authenticate-with-azure-ad-node-redis-hello-world)
+- [Authenticate with Microsoft Entra ID - Handle Reauthentication](#authenticate-with-azure-ad-handle-reauthentication)
+- [Authenticate with Microsoft Entra ID - Using Token Cache](#authenticate-with-azure-ad-using-token-cache)
- [Troubleshooting](#troubleshooting)
#### Prerequisites
@@ -24,22 +24,22 @@
#### Samples Guidance
-* [Authenticate with Azure AD - Hello World](#authenticate-with-azure-ad-hello-world):
- This sample is recommended for users getting started to use Azure AD authentication with Azure Cache for Redis.
-* [Authenticate with Azure AD - Handle Reauthentication](#authenticate-with-azure-ad-handle-reauthentication):
- This sample is recommended to users looking to build long-running applications and would like to handle reauthenticating with Azure AD upon token expiry.
-* [Authenticate with Azure AD - Using Token Cache](#authenticate-with-azure-ad-using-token-cache):
- This sample is recommended to users looking to build long-running applications that would like to handle reauthenticating with a token cache. The token cache stores and proactively refreshes the Azure AD access token 2 minutes before expiry and ensures a non-expired token is available for use when the cache is accessed.
+* [Authenticate with Microsoft Entra ID - Hello World](#authenticate-with-azure-ad-hello-world):
+ This sample is recommended for users getting started to use Microsoft Entra authentication with Azure Cache for Redis.
+* [Authenticate with Microsoft Entra ID - Handle Reauthentication](#authenticate-with-azure-ad-handle-reauthentication):
+ This sample is recommended to users looking to build long-running applications and would like to handle reauthenticating with Microsoft Entra ID upon token expiry.
+* [Authenticate with Microsoft Entra ID - Using Token Cache](#authenticate-with-azure-ad-using-token-cache):
+ This sample is recommended to users looking to build long-running applications that would like to handle reauthenticating with a token cache. The token cache stores and proactively refreshes the Microsoft Entra access token 2 minutes before expiry and ensures a non-expired token is available for use when the cache is accessed.
-#### Authenticate with Azure AD: Hello World
+#### Authenticate with Microsoft Entra ID: Hello World
-This sample is intended to assist in authenticating a hosted Azure Cache for Redis instance with Azure AD via the node-redis client library. It focuses on displaying the logic required to fetch an Azure AD access token and to use it as password when setting up the node-redis instance.
+This sample is intended to assist in authenticating a hosted Azure Cache for Redis instance with Microsoft Entra ID via the node-redis client library. It focuses on displaying the logic required to fetch a Microsoft Entra access token and to use it as password when setting up the node-redis instance.
##### Migration guidance
-When migrating your existing application code to authenticate with Azure AD, replace the password input with the Azure AD token. Azure Redis Cache name, service principal username, Azure AD token, and use of SSL are required while connecting with the cache. The username will depend on whether you're using service principal, managed identity, or Microsoft username. In case of service principal, the name of the app registration should be used as the username. In case of system-assigned managed identity, the username should be the name of the resource on which the system-assigned managed identity is enabled. In case of user-assigned managed identity, the name should be the username.
+When migrating your existing application code to authenticate with Microsoft Entra ID, replace the password input with the Microsoft Entra token. Azure Redis Cache name, service principal username, Microsoft Entra token, and use of SSL are required while connecting with the cache. The username will depend on whether you're using service principal, managed identity, or Microsoft username. In case of service principal, the name of the app registration should be used as the username. In case of system-assigned managed identity, the username should be the name of the resource on which the system-assigned managed identity is enabled. In case of user-assigned managed identity, the name should be the username.
-Integrate the logic in your application code to fetch an Azure AD access token via the Azure Identity library, as shown below. Replace it with the password configuring/retrieving logic in your application code.
+Integrate the logic in your application code to fetch a Microsoft Entra access token via the Azure Identity library, as shown below. Replace it with the password configuring/retrieving logic in your application code.
```ts
import { createClient } from "redis";
@@ -52,7 +52,7 @@ async function main() {
const credential = new DefaultAzureCredential();
const redisScope = "acca5fbb-b7e4-4009-81f1-37e38fd66d78/.default";
- // Fetch an Azure AD token to be used for authentication. This token will be used as the password.
+ // Fetch a Microsoft Entra token to be used for authentication. This token will be used as the password.
let accessToken = await credential.getToken(redisScope);
console.log("access Token", accessToken);
@@ -83,9 +83,9 @@ main().catch((err) => {
});
```
-##### Supported Token Credentials for Azure AD Authentication
+##### Supported Token Credentials for Microsoft Entra Authentication
-**Note:** The samples in this doc use the Azure Identity library's `DefaultAzureCredential` to fetch Azure AD access token. The samples also use a Service Principal name as the username. The other supported `TokenCredential` implementations that can be used from [Azure Identity for JavaScript](https://docs.microsoft.com/javascript/api/overview/azure/identity-readme?view=azure-node-latest) are as follows:
+**Note:** The samples in this doc use the Azure Identity library's `DefaultAzureCredential` to fetch Microsoft Entra access token. The samples also use a Service Principal name as the username. The other supported `TokenCredential` implementations that can be used from [Azure Identity for JavaScript](https://learn.microsoft.com/javascript/api/overview/azure/identity-readme?view=azure-node-latest) are as follows:
* [Client Certificate Credential](https://docs.microsoft.com/javascript/api/@azure/identity/clientcertificatecredential?view=azure-node-latest)
* [Client Secret Credential](https://docs.microsoft.com/javascript/api/@azure/identity/clientsecretcredential?view=azure-node-latest)
@@ -95,13 +95,13 @@ main().catch((err) => {
* [Interactive Browser Credential](https://docs.microsoft.com/javascript/api/@azure/identity/interactivebrowsercredential?view=azure-node-latest)
* [Device Code Credential](https://docs.microsoft.com/javascript/api/@azure/identity/devicecodecredential?view=azure-node-latest)
-#### Authenticate with Azure AD: Handle Reauthentication
+#### Authenticate with Microsoft Entra ID: Handle Reauthentication
-This sample is intended to assist in authenticating a hosted Azure Cache for Redis instance with Azure AD via the node-redis client library. It focuses on displaying the logic required to fetch an Azure AD access token and to use it as password when setting up the node-redis instance. It further shows how to recreate and authenticate the node-redis instance when its connection is broken in error/exception scenarios.
+This sample is intended to assist in authenticating a hosted Azure Cache for Redis instance with Microsoft Entra ID via the node-redis client library. It focuses on displaying the logic required to fetch a Microsoft Entra access token and to use it as password when setting up the node-redis instance. It further shows how to recreate and authenticate the node-redis instance when its connection is broken in error/exception scenarios.
##### Migration guidance
-When migrating your existing application code to authenticate with Azure AD, replace the password input with the Azure AD token. Integrate the logic in your application code to fetch an Azure AD access token via the Identity library, as shown below. Replace the password configuring/retrieving logic in your application code.
+When migrating your existing application code to authenticate with Microsoft Entra ID, replace the password input with the Microsoft Entra token. Integrate the logic in your application code to fetch a Microsoft Entra access token via the Identity library, as shown below. Replace the password configuring/retrieving logic in your application code.
```ts
import { createClient } from "redis";
@@ -112,7 +112,7 @@ dotenv.config();
async function returnPassword(credential: TokenCredential) {
const redisScope = "acca5fbb-b7e4-4009-81f1-37e38fd66d78/.default";
- // Fetch an Azure AD token to be used for authentication. This token will be used as the password.
+ // Fetch a Microsoft Entra token to be used for authentication. This token will be used as the password.
return credential.getToken(redisScope);
}
@@ -167,14 +167,14 @@ main().catch((err) => {
});
```
-#### Authenticate with Azure AD: Using Token Cache
+#### Authenticate with Microsoft Entra ID: Using Token Cache
-This sample is intended to assist in authenticating a hosted Azure Cache for Redis instance with Azure AD via node-redis client library. It focuses on displaying the logic required to fetch an Azure AD access token using a token cache and to use it as password when setting up the node-redis instance. It also shows how to recreate and authenticate the node-redis instance using the cached access token when the client's connection is broken in error/exception scenarios. The token cache stores and proactively refreshes the Azure AD access token 2 minutes before expiry and ensures a non-expired token is available for use when the cache is accessed.
+This sample is intended to assist in authenticating a hosted Azure Cache for Redis instance with Microsoft Entra ID via node-redis client library. It focuses on displaying the logic required to fetch a Microsoft Entra access token using a token cache and to use it as password when setting up the node-redis instance. It also shows how to recreate and authenticate the node-redis instance using the cached access token when the client's connection is broken in error/exception scenarios. The token cache stores and proactively refreshes the Microsoft Entra access token 2 minutes before expiry and ensures a non-expired token is available for use when the cache is accessed.
##### Migration Guidance
-When migrating your existing your application code to authenticate with Azure AD, replace the password input with the Azure AD token.
-Integrate the logic in your application code to fetch an Azure AD access token via the Azure Identity library. Store the token in a token cache, as shown below. Replace the token with the password configuring/retrieving logic in your application code.
+When migrating your existing your application code to authenticate with Microsoft Entra ID, replace the password input with the Microsoft Entra token.
+Integrate the logic in your application code to fetch a Microsoft Entra access token via the Azure Identity library. Store the token in a token cache, as shown below. Replace the token with the password configuring/retrieving logic in your application code.
```ts
import { createClient } from "redis";
@@ -185,7 +185,7 @@ dotenv.config();
async function returnPassword(credential: TokenCredential) {
const redisScope = "acca5fbb-b7e4-4009-81f1-37e38fd66d78/.default";
- // Fetch an Azure AD token to be used for authentication. This token will be used as the password.
+ // Fetch a Microsoft Entra token to be used for authentication. This token will be used as the password.
return credential.getToken(redisScope);
}
function randomNumber(min, max) {
@@ -267,7 +267,7 @@ main().catch((err) => {
In this error scenario, the username provided and the access token used as password are not compatible. To mitigate this error, navigate to your Azure Cache for Redis resource in the Azure portal. Confirm that:
* In **Data Access Configuration**, you've assigned the required role to your user/service principal identity.
-* In **Advanced settings**, the **Azure AD access authorization** box is selected. If not, select it and select the **Save** button.
+* In **Advanced settings**, the **Microsoft Entra Authentication** box is selected. If not, select it and select the **Save** button.
##### Permissions not granted / NOPERM Error
diff --git a/sdk/identity/identity/samples/AzureIdentityExamples.md b/sdk/identity/identity/samples/AzureIdentityExamples.md
index f5128732c0b..9e5c3743da5 100644
--- a/sdk/identity/identity/samples/AzureIdentityExamples.md
+++ b/sdk/identity/identity/samples/AzureIdentityExamples.md
@@ -44,8 +44,8 @@ For client-side applications running in the browser, the `InteractiveBrowserCred
- In your app registration in the Azure portal, go to `API Permissions`
- Click on `Add a permission`
- Select the API you want to use. For example, if you're using any of our management/control plane packages (the ones whose name starts with `@azure/arm-`), you should select **Azure Service Management**.
-- Ensure that your AAD Application has enabled public authentication flows:
- - Go to Azure Active Directory in the Azure portal and find your app registration.
+- Ensure that your Microsoft Entra Application has enabled public authentication flows:
+ - Go to Microsoft Entra ID in the Azure portal and find your app registration.
- Navigate to the **Authentication** section.
- Under **Advanced settings**, select **yes** on the option **Allow public client flows**.
@@ -91,7 +91,7 @@ Authenticating user accounts is the easiest way to get started with minimal set
| Credential with example | Usage | Setup |
| --------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-|[AzureDeveloperCliCredential](#authenticatin-a-user-account-with-azure-developer-cli) | Authenticate in a development environment with Azure Developer CLI. | [Install the Azure Developer CLI](https://learn.microsoft.com/azure/developer/azure-developer-cli/install-azd) and login using the [`azd auth login` command](https://learn.microsoft.com/azure/developer/azure-developer-cli/reference?source=recommendations#azd-auth-login).
+|[AzureDeveloperCliCredential](#authenticating-a-user-account-with-azure-developer-cli) | Authenticate in a development environment with Azure Developer CLI. | [Install the Azure Developer CLI](https://learn.microsoft.com/azure/developer/azure-developer-cli/install-azd) and login using the [`azd auth login` command](https://learn.microsoft.com/azure/developer/azure-developer-cli/reference?source=recommendations#azd-auth-login).
| [AzureCliCredential](#authenticating-a-user-account-with-azure-cli) | Authenticate in a development environment with the Azure CLI. | [Install Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli) and [login using az cli command](https://docs.microsoft.com/cli/azure/authenticate-azure-cli) |
| [AzurePowerShellCredential](#authenticating-a-user-account-with-azure-powershell) | Authenticate in a development environment with Azure PowerShell. | [Install Azure PowerShell](https://docs.microsoft.com/powershell/azure/install-az-ps) and [login using the `Connect-AzAccount` cmdlet](https://docs.microsoft.com/powershell/azure/authenticate-azureps) |
| [DefaultAzureCredential](#authenticating-with-defaultazurecredential) | Tries `AzureDeveloperCliCredential`, `AzureCliCredential`, `AzurePowerShellCredential`, and other credentials sequentially until one of them succeeds. Use this to have your application authenticate using developer tools, service principals, or managed identity based on what's available in the current environment without changing your code. |
@@ -100,7 +100,7 @@ Authenticating user accounts is the easiest way to get started with minimal set
An Azure service principal is an identity created for use with applications, hosted services, and automated tools to access Azure resources. The roles assigned by the service principal will determine what resources are accessible. For security reasons, use service principals through automation rather than allowing them to log in with a user identity.
-To learn more, read [Application and service principal objects in Azure Active Directory][app-register-service-principal]
+To learn more, read [Application and service principal objects in Microsoft Entra ID][app-register-service-principal].
**Setup**:
@@ -121,7 +121,7 @@ If your application is hosted in Azure, you can make use of [Managed Identity](h
| Credential with example | Usage |
| --------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-|[WorkloadIdentityCredential](#authenticating-in-azure-with-workload-identity) | Authenticate in Azure Kubernetes environment with [Azure Active Directory (Azure AD) workload identities (preview)](https://learn.microsoft.com/azure/active-directory/workload-identities/workload-identities-overview), which [integrates with the Kubernetes native capabilities](https://learn.microsoft.com/azure/aks/workload-identity-overview) to federate with any external identity providers. |
+|[WorkloadIdentityCredential](#authenticating-in-azure-with-workload-identity) | Authenticate in Azure Kubernetes environment with [Microsoft Entra Workload ID](https://learn.microsoft.com/azure/active-directory/workload-identities/workload-identities-overview), which [integrates with the Kubernetes native capabilities](https://learn.microsoft.com/azure/aks/workload-identity-overview) to federate with any external identity providers. |
| [ManagedIdentityCredential](#authenticating-in-azure-with-managed-identity) | Authenticate in a virtual machine, App Service, Functions app, Cloud Shell, or AKS environment on Azure, with system-assigned managed identity, user-assigned managed identity, or app registration (when working with AKS pod identity). |
| [DefaultAzureCredential](#authenticating-with-defaultazurecredential) | Tries `EnvironmentCredential`, `ManagedIdentityCredential`, `AzureCliCredential`, `AzurePowerShellCredential`, and other credentials sequentially until one of them succeeds. Use this to have your application authenticate using developer tools, service principals or managed identity based on what is available in the current environment without changing your code. |
@@ -166,7 +166,7 @@ function withDefaultAzureCredential() {
For clients with a default browser available and client-side applications running in the browser, the `InteractiveBrowserCredential` provides the most direct user authentication experience. In the sample below, an application authenticates a `SecretClient` from the [@azure/service-bus][service_bus_client_library] using the `InteractiveBrowserCredential`.
-For Node.js, if a `clientId` is provided, the Azure Active Directory application will need to be configured to have a "Mobile and desktop applications" redirect endpoint. Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://docs.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).
+For Node.js, if a `clientId` is provided, the Microsoft Entra application will need to be configured to have a "Mobile and desktop applications" redirect endpoint. Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://learn.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).
For client-side applications running in the browser, the `InteractiveBrowserCredential` is the only credential type that is supported. For more information, see [Authenticating client-side browser applications](#authenticating-client-side-browser-applications).
@@ -189,7 +189,7 @@ You'll need to:
- [Create an application registration][quickstart-register-app]
- [Create a Service Principal with the Azure CLI][service_principal_azure_cli] or [Create an Azure service principal with Azure PowerShell][service_principal_azure_powershell]
-To learn more about service principals, see [Application and service principal objects in Azure Active Directory][app-register-service-principal].
+To learn more about service principals, see [Application and service principal objects in Microsoft Entra ID][app-register-service-principal].
In the following sample, an application authenticates a `SecretClient` from the [@azure/service-bus][service_bus_client_library] using the `ClientSecretCredential`:
@@ -223,7 +223,7 @@ You'll need to:
- `AZURE_CLIENT_ID`, containing the ID of the user/service principal to authenticate as.
- `AZURE_CLIENT_SECRET`, containing a client secret created belonging to the same user/service principal.
-To learn more about service principals, see [Application and service principal objects in Azure Active Directory][app-register-service-principal].
+To learn more about service principals, see [Application and service principal objects in Microsoft Entra ID][app-register-service-principal].
```ts
/**
@@ -244,7 +244,7 @@ You'll need to:
- [Create an application registration][quickstart-register-app]
- [Create a Service Principal with the Azure CLI][service_principal_azure_cli] or [Create an Azure service principal with Azure PowerShell][service_principal_azure_powershell]
-To learn more about service principals, see [Application and service principal objects in Azure Active Directory][app-register-service-principal].
+To learn more about service principals, see [Application and service principal objects in Microsoft Entra ID][app-register-service-principal].
```ts
/**
@@ -270,7 +270,7 @@ You'll need to:
- [Create a Service Principal with the Azure CLI][service_principal_azure_cli] or [Create an Azure service principal with Azure PowerShell][service_principal_azure_powershell]
- [Register the certificate with the Microsoft Identity platform][register_certificate_app_registration]
-To learn more about service principals, see [Application and service principal objects in Azure Active Directory][app-register-service-principal].
+To learn more about service principals, see [Application and service principal objects in Microsoft Entra ID][app-register-service-principal].
```ts
/**
@@ -343,7 +343,7 @@ This example demonstrates authenticating the `SecretClient` from the [@azure/key
To authenticate a user through device code flow, complete the following steps:
-1. Go to Azure Active Directory in Azure portal and find your app registration.
+1. Go to Microsoft Entra ID in Azure portal and find your app registration.
2. Navigate to the **Authentication** section.
3. Under **Advanced settings**, select `yes` on the option `Allow public client flows`.
@@ -641,7 +641,7 @@ The ActiveDirectory Authority in the output will be your Azure Authority Host
### Determine the Tenant ID for Azure Stack
-If the Identity provider of your Azure Stack is Azure Active Directory (Azure AD), contact your Azure Stack administrator to find your tenant ID. Otherwise, if the Identity provider of your Azure Stack is Active Directory Federation Services (ADFS), your tenant ID is `adfs`.
+If the Identity provider of your Azure Stack is Microsoft Entra ID, contact your Azure Stack administrator to find your tenant ID. Otherwise, if the Identity provider of your Azure Stack is Active Directory Federation Services (ADFS), your tenant ID is `adfs`.
### Authentication example
@@ -668,7 +668,7 @@ function main() {
### Custom Credentials
-The `@azure/identity` library covers a broad range of Azure Active Directory authentication scenarios. However, we understand there are cases in which the credentials provided might not meet the specific needs of your application. Some applications might avoid taking a dependency on the `@azure/identity` package. In such cases, you may want to write your custom credential.
+The `@azure/identity` library covers a broad range of Microsoft Entra authentication scenarios. However, we understand there are cases in which the credentials provided might not meet the specific needs of your application. Some applications might avoid taking a dependency on the `@azure/identity` package. In such cases, you may want to write your custom credential.
In this section, we'll examine some such scenarios.
@@ -882,7 +882,7 @@ class BrowserCredential implements TokenCredential {
}
```
-The following example shows how the `BrowserCredential` could be used to authenticate a `ServiceBusClient`. For this example to work, the redirect URI configured in the AAD application should point to the same page that runs this code originally. For example, `http://localhost:80`.
+The following example shows how the `BrowserCredential` could be used to authenticate a `ServiceBusClient`. For this example to work, the redirect URI configured in the Microsoft Entra application should point to the same page that runs this code originally. For example, `http://localhost:80`.
```ts
import { ServiceBusClient } from "@azure/service-bus";
@@ -910,7 +910,7 @@ Once you have a certificate, you may export the certificate with the Azure CLI f
You can also export your certificate through the Azure portal. Navigate to your Key Vault resource, go to a specific certificate, then download the certificate in PFX/PEM format.
-Once you have a Key Vault certificate downloaded, go to Azure Active Directory. Find the Enterprise app you want to authenticate with, go to **Certificates & secrets**, and upload the certificate.
+Once you have a Key Vault certificate downloaded, go to Microsoft Entra ID. Find the Enterprise app you want to authenticate with, go to **Certificates & secrets**, and upload the certificate.
After that, you can authenticate by pointing the `@azure/identity`'s `ClientCertificateCredential` to the PEM certificate's path, as follows:
@@ -1035,9 +1035,9 @@ Two accounts participate in the OBO flow:
- A user, which aims to obtain a special access level. Typically, the `AuthorizationCodeCredential` would be used. We'll call this identity the **User Account**.
- An app registration, which will act as the provider of the special access level. We'll call this identity the **Target App Registration**.
-Both accounts must belong to the same Azure AD tenant.
+Both accounts must belong to the same Microsoft Entra tenant.
-While other credentials authenticate requesting access to a set of resources, the OBO flow requires the user token to have access specifically to the scope of the Azure AD app that will delegate its access to the users. For this authentication flow to work, the **Target App Registration** must be configured with a custom scope. To create a scope through the Azure portal:
+While other credentials authenticate requesting access to a set of resources, the OBO flow requires the user token to have access specifically to the scope of the Microsoft Entra app that will delegate its access to the users. For this authentication flow to work, the **Target App Registration** must be configured with a custom scope. To create a scope through the Azure portal:
1. Select **Active Directory** > **App registrations**.
2. Go to the app you want to authenticate against.
@@ -1291,7 +1291,7 @@ By setting `unsafeAllowUnencryptedStorage` to `true`, the credential will encryp
### Authenticate national clouds
-National clouds are physically isolated instances of Azure. These regions of Azure are designed to make sure that data residency, sovereignty, and compliance requirements are honored within geographical boundaries. Including the global cloud, Azure Active Directory (Azure AD) is deployed in the following national clouds:
+National clouds are physically isolated instances of Azure. These regions of Azure are designed to make sure that data residency, sovereignty, and compliance requirements are honored within geographical boundaries. Including the global cloud, Microsoft Entra ID is deployed in the following national clouds:
- Azure Government
- Azure Germany
@@ -1313,12 +1313,12 @@ const credential = new ClientSecretCredential(
The following table shows common values provided through the `AzureAuthorityHosts`.
-| National Cloud | Azure AD authentication endpoint | AzureAuthorityHost |
+| National Cloud | Microsoft Entra authentication endpoint | AzureAuthorityHost |
| ----------------------------------- | --------------------------------- | -------------------------------------- |
-| Azure AD for US Government | https://login.microsoftonline.us | `AzureAuthorityHosts.AzureGovernment` |
-| Azure AD Germany | https://login.microsoftonline.de | `AzureAuthorityHosts.AzureGermany` |
-| Azure AD China operated by 21Vianet | https://login.chinacloudapi.cn | `AzureAuthorityHosts.AzureChina` |
-| Azure AD (global service) | https://login.microsoftonline.com | `AzureAuthorityHosts.AzurePublicCloud` |
+| Microsoft Entra ID for US Government | https://login.microsoftonline.us | `AzureAuthorityHosts.AzureGovernment` |
+| Microsoft Entra ID Germany | https://login.microsoftonline.de | `AzureAuthorityHosts.AzureGermany` |
+| Microsoft Entra ID China operated by 21Vianet | https://login.chinacloudapi.cn | `AzureAuthorityHosts.AzureChina` |
+| Microsoft Entra ID (global service) | https://login.microsoftonline.com | `AzureAuthorityHosts.AzurePublicCloud` |
To learn more about Azure Authentication for National Clouds, see [National clouds](https://docs.microsoft.com/azure/active-directory/develop/authentication-national-cloud).
diff --git a/sdk/identity/identity/samples/v2/javascript/README.md b/sdk/identity/identity/samples/v2/javascript/README.md
index 022895299d2..502f2d4c929 100644
--- a/sdk/identity/identity/samples/v2/javascript/README.md
+++ b/sdk/identity/identity/samples/v2/javascript/README.md
@@ -24,7 +24,7 @@ The sample programs are compatible with [LTS versions of Node.js](https://github
You need [an Azure subscription][freesub] and the following Azure resources to run these sample programs:
-- [Azure Active Directory App Registration][createinstance_azureactivedirectoryappregistration]
+- [Microsoft Entra App Registration][createinstance_azureactivedirectoryappregistration]
- [Azure Key Vault][createinstance_azurekeyvault]
Samples retrieve credentials to access the service endpoint from environment variables. Alternatively, edit the source code to include the appropriate credentials. See each individual sample for details on which environment variables/credentials it requires to function.
diff --git a/sdk/identity/identity/samples/v2/javascript/clientSecretCredential.js b/sdk/identity/identity/samples/v2/javascript/clientSecretCredential.js
index 974275a904a..33c5d21c57b 100644
--- a/sdk/identity/identity/samples/v2/javascript/clientSecretCredential.js
+++ b/sdk/identity/identity/samples/v2/javascript/clientSecretCredential.js
@@ -13,8 +13,8 @@ require("dotenv").config();
async function main() {
const credential = new ClientSecretCredential(
- process.env.AZURE_TENANT_ID, // The tenant ID in Azure Active Directory
- process.env.AZURE_CLIENT_ID, // The app registration client Id in the AAD tenant
+ process.env.AZURE_TENANT_ID, // The tenant ID in Microsoft Entra ID
+ process.env.AZURE_CLIENT_ID, // The app registration client Id in the Microsoft Entra tenant
process.env.AZURE_CLIENT_SECRET // The app registration secret for the registered application
);
diff --git a/sdk/identity/identity/samples/v2/javascript/environmentCredential.js b/sdk/identity/identity/samples/v2/javascript/environmentCredential.js
index 9de22c42f74..a9cf85f4665 100644
--- a/sdk/identity/identity/samples/v2/javascript/environmentCredential.js
+++ b/sdk/identity/identity/samples/v2/javascript/environmentCredential.js
@@ -13,8 +13,8 @@ require("dotenv").config();
async function main() {
// EnvironmentCredential expects the following three environment variables:
- // - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
- // - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
+ // - AZURE_TENANT_ID: The tenant ID in Microsoft Entra ID
+ // - AZURE_CLIENT_ID: The application (client) ID registered in the Microsoft Entra tenant
// - AZURE_CLIENT_SECRET: The client secret for the registered application
const credential = new EnvironmentCredential();
diff --git a/sdk/identity/identity/samples/v2/typescript/README.md b/sdk/identity/identity/samples/v2/typescript/README.md
index 4de84645a76..4712edc5617 100644
--- a/sdk/identity/identity/samples/v2/typescript/README.md
+++ b/sdk/identity/identity/samples/v2/typescript/README.md
@@ -30,7 +30,7 @@ npm install -g typescript
You need [an Azure subscription][freesub] and the following Azure resources to run these sample programs:
-- [Azure Active Directory App Registration][createinstance_azureactivedirectoryappregistration]
+- [Microsoft Entra App Registration][createinstance_azureactivedirectoryappregistration]
- [Azure Key Vault][createinstance_azurekeyvault]
Samples retrieve credentials to access the service endpoint from environment variables. Alternatively, edit the source code to include the appropriate credentials. See each individual sample for details on which environment variables/credentials it requires to function.
diff --git a/sdk/identity/identity/samples/v2/typescript/src/clientSecretCredential.ts b/sdk/identity/identity/samples/v2/typescript/src/clientSecretCredential.ts
index a1583e83ce1..0c84b156c11 100644
--- a/sdk/identity/identity/samples/v2/typescript/src/clientSecretCredential.ts
+++ b/sdk/identity/identity/samples/v2/typescript/src/clientSecretCredential.ts
@@ -13,8 +13,8 @@ require("dotenv").config();
export async function main(): Promise {
const credential = new ClientSecretCredential(
- process.env.AZURE_TENANT_ID!, // The tenant ID in Azure Active Directory
- process.env.AZURE_CLIENT_ID!, // The app registration client Id in the AAD tenant
+ process.env.AZURE_TENANT_ID!, // The tenant ID in Microsoft Entra ID
+ process.env.AZURE_CLIENT_ID!, // The app registration client Id in the Microsoft Entra tenant
process.env.AZURE_CLIENT_SECRET! // The app registration secret for the registered application
);
diff --git a/sdk/identity/identity/samples/v2/typescript/src/environmentCredential.ts b/sdk/identity/identity/samples/v2/typescript/src/environmentCredential.ts
index 4c65691c285..ceb625072ea 100644
--- a/sdk/identity/identity/samples/v2/typescript/src/environmentCredential.ts
+++ b/sdk/identity/identity/samples/v2/typescript/src/environmentCredential.ts
@@ -13,8 +13,8 @@ require("dotenv").config();
export async function main(): Promise {
// EnvironmentCredential expects the following three environment variables:
- // - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
- // - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
+ // - AZURE_TENANT_ID: The tenant ID in Microsoft Entra ID
+ // - AZURE_CLIENT_ID: The application (client) ID registered in the Microsoft Entra tenant
// - AZURE_CLIENT_SECRET: The client secret for the registered application
const credential = new EnvironmentCredential();
diff --git a/sdk/identity/identity/samples/v3-beta/javascript/README.md b/sdk/identity/identity/samples/v3-beta/javascript/README.md
index 10d180d63da..fcb10eca492 100644
--- a/sdk/identity/identity/samples/v3-beta/javascript/README.md
+++ b/sdk/identity/identity/samples/v3-beta/javascript/README.md
@@ -26,7 +26,7 @@ The sample programs are compatible with [LTS versions of Node.js](https://github
You need [an Azure subscription][freesub] and the following Azure resources to run these sample programs:
-- [Azure Active Directory App Registration][createinstance_azureactivedirectoryappregistration]
+- [Microsoft Entra App Registration][createinstance_azureactivedirectoryappregistration]
- [Azure Key Vault][createinstance_azurekeyvault]
Samples retrieve credentials to access the service endpoint from environment variables. Alternatively, edit the source code to include the appropriate credentials. See each individual sample for details on which environment variables/credentials it requires to function.
diff --git a/sdk/identity/identity/samples/v3-beta/javascript/clientSecretCredential.js b/sdk/identity/identity/samples/v3-beta/javascript/clientSecretCredential.js
index 5479a8dd726..ff229e0b001 100644
--- a/sdk/identity/identity/samples/v3-beta/javascript/clientSecretCredential.js
+++ b/sdk/identity/identity/samples/v3-beta/javascript/clientSecretCredential.js
@@ -13,8 +13,8 @@ require("dotenv").config();
async function main() {
const credential = new ClientSecretCredential(
- process.env.AZURE_TENANT_ID, // The tenant ID in Azure Active Directory
- process.env.AZURE_CLIENT_ID, // The app registration client Id in the AAD tenant
+ process.env.AZURE_TENANT_ID, // The tenant ID in Microsoft Entra ID
+ process.env.AZURE_CLIENT_ID, // The app registration client Id in the Microsoft Entra tenant
process.env.AZURE_CLIENT_SECRET // The app registration secret for the registered application
);
diff --git a/sdk/identity/identity/samples/v3-beta/javascript/environmentCredential.js b/sdk/identity/identity/samples/v3-beta/javascript/environmentCredential.js
index 38a4936ad2c..3286b29c6c2 100644
--- a/sdk/identity/identity/samples/v3-beta/javascript/environmentCredential.js
+++ b/sdk/identity/identity/samples/v3-beta/javascript/environmentCredential.js
@@ -13,8 +13,8 @@ require("dotenv").config();
async function main() {
// EnvironmentCredential expects the following three environment variables:
- // - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
- // - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
+ // - AZURE_TENANT_ID: The tenant ID in Microsoft Entra ID
+ // - AZURE_CLIENT_ID: The application (client) ID registered in the Microsoft Entra tenant
// - AZURE_CLIENT_SECRET: The client secret for the registered application
const credential = new EnvironmentCredential();
diff --git a/sdk/identity/identity/samples/v3-beta/typescript/README.md b/sdk/identity/identity/samples/v3-beta/typescript/README.md
index 72ae1369466..85a0c331617 100644
--- a/sdk/identity/identity/samples/v3-beta/typescript/README.md
+++ b/sdk/identity/identity/samples/v3-beta/typescript/README.md
@@ -32,7 +32,7 @@ npm install -g typescript
You need [an Azure subscription][freesub] and the following Azure resources to run these sample programs:
-- [Azure Active Directory App Registration][createinstance_azureactivedirectoryappregistration]
+- [Microsoft Entra App Registration][createinstance_azureactivedirectoryappregistration]
- [Azure Key Vault][createinstance_azurekeyvault]
Samples retrieve credentials to access the service endpoint from environment variables. Alternatively, edit the source code to include the appropriate credentials. See each individual sample for details on which environment variables/credentials it requires to function.
diff --git a/sdk/identity/identity/samples/v3-beta/typescript/src/clientSecretCredential.ts b/sdk/identity/identity/samples/v3-beta/typescript/src/clientSecretCredential.ts
index 3bc505d3739..7adc92e80f7 100644
--- a/sdk/identity/identity/samples/v3-beta/typescript/src/clientSecretCredential.ts
+++ b/sdk/identity/identity/samples/v3-beta/typescript/src/clientSecretCredential.ts
@@ -13,8 +13,8 @@ require("dotenv").config();
export async function main(): Promise {
const credential = new ClientSecretCredential(
- process.env.AZURE_TENANT_ID!, // The tenant ID in Azure Active Directory
- process.env.AZURE_CLIENT_ID!, // The app registration client Id in the AAD tenant
+ process.env.AZURE_TENANT_ID!, // The tenant ID in Microsoft Entra ID
+ process.env.AZURE_CLIENT_ID!, // The app registration client Id in the Microsoft Entra tenant
process.env.AZURE_CLIENT_SECRET! // The app registration secret for the registered application
);
diff --git a/sdk/identity/identity/samples/v3-beta/typescript/src/environmentCredential.ts b/sdk/identity/identity/samples/v3-beta/typescript/src/environmentCredential.ts
index 4c65691c285..ceb625072ea 100644
--- a/sdk/identity/identity/samples/v3-beta/typescript/src/environmentCredential.ts
+++ b/sdk/identity/identity/samples/v3-beta/typescript/src/environmentCredential.ts
@@ -13,8 +13,8 @@ require("dotenv").config();
export async function main(): Promise {
// EnvironmentCredential expects the following three environment variables:
- // - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
- // - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
+ // - AZURE_TENANT_ID: The tenant ID in Microsoft Entra ID
+ // - AZURE_CLIENT_ID: The application (client) ID registered in the Microsoft Entra tenant
// - AZURE_CLIENT_SECRET: The client secret for the registered application
const credential = new EnvironmentCredential();
diff --git a/sdk/identity/identity/samples/v3/javascript/README.md b/sdk/identity/identity/samples/v3/javascript/README.md
index ae7b4523387..771e5b65013 100644
--- a/sdk/identity/identity/samples/v3/javascript/README.md
+++ b/sdk/identity/identity/samples/v3/javascript/README.md
@@ -26,7 +26,7 @@ The sample programs are compatible with [LTS versions of Node.js](https://github
You need [an Azure subscription][freesub] and the following Azure resources to run these sample programs:
-- [Azure Active Directory App Registration][createinstance_azureactivedirectoryappregistration]
+- [Microsoft Entra App Registration][createinstance_azureactivedirectoryappregistration]
- [Azure Key Vault][createinstance_azurekeyvault]
Samples retrieve credentials to access the service endpoint from environment variables. Alternatively, edit the source code to include the appropriate credentials. See each individual sample for details on which environment variables/credentials it requires to function.
diff --git a/sdk/identity/identity/samples/v3/javascript/clientSecretCredential.js b/sdk/identity/identity/samples/v3/javascript/clientSecretCredential.js
index 5479a8dd726..ff229e0b001 100644
--- a/sdk/identity/identity/samples/v3/javascript/clientSecretCredential.js
+++ b/sdk/identity/identity/samples/v3/javascript/clientSecretCredential.js
@@ -13,8 +13,8 @@ require("dotenv").config();
async function main() {
const credential = new ClientSecretCredential(
- process.env.AZURE_TENANT_ID, // The tenant ID in Azure Active Directory
- process.env.AZURE_CLIENT_ID, // The app registration client Id in the AAD tenant
+ process.env.AZURE_TENANT_ID, // The tenant ID in Microsoft Entra ID
+ process.env.AZURE_CLIENT_ID, // The app registration client Id in the Microsoft Entra tenant
process.env.AZURE_CLIENT_SECRET // The app registration secret for the registered application
);
diff --git a/sdk/identity/identity/samples/v3/javascript/environmentCredential.js b/sdk/identity/identity/samples/v3/javascript/environmentCredential.js
index 38a4936ad2c..3286b29c6c2 100644
--- a/sdk/identity/identity/samples/v3/javascript/environmentCredential.js
+++ b/sdk/identity/identity/samples/v3/javascript/environmentCredential.js
@@ -13,8 +13,8 @@ require("dotenv").config();
async function main() {
// EnvironmentCredential expects the following three environment variables:
- // - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
- // - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
+ // - AZURE_TENANT_ID: The tenant ID in Microsoft Entra ID
+ // - AZURE_CLIENT_ID: The application (client) ID registered in the Microsoft Entra tenant
// - AZURE_CLIENT_SECRET: The client secret for the registered application
const credential = new EnvironmentCredential();
diff --git a/sdk/identity/identity/samples/v3/typescript/README.md b/sdk/identity/identity/samples/v3/typescript/README.md
index d7cf8cfbaa1..e387f05ddb8 100644
--- a/sdk/identity/identity/samples/v3/typescript/README.md
+++ b/sdk/identity/identity/samples/v3/typescript/README.md
@@ -32,7 +32,7 @@ npm install -g typescript
You need [an Azure subscription][freesub] and the following Azure resources to run these sample programs:
-- [Azure Active Directory App Registration][createinstance_azureactivedirectoryappregistration]
+- [Microsoft Entra App Registration][createinstance_azureactivedirectoryappregistration]
- [Azure Key Vault][createinstance_azurekeyvault]
Samples retrieve credentials to access the service endpoint from environment variables. Alternatively, edit the source code to include the appropriate credentials. See each individual sample for details on which environment variables/credentials it requires to function.
diff --git a/sdk/identity/identity/samples/v3/typescript/src/clientSecretCredential.ts b/sdk/identity/identity/samples/v3/typescript/src/clientSecretCredential.ts
index 3bc505d3739..7adc92e80f7 100644
--- a/sdk/identity/identity/samples/v3/typescript/src/clientSecretCredential.ts
+++ b/sdk/identity/identity/samples/v3/typescript/src/clientSecretCredential.ts
@@ -13,8 +13,8 @@ require("dotenv").config();
export async function main(): Promise {
const credential = new ClientSecretCredential(
- process.env.AZURE_TENANT_ID!, // The tenant ID in Azure Active Directory
- process.env.AZURE_CLIENT_ID!, // The app registration client Id in the AAD tenant
+ process.env.AZURE_TENANT_ID!, // The tenant ID in Microsoft Entra ID
+ process.env.AZURE_CLIENT_ID!, // The app registration client Id in the Microsoft Entra tenant
process.env.AZURE_CLIENT_SECRET! // The app registration secret for the registered application
);
diff --git a/sdk/identity/identity/samples/v3/typescript/src/environmentCredential.ts b/sdk/identity/identity/samples/v3/typescript/src/environmentCredential.ts
index 4c65691c285..ceb625072ea 100644
--- a/sdk/identity/identity/samples/v3/typescript/src/environmentCredential.ts
+++ b/sdk/identity/identity/samples/v3/typescript/src/environmentCredential.ts
@@ -13,8 +13,8 @@ require("dotenv").config();
export async function main(): Promise {
// EnvironmentCredential expects the following three environment variables:
- // - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
- // - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
+ // - AZURE_TENANT_ID: The tenant ID in Microsoft Entra ID
+ // - AZURE_CLIENT_ID: The application (client) ID registered in the Microsoft Entra tenant
// - AZURE_CLIENT_SECRET: The client secret for the registered application
const credential = new EnvironmentCredential();
diff --git a/sdk/identity/identity/src/credentials/authorityValidationOptions.ts b/sdk/identity/identity/src/credentials/authorityValidationOptions.ts
index 1e39b6b999e..a210640fc43 100644
--- a/sdk/identity/identity/src/credentials/authorityValidationOptions.ts
+++ b/sdk/identity/identity/src/credentials/authorityValidationOptions.ts
@@ -4,7 +4,7 @@
/**
* Provides options to configure how the Identity library
* does authority validation during authentication requests
- * to Azure Active Directory.
+ * to Microsoft Entra ID.
*/
export interface AuthorityValidationOptions {
/**
diff --git a/sdk/identity/identity/src/credentials/authorizationCodeCredential.ts b/sdk/identity/identity/src/credentials/authorizationCodeCredential.ts
index 78448b86450..b39e99a28ba 100644
--- a/sdk/identity/identity/src/credentials/authorizationCodeCredential.ts
+++ b/sdk/identity/identity/src/credentials/authorizationCodeCredential.ts
@@ -17,11 +17,11 @@ import { tracingClient } from "../util/tracing";
const logger = credentialLogger("AuthorizationCodeCredential");
/**
- * Enables authentication to Azure Active Directory using an authorization code
+ * Enables authentication to Microsoft Entra ID using an authorization code
* that was obtained through the authorization code flow, described in more detail
- * in the Azure Active Directory documentation:
+ * in the Microsoft Entra ID documentation:
*
- * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
+ * https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow
*/
export class AuthorizationCodeCredential implements TokenCredential {
private msalFlow: MsalFlow;
@@ -34,7 +34,7 @@ export class AuthorizationCodeCredential implements TokenCredential {
/**
* Creates an instance of AuthorizationCodeCredential with the details needed
* to request an access token using an authentication that was obtained
- * from Azure Active Directory.
+ * from Microsoft Entra ID.
*
* It is currently necessary for the user of this credential to initiate
* the authorization code flow to obtain an authorization code to be used
@@ -42,7 +42,7 @@ export class AuthorizationCodeCredential implements TokenCredential {
*
* https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts
*
- * @param tenantId - The Azure Active Directory tenant (directory) ID or name.
+ * @param tenantId - The Microsoft Entra tenant (directory) ID or name.
* 'common' may be used when dealing with multi-tenant scenarios.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param clientSecret - A client secret that was generated for the App Registration
@@ -64,7 +64,7 @@ export class AuthorizationCodeCredential implements TokenCredential {
/**
* Creates an instance of AuthorizationCodeCredential with the details needed
* to request an access token using an authentication that was obtained
- * from Azure Active Directory.
+ * from Microsoft Entra ID.
*
* It is currently necessary for the user of this credential to initiate
* the authorization code flow to obtain an authorization code to be used
@@ -72,7 +72,7 @@ export class AuthorizationCodeCredential implements TokenCredential {
*
* https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts
*
- * @param tenantId - The Azure Active Directory tenant (directory) ID or name.
+ * @param tenantId - The Microsoft Entra tenant (directory) ID or name.
* 'common' may be used when dealing with multi-tenant scenarios.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param authorizationCode - An authorization code that was received from following the
@@ -136,7 +136,7 @@ export class AuthorizationCodeCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
diff --git a/sdk/identity/identity/src/credentials/azureCliCredential.ts b/sdk/identity/identity/src/credentials/azureCliCredential.ts
index dafdde0b6cd..9e755daf02f 100644
--- a/sdk/identity/identity/src/credentials/azureCliCredential.ts
+++ b/sdk/identity/identity/src/credentials/azureCliCredential.ts
@@ -105,7 +105,7 @@ export class AzureCliCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
diff --git a/sdk/identity/identity/src/credentials/azureDeveloperCliCredential.ts b/sdk/identity/identity/src/credentials/azureDeveloperCliCredential.ts
index 742ffcb15a5..c0cdd5fe0d9 100644
--- a/sdk/identity/identity/src/credentials/azureDeveloperCliCredential.ts
+++ b/sdk/identity/identity/src/credentials/azureDeveloperCliCredential.ts
@@ -85,11 +85,11 @@ const logger = credentialLogger("AzureDeveloperCliCredential");
* Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy
* resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific
* to Azure developers. It allows users to authenticate as a user and/or a service principal against
- * Azure Active Directory (Azure AD)
- * . The AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
+ * Microsoft Entra ID. The
+ * AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
* the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or
* service principal and executes an Azure CLI command underneath to authenticate the application against
- * Azure Active Directory.
+ * Microsoft Entra ID.
*
* Configure AzureDeveloperCliCredential
*
@@ -131,7 +131,7 @@ export class AzureDeveloperCliCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
diff --git a/sdk/identity/identity/src/credentials/azurePowerShellCredential.ts b/sdk/identity/identity/src/credentials/azurePowerShellCredential.ts
index 2f339c17c4c..a81999268aa 100644
--- a/sdk/identity/identity/src/credentials/azurePowerShellCredential.ts
+++ b/sdk/identity/identity/src/credentials/azurePowerShellCredential.ts
@@ -176,7 +176,7 @@ export class AzurePowerShellCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.
*
* @param scopes - The list of scopes for which the token will have access.
diff --git a/sdk/identity/identity/src/credentials/clientAssertionCredential.ts b/sdk/identity/identity/src/credentials/clientAssertionCredential.ts
index 558bd09f72e..cf8744e7069 100644
--- a/sdk/identity/identity/src/credentials/clientAssertionCredential.ts
+++ b/sdk/identity/identity/src/credentials/clientAssertionCredential.ts
@@ -26,10 +26,10 @@ export class ClientAssertionCredential implements TokenCredential {
/**
* Creates an instance of the ClientAssertionCredential with the details
- * needed to authenticate against Azure Active Directory with a client
+ * needed to authenticate against Microsoft Entra ID with a client
* assertion provided by the developer through the `getAssertion` function parameter.
*
- * @param tenantId - The Azure Active Directory tenant (directory) ID.
+ * @param tenantId - The Microsoft Entra tenant (directory) ID.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param getAssertion - A function that retrieves the assertion for the credential to use.
* @param options - Options for configuring the client which makes the authentication request.
@@ -62,7 +62,7 @@ export class ClientAssertionCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
diff --git a/sdk/identity/identity/src/credentials/clientCertificateCredential.browser.ts b/sdk/identity/identity/src/credentials/clientCertificateCredential.browser.ts
index a0a1e823223..a71c83aff82 100644
--- a/sdk/identity/identity/src/credentials/clientCertificateCredential.browser.ts
+++ b/sdk/identity/identity/src/credentials/clientCertificateCredential.browser.ts
@@ -10,7 +10,7 @@ const BrowserNotSupportedError = new Error(
const logger = credentialLogger("ClientCertificateCredential");
/**
- * Enables authentication to Azure Active Directory using a PEM-encoded
+ * Enables authentication to Microsoft Entra ID using a PEM-encoded
* certificate that is assigned to an App Registration.
*/
export class ClientCertificateCredential implements TokenCredential {
diff --git a/sdk/identity/identity/src/credentials/clientCertificateCredential.ts b/sdk/identity/identity/src/credentials/clientCertificateCredential.ts
index 79653834f8b..bb52a53e8ee 100644
--- a/sdk/identity/identity/src/credentials/clientCertificateCredential.ts
+++ b/sdk/identity/identity/src/credentials/clientCertificateCredential.ts
@@ -51,7 +51,7 @@ export type ClientCertificateCredentialPEMConfiguration =
| ClientCertificatePEMCertificatePath;
/**
- * Enables authentication to Azure Active Directory using a PEM-encoded
+ * Enables authentication to Microsoft Entra ID using a PEM-encoded
* certificate that is assigned to an App Registration. More information
* on how to configure certificate authentication can be found here:
*
@@ -65,9 +65,9 @@ export class ClientCertificateCredential implements TokenCredential {
/**
* Creates an instance of the ClientCertificateCredential with the details
- * needed to authenticate against Azure Active Directory with a certificate.
+ * needed to authenticate against Microsoft Entra ID with a certificate.
*
- * @param tenantId - The Azure Active Directory tenant (directory) ID.
+ * @param tenantId - The Microsoft Entra tenant (directory) ID.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.
* @param options - Options for configuring the client which makes the authentication request.
@@ -80,9 +80,9 @@ export class ClientCertificateCredential implements TokenCredential {
);
/**
* Creates an instance of the ClientCertificateCredential with the details
- * needed to authenticate against Azure Active Directory with a certificate.
+ * needed to authenticate against Microsoft Entra ID with a certificate.
*
- * @param tenantId - The Azure Active Directory tenant (directory) ID.
+ * @param tenantId - The Microsoft Entra tenant (directory) ID.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param configuration - Other parameters required, including the path of the certificate on the filesystem.
* If the type is ignored, we will throw the value of the path to a PEM certificate.
@@ -96,9 +96,9 @@ export class ClientCertificateCredential implements TokenCredential {
);
/**
* Creates an instance of the ClientCertificateCredential with the details
- * needed to authenticate against Azure Active Directory with a certificate.
+ * needed to authenticate against Microsoft Entra ID with a certificate.
*
- * @param tenantId - The Azure Active Directory tenant (directory) ID.
+ * @param tenantId - The Microsoft Entra tenant (directory) ID.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param configuration - Other parameters required, including the PEM-encoded certificate as a string.
* If the type is ignored, we will throw the value of the PEM-encoded certificate.
@@ -159,7 +159,7 @@ export class ClientCertificateCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
diff --git a/sdk/identity/identity/src/credentials/clientSecretCredential.browser.ts b/sdk/identity/identity/src/credentials/clientSecretCredential.browser.ts
index 2fc105c7b73..8813a879112 100644
--- a/sdk/identity/identity/src/credentials/clientSecretCredential.browser.ts
+++ b/sdk/identity/identity/src/credentials/clientSecretCredential.browser.ts
@@ -20,7 +20,7 @@ const logger = credentialLogger("ClientSecretCredential");
// Please do not disable your browser security features.
/**
- * Enables authentication to Azure Active Directory using a client secret
+ * Enables authentication to Microsoft Entra ID using a client secret
* that was generated for an App Registration. More information on how
* to configure a client secret can be found here:
*
@@ -36,10 +36,10 @@ export class ClientSecretCredential implements TokenCredential {
/**
* Creates an instance of the ClientSecretCredential with the details
- * needed to authenticate against Azure Active Directory with a client
+ * needed to authenticate against Microsoft Entra ID with a client
* secret.
*
- * @param tenantId - The Azure Active Directory tenant (directory) ID.
+ * @param tenantId - The Microsoft Entra tenant (directory) ID.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param clientSecret - A client secret that was generated for the App Registration.
* @param options - Options for configuring the client which makes the authentication request.
@@ -60,7 +60,7 @@ export class ClientSecretCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if
+ * Authenticates with Microsoft Entra ID and returns an access token if
* successful. If authentication cannot be performed at this time, this method may
* return null. If an error occurs during authentication, an {@link AuthenticationError}
* containing failure details will be thrown.
diff --git a/sdk/identity/identity/src/credentials/clientSecretCredential.ts b/sdk/identity/identity/src/credentials/clientSecretCredential.ts
index 51a7d1a887c..67a39bcc070 100644
--- a/sdk/identity/identity/src/credentials/clientSecretCredential.ts
+++ b/sdk/identity/identity/src/credentials/clientSecretCredential.ts
@@ -16,11 +16,11 @@ import { tracingClient } from "../util/tracing";
const logger = credentialLogger("ClientSecretCredential");
/**
- * Enables authentication to Azure Active Directory using a client secret
+ * Enables authentication to Microsoft Entra ID using a client secret
* that was generated for an App Registration. More information on how
* to configure a client secret can be found here:
*
- * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
+ * https://learn.microsoft.com/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
*
*/
export class ClientSecretCredential implements TokenCredential {
@@ -30,10 +30,10 @@ export class ClientSecretCredential implements TokenCredential {
/**
* Creates an instance of the ClientSecretCredential with the details
- * needed to authenticate against Azure Active Directory with a client
+ * needed to authenticate against Microsoft Entra ID with a client
* secret.
*
- * @param tenantId - The Azure Active Directory tenant (directory) ID.
+ * @param tenantId - The Microsoft Entra tenant (directory) ID.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param clientSecret - A client secret that was generated for the App Registration.
* @param options - Options for configuring the client which makes the authentication request.
@@ -66,7 +66,7 @@ export class ClientSecretCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
diff --git a/sdk/identity/identity/src/credentials/deviceCodeCredential.browser.ts b/sdk/identity/identity/src/credentials/deviceCodeCredential.browser.ts
index 4f57fa42c2a..2d60c2ed8ba 100644
--- a/sdk/identity/identity/src/credentials/deviceCodeCredential.browser.ts
+++ b/sdk/identity/identity/src/credentials/deviceCodeCredential.browser.ts
@@ -9,7 +9,7 @@ const BrowserNotSupportedError = new Error("DeviceCodeCredential is not supporte
const logger = credentialLogger("DeviceCodeCredential");
/**
- * Enables authentication to Azure Active Directory using a device code
+ * Enables authentication to Microsoft Entra ID using a device code
* that the user can enter into https://microsoft.com/devicelogin.
*/
export class DeviceCodeCredential implements TokenCredential {
diff --git a/sdk/identity/identity/src/credentials/deviceCodeCredential.ts b/sdk/identity/identity/src/credentials/deviceCodeCredential.ts
index 24e466fe8a5..5796bf93f49 100644
--- a/sdk/identity/identity/src/credentials/deviceCodeCredential.ts
+++ b/sdk/identity/identity/src/credentials/deviceCodeCredential.ts
@@ -25,7 +25,7 @@ export function defaultDeviceCodePromptCallback(deviceCodeInfo: DeviceCodeInfo):
}
/**
- * Enables authentication to Azure Active Directory using a device code
+ * Enables authentication to Microsoft Entra ID using a device code
* that the user can enter into https://microsoft.com/devicelogin.
*/
export class DeviceCodeCredential implements TokenCredential {
@@ -36,7 +36,7 @@ export class DeviceCodeCredential implements TokenCredential {
/**
* Creates an instance of DeviceCodeCredential with the details needed
- * to initiate the device code authorization flow with Azure Active Directory.
+ * to initiate the device code authorization flow with Microsoft Entra ID.
*
* A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin
*
@@ -69,7 +69,7 @@ export class DeviceCodeCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* If the user provided the option `disableAutomaticAuthentication`,
@@ -102,7 +102,7 @@ export class DeviceCodeCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* If the token can't be retrieved silently, this method will require user interaction to retrieve the token.
diff --git a/sdk/identity/identity/src/credentials/deviceCodeCredentialOptions.ts b/sdk/identity/identity/src/credentials/deviceCodeCredentialOptions.ts
index a78d600a84f..36d1a597ebb 100644
--- a/sdk/identity/identity/src/credentials/deviceCodeCredentialOptions.ts
+++ b/sdk/identity/identity/src/credentials/deviceCodeCredentialOptions.ts
@@ -42,7 +42,7 @@ export interface DeviceCodeCredentialOptions
extends InteractiveCredentialOptions,
CredentialPersistenceOptions {
/**
- * The Azure Active Directory tenant (directory) ID.
+ * The Microsoft Entra tenant (directory) ID.
*/
tenantId?: string;
/**
diff --git a/sdk/identity/identity/src/credentials/environmentCredential.browser.ts b/sdk/identity/identity/src/credentials/environmentCredential.browser.ts
index f58bc80430c..d3c97d92579 100644
--- a/sdk/identity/identity/src/credentials/environmentCredential.browser.ts
+++ b/sdk/identity/identity/src/credentials/environmentCredential.browser.ts
@@ -10,7 +10,7 @@ const BrowserNotSupportedError = new Error(
const logger = credentialLogger("EnvironmentCredential");
/**
- * Enables authentication to Azure Active Directory using client secret
+ * Enables authentication to Microsoft Entra ID using client secret
* details configured in environment variables
*/
export class EnvironmentCredential implements TokenCredential {
diff --git a/sdk/identity/identity/src/credentials/environmentCredential.ts b/sdk/identity/identity/src/credentials/environmentCredential.ts
index ec0f653e753..6da39cb2afd 100644
--- a/sdk/identity/identity/src/credentials/environmentCredential.ts
+++ b/sdk/identity/identity/src/credentials/environmentCredential.ts
@@ -38,7 +38,7 @@ const credentialName = "EnvironmentCredential";
const logger = credentialLogger(credentialName);
/**
- * Enables authentication to Azure Active Directory using a client secret or certificate, or as a user
+ * Enables authentication to Microsoft Entra ID using a client secret or certificate, or as a user
* with a username and password.
*/
export class EnvironmentCredential implements TokenCredential {
@@ -50,7 +50,7 @@ export class EnvironmentCredential implements TokenCredential {
* Creates an instance of the EnvironmentCredential class and decides what credential to use depending on the available environment variables.
*
* Required environment variables:
- * - `AZURE_TENANT_ID`: The Azure Active Directory tenant (directory) ID.
+ * - `AZURE_TENANT_ID`: The Microsoft Entra tenant (directory) ID.
* - `AZURE_CLIENT_ID`: The client (application) ID of an App Registration in the tenant.
*
* If setting the AZURE_TENANT_ID, then you can also set the additionally allowed tenants
@@ -127,7 +127,7 @@ export class EnvironmentCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
*
* @param scopes - The list of scopes for which the token will have access.
* @param options - Optional parameters. See {@link GetTokenOptions}.
diff --git a/sdk/identity/identity/src/credentials/environmentCredentialOptions.ts b/sdk/identity/identity/src/credentials/environmentCredentialOptions.ts
index 2addfe81338..ea703cd117f 100644
--- a/sdk/identity/identity/src/credentials/environmentCredentialOptions.ts
+++ b/sdk/identity/identity/src/credentials/environmentCredentialOptions.ts
@@ -5,7 +5,7 @@ import { AuthorityValidationOptions } from "./authorityValidationOptions";
import { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions";
/**
- * Enables authentication to Azure Active Directory depending on the available environment variables.
+ * Enables authentication to Microsoft Entra ID depending on the available environment variables.
* Defines options for the EnvironmentCredential class.
*/
export interface EnvironmentCredentialOptions
diff --git a/sdk/identity/identity/src/credentials/interactiveBrowserCredential.browser.ts b/sdk/identity/identity/src/credentials/interactiveBrowserCredential.browser.ts
index c93836e3373..79b3b2518d5 100644
--- a/sdk/identity/identity/src/credentials/interactiveBrowserCredential.browser.ts
+++ b/sdk/identity/identity/src/credentials/interactiveBrowserCredential.browser.ts
@@ -21,7 +21,7 @@ import { tracingClient } from "../util/tracing";
const logger = credentialLogger("InteractiveBrowserCredential");
/**
- * Enables authentication to Azure Active Directory inside of the web browser
+ * Enables authentication to Microsoft Entra ID inside of the web browser
* using the interactive login flow.
*/
export class InteractiveBrowserCredential implements TokenCredential {
@@ -32,14 +32,14 @@ export class InteractiveBrowserCredential implements TokenCredential {
/**
* Creates an instance of the InteractiveBrowserCredential with the
- * details needed to authenticate against Azure Active Directory with
+ * details needed to authenticate against Microsoft Entra ID with
* a user identity.
*
* This credential uses the [Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).
* On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.
* On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.
*
- * It's recommended that the AAD Applications used are configured to authenticate using Single Page Applications.
+ * It's recommended that the Microsoft Entra Applications used are configured to authenticate using Single Page Applications.
* More information here: [link](https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-app-registration#redirect-uri-msaljs-20-with-auth-code-flow).
*
* @param options - Options for configuring the client which makes the authentication request.
@@ -88,7 +88,7 @@ export class InteractiveBrowserCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* If the user provided the option `disableAutomaticAuthentication`,
@@ -121,7 +121,7 @@ export class InteractiveBrowserCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* If the token can't be retrieved silently, this method will require user interaction to retrieve the token.
diff --git a/sdk/identity/identity/src/credentials/interactiveBrowserCredential.ts b/sdk/identity/identity/src/credentials/interactiveBrowserCredential.ts
index 161483216eb..3c25b28f4f0 100644
--- a/sdk/identity/identity/src/credentials/interactiveBrowserCredential.ts
+++ b/sdk/identity/identity/src/credentials/interactiveBrowserCredential.ts
@@ -22,7 +22,7 @@ import { tracingClient } from "../util/tracing";
const logger = credentialLogger("InteractiveBrowserCredential");
/**
- * Enables authentication to Azure Active Directory inside of the web browser
+ * Enables authentication to Microsoft Entra ID inside of the web browser
* using the interactive login flow.
*/
export class InteractiveBrowserCredential implements TokenCredential {
@@ -34,12 +34,12 @@ export class InteractiveBrowserCredential implements TokenCredential {
/**
* Creates an instance of InteractiveBrowserCredential with the details needed.
*
- * This credential uses the [Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).
+ * This credential uses the [Authorization Code Flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).
* On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.
* On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.
*
- * For Node.js, if a `clientId` is provided, the Azure Active Directory application will need to be configured to have a "Mobile and desktop applications" redirect endpoint.
- * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://docs.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).
+ * For Node.js, if a `clientId` is provided, the Microsoft Entra application will need to be configured to have a "Mobile and desktop applications" redirect endpoint.
+ * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://learn.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).
*
* @param options - Options for configuring the client which makes the authentication requests.
*/
@@ -68,7 +68,7 @@ export class InteractiveBrowserCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* If the user provided the option `disableAutomaticAuthentication`,
@@ -101,7 +101,7 @@ export class InteractiveBrowserCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* If the token can't be retrieved silently, this method will require user interaction to retrieve the token.
diff --git a/sdk/identity/identity/src/credentials/interactiveBrowserCredentialOptions.ts b/sdk/identity/identity/src/credentials/interactiveBrowserCredentialOptions.ts
index 933c32faaca..2c1b813abe3 100644
--- a/sdk/identity/identity/src/credentials/interactiveBrowserCredentialOptions.ts
+++ b/sdk/identity/identity/src/credentials/interactiveBrowserCredentialOptions.ts
@@ -29,7 +29,7 @@ export interface InteractiveBrowserCredentialNodeOptions
redirectUri?: string | (() => string);
/**
- * The Azure Active Directory tenant (directory) ID.
+ * The Microsoft Entra tenant (directory) ID.
*/
tenantId?: string;
@@ -57,7 +57,7 @@ export interface InteractiveBrowserCredentialInBrowserOptions extends Interactiv
redirectUri?: string | (() => string);
/**
- * The Azure Active Directory tenant (directory) ID.
+ * The Microsoft Entra tenant (directory) ID.
*/
tenantId?: string;
diff --git a/sdk/identity/identity/src/credentials/managedIdentityCredential/index.ts b/sdk/identity/identity/src/credentials/managedIdentityCredential/index.ts
index 3cfc8ab2c43..56330dd467b 100644
--- a/sdk/identity/identity/src/credentials/managedIdentityCredential/index.ts
+++ b/sdk/identity/identity/src/credentials/managedIdentityCredential/index.ts
@@ -220,7 +220,7 @@ export class ManagedIdentityCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
* If an unexpected error occurs, an {@link AuthenticationError} will be thrown with the details of the failure.
*
diff --git a/sdk/identity/identity/src/credentials/onBehalfOfCredential.browser.ts b/sdk/identity/identity/src/credentials/onBehalfOfCredential.browser.ts
index ea4aa721bd8..ab7fb5663d8 100644
--- a/sdk/identity/identity/src/credentials/onBehalfOfCredential.browser.ts
+++ b/sdk/identity/identity/src/credentials/onBehalfOfCredential.browser.ts
@@ -9,7 +9,7 @@ const BrowserNotSupportedError = new Error(`${credentialName}: Not supported in
const logger = credentialLogger(credentialName);
/**
- * Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
+ * Enables authentication to Microsoft Entra ID using the [On Behalf Of flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
*/
export class OnBehalfOfCredential implements TokenCredential {
/**
diff --git a/sdk/identity/identity/src/credentials/onBehalfOfCredential.ts b/sdk/identity/identity/src/credentials/onBehalfOfCredential.ts
index b52c4424a72..4d6f8cd4942 100644
--- a/sdk/identity/identity/src/credentials/onBehalfOfCredential.ts
+++ b/sdk/identity/identity/src/credentials/onBehalfOfCredential.ts
@@ -23,7 +23,7 @@ const credentialName = "OnBehalfOfCredential";
const logger = credentialLogger(credentialName);
/**
- * Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
+ * Enables authentication to Microsoft Entra ID using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
*/
export class OnBehalfOfCredential implements TokenCredential {
private tenantId: string;
@@ -31,7 +31,7 @@ export class OnBehalfOfCredential implements TokenCredential {
private msalFlow: MsalFlow;
/**
* Creates an instance of the {@link OnBehalfOfCredential} with the details
- * needed to authenticate against Azure Active Directory with path to a PEM certificate,
+ * needed to authenticate against Microsoft Entra ID with path to a PEM certificate,
* and an user assertion.
*
* Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
@@ -57,7 +57,7 @@ export class OnBehalfOfCredential implements TokenCredential {
);
/**
* Creates an instance of the {@link OnBehalfOfCredential} with the details
- * needed to authenticate against Azure Active Directory with a client
+ * needed to authenticate against Microsoft Entra ID with a client
* secret and an user assertion.
*
* Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
@@ -110,7 +110,7 @@ export class OnBehalfOfCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
diff --git a/sdk/identity/identity/src/credentials/onBehalfOfCredentialOptions.ts b/sdk/identity/identity/src/credentials/onBehalfOfCredentialOptions.ts
index 9f5f37ba342..6b82d826b1c 100644
--- a/sdk/identity/identity/src/credentials/onBehalfOfCredentialOptions.ts
+++ b/sdk/identity/identity/src/credentials/onBehalfOfCredentialOptions.ts
@@ -10,7 +10,7 @@ import { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialO
*/
export interface OnBehalfOfCredentialSecretOptions {
/**
- * The Azure Active Directory tenant (directory) ID.
+ * The Microsoft Entra tenant (directory) ID.
*/
tenantId: string;
/**
@@ -32,7 +32,7 @@ export interface OnBehalfOfCredentialSecretOptions {
*/
export interface OnBehalfOfCredentialCertificateOptions {
/**
- * The Azure Active Directory tenant (directory) ID.
+ * The Microsoft Entra tenant (directory) ID.
*/
tenantId: string;
/**
diff --git a/sdk/identity/identity/src/credentials/usernamePasswordCredential.browser.ts b/sdk/identity/identity/src/credentials/usernamePasswordCredential.browser.ts
index 7f9dbb55ce4..4c3fa4fd411 100644
--- a/sdk/identity/identity/src/credentials/usernamePasswordCredential.browser.ts
+++ b/sdk/identity/identity/src/credentials/usernamePasswordCredential.browser.ts
@@ -17,7 +17,7 @@ import { tracingClient } from "../util/tracing";
const logger = credentialLogger("UsernamePasswordCredential");
/**
- * Enables authentication to Azure Active Directory with a user's
+ * Enables authentication to Microsoft Entra ID with a user's
* username and password. This credential requires a high degree of
* trust so you should only use it when other, more secure credential
* types can't be used.
@@ -32,10 +32,10 @@ export class UsernamePasswordCredential implements TokenCredential {
/**
* Creates an instance of the UsernamePasswordCredential with the details
- * needed to authenticate against Azure Active Directory with a username
+ * needed to authenticate against Microsoft Entra ID with a username
* and password.
*
- * @param tenantIdOrName - The Azure Active Directory tenant (directory) ID or name.
+ * @param tenantIdOrName - The Microsoft Entra tenant (directory) ID or name.
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param username - The user account's e-mail address (user name).
* @param password - The user account's account password
@@ -61,7 +61,7 @@ export class UsernamePasswordCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if
+ * Authenticates with Microsoft Entra ID and returns an access token if
* successful. If authentication cannot be performed at this time, this method may
* return null. If an error occurs during authentication, an {@link AuthenticationError}
* containing failure details will be thrown.
diff --git a/sdk/identity/identity/src/credentials/usernamePasswordCredential.ts b/sdk/identity/identity/src/credentials/usernamePasswordCredential.ts
index 0be7f6bed5b..cdb29cacacd 100644
--- a/sdk/identity/identity/src/credentials/usernamePasswordCredential.ts
+++ b/sdk/identity/identity/src/credentials/usernamePasswordCredential.ts
@@ -16,7 +16,7 @@ import { tracingClient } from "../util/tracing";
const logger = credentialLogger("UsernamePasswordCredential");
/**
- * Enables authentication to Azure Active Directory with a user's
+ * Enables authentication to Microsoft Entra ID with a user's
* username and password. This credential requires a high degree of
* trust so you should only use it when other, more secure credential
* types can't be used.
@@ -28,10 +28,10 @@ export class UsernamePasswordCredential implements TokenCredential {
/**
* Creates an instance of the UsernamePasswordCredential with the details
- * needed to authenticate against Azure Active Directory with a username
+ * needed to authenticate against Microsoft Entra ID with a username
* and password.
*
- * @param tenantId - The Azure Active Directory tenant (directory).
+ * @param tenantId - The Microsoft Entra tenant (directory).
* @param clientId - The client (application) ID of an App Registration in the tenant.
* @param username - The user account's e-mail address (user name).
* @param password - The user account's account password
@@ -67,7 +67,7 @@ export class UsernamePasswordCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* If the user provided the option `disableAutomaticAuthentication`,
diff --git a/sdk/identity/identity/src/credentials/workloadIdentityCredential.browser.ts b/sdk/identity/identity/src/credentials/workloadIdentityCredential.browser.ts
index abf1a3821c5..4ecd7a1dfe4 100644
--- a/sdk/identity/identity/src/credentials/workloadIdentityCredential.browser.ts
+++ b/sdk/identity/identity/src/credentials/workloadIdentityCredential.browser.ts
@@ -10,8 +10,8 @@ const BrowserNotSupportedError = new Error(
const logger = credentialLogger("WorkloadIdentityCredential");
/**
- * WorkloadIdentityCredential supports Azure workload identity authentication on Kubernetes.
- * Refer to Azure Active Directory Workload Identity
+ * WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Kubernetes.
+ * Refer to Microsoft Entra Workload ID
* for more information.
*/
export class WorkloadIdentityCredential implements TokenCredential {
diff --git a/sdk/identity/identity/src/credentials/workloadIdentityCredential.ts b/sdk/identity/identity/src/credentials/workloadIdentityCredential.ts
index 06787bb3418..3344f4b137a 100644
--- a/sdk/identity/identity/src/credentials/workloadIdentityCredential.ts
+++ b/sdk/identity/identity/src/credentials/workloadIdentityCredential.ts
@@ -32,10 +32,10 @@ const logger = credentialLogger(credentialName);
* Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for
* each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't
* need to worry about storing and securing sensitive credentials themselves.
- * The WorkloadIdentityCredential supports Azure workload identity authentication on Azure Kubernetes and acquires
+ * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires
* a token using the SACs available in the Azure Kubernetes environment.
- * Refer to Azure Active Directory
- * Workload Identity for more information.
+ * Refer to Microsoft Entra
+ * Workload ID for more information.
*/
export class WorkloadIdentityCredential implements TokenCredential {
private client: ClientAssertionCredential | undefined;
@@ -44,7 +44,7 @@ export class WorkloadIdentityCredential implements TokenCredential {
private federatedTokenFilePath: string | undefined;
/**
- * WorkloadIdentityCredential supports Azure workload identity on Kubernetes.
+ * WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.
*
* @param options - The identity client options to use for authentication.
*/
@@ -75,7 +75,7 @@ export class WorkloadIdentityCredential implements TokenCredential {
}
/**
- * Authenticates with Azure Active Directory and returns an access token if successful.
+ * Authenticates with Microsoft Entra ID and returns an access token if successful.
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
*
* @param scopes - The list of scopes for which the token will have access.
diff --git a/sdk/identity/identity/src/credentials/workloadIdentityCredentialOptions.ts b/sdk/identity/identity/src/credentials/workloadIdentityCredentialOptions.ts
index e310093b570..12fea702486 100644
--- a/sdk/identity/identity/src/credentials/workloadIdentityCredentialOptions.ts
+++ b/sdk/identity/identity/src/credentials/workloadIdentityCredentialOptions.ts
@@ -11,11 +11,11 @@ export interface WorkloadIdentityCredentialOptions
extends MultiTenantTokenCredentialOptions,
AuthorityValidationOptions {
/**
- * ID of the application's Azure Active Directory tenant. Also called its directory ID.
+ * ID of the application's Microsoft Entra tenant. Also called its directory ID.
*/
tenantId?: string;
/**
- * The client ID of an Azure AD app registration.
+ * The client ID of a Microsoft Entra app registration.
*/
clientId?: string;
/**
diff --git a/sdk/identity/identity/src/tokenCredentialOptions.ts b/sdk/identity/identity/src/tokenCredentialOptions.ts
index 9ce759bdcfc..77737f582a9 100644
--- a/sdk/identity/identity/src/tokenCredentialOptions.ts
+++ b/sdk/identity/identity/src/tokenCredentialOptions.ts
@@ -6,7 +6,7 @@ import { LogPolicyOptions } from "@azure/core-rest-pipeline";
/**
* Provides options to configure how the Identity library makes authentication
- * requests to Azure Active Directory.
+ * requests to Microsoft Entra ID.
*/
export interface TokenCredentialOptions extends CommonClientOptions {
/**
diff --git a/sdk/identity/identity/test/manual/authorization-code-credential/README.md b/sdk/identity/identity/test/manual/authorization-code-credential/README.md
index 9c2f6fa0ab4..b7a986203f3 100644
--- a/sdk/identity/identity/test/manual/authorization-code-credential/README.md
+++ b/sdk/identity/identity/test/manual/authorization-code-credential/README.md
@@ -13,14 +13,14 @@ cd /sdk/identity/identity
rush build -t @azure/identity
```
-3. Make sure you have an App Registration on your Azure Active Directory. This App Registration must:
+3. Make sure you have an App Registration on your Microsoft Entra ID. This App Registration must:
- Have a `http://localhost:8080/authresponse` as the Web redirect endpoint.
-- Have this option selected `Accounts in any organizational directory (Any Azure AD directory - Multitenant)`.
+- Have this option selected `Accounts in any organizational directory (Any Microsoft Entra directory - Multitenant)`.
On the Azure Portal, navigate to your app registration. On the side panel, select "Authentication".
-- Under "Supported Account Types", select `Accounts in any organizational directory (Any Azure AD directory - Multitenant)` .
+- Under "Supported Account Types", select `Accounts in any organizational directory (Any Microsoft Entra directory - Multitenant)` .
- Under "Platform Configurations", add a platform and select "Web". Then add `http://localhost:8080/authresponse` as the redirect URI. Then click "Configure".
4. Navigate to the `test/manual/authorization-code-credential` folder
diff --git a/sdk/identity/identity/test/manual/authorization-code-credential/authorizationCodeSample.ts b/sdk/identity/identity/test/manual/authorization-code-credential/authorizationCodeSample.ts
index 153c33232d3..ea3924a0df6 100644
--- a/sdk/identity/identity/test/manual/authorization-code-credential/authorizationCodeSample.ts
+++ b/sdk/identity/identity/test/manual/authorization-code-credential/authorizationCodeSample.ts
@@ -15,7 +15,7 @@ config();
// This sample demonstrates how to use the AuthorizationCodeCredential,
// including the first part of the authorization code flow. For this
-// sample to work correctly, you must have an Azure Active Directory
+// sample to work correctly, you must have a Microsoft Entra
// App Configuration configured with a redirect URI that matches the
// one used in this sample:
//
@@ -24,10 +24,10 @@ config();
// The user must also be able to grant access to the app for the resource
// requested in the specified scopes, Microsoft Graph in this case. If
// the user cannot grant access to this resource due to administrator
-// settings in the AAD tenant, one of the following errors will be displayed on
+// settings in the Microsoft Entra tenant, one of the following errors will be displayed on
// the authorization page:
//
-// https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-sign-in-unexpected-user-consent-error
+// https://learn.microsoft.com/azure/active-directory/manage-apps/application-sign-in-unexpected-user-consent-error
const port = process.env.PORT || 8080;
const tenantId = process.env.AZURE_TENANT_ID;
diff --git a/sdk/identity/identity/test/manual/interactive-browser-credential/README.md b/sdk/identity/identity/test/manual/interactive-browser-credential/README.md
index 5b5f454714a..0df56ea6b48 100644
--- a/sdk/identity/identity/test/manual/interactive-browser-credential/README.md
+++ b/sdk/identity/identity/test/manual/interactive-browser-credential/README.md
@@ -18,24 +18,24 @@ Webpack will compile the code and then host it in a local server at
`http://localhost:8080`. See the section below about CORS before attempting to
navigate to this URL.
-You will need to configure an AAD App Registration as follows:
+You'll need to configure a Microsoft Entra App Registration as follows:
-- Create a new AAD App Registration.
-- Once created, go to the AAD section of the Azure portal.
-- Go to the App Registration section in the AAD page.
+- Create a new Microsoft Entra App Registration.
+- Once created, go to the Microsoft Entra ID section of the Azure portal.
+- Go to the App Registration section in the Microsoft Entra ID page.
- Click on the app that you want to use to authenticate.
-- Go to the Authentication tab of your AAD application.
+- Go to the Authentication tab of your Microsoft Entra application.
- Click on `+ Add a platform`, select `Single-page application`, enter `http://localhost:8080` as the redirect URI, then make sure to include implicit grant for "Access tokens" and "ID tokens".
-- Go to the `API permissions` tab of your AAD application. Click on `Add a permission`, then go to `APIs my organization uses` and search for `Microsoft.ServiceBus`, then add this permission.
+- Go to the `API permissions` tab of your Microsoft Entra application. Click on `Add a permission`, then go to `APIs my organization uses` and search for `Microsoft.ServiceBus`, then add this permission.
- Keep in mind that if you belong to an organization, other restrictions based on the organization configurations might prevent you from authenticating. If these steps don't end up being effective, try again on a personal account.
-Grant access to this AAD application to your Service Bus by:
+Grant access to this Microsoft Entra application to your Service Bus by:
- Creating a Service Bus namespace (if you haven't created one).
-- Either in the "Access policies" section of the creation form, or by going to the Service Bus namespace's "Access policies" page, click con `+ Add Access Policy`, select all permissions, then select your AAD application as the "Service Bus Data Owner", then click "Add", then click "Save" if applicable.
+- Either in the "Access policies" section of the creation form, or by going to the Service Bus namespace's "Access policies" page, click con `+ Add Access Policy`, select all permissions, then select your Microsoft Entra application as the "Service Bus Data Owner", then click "Add", then click "Save" if applicable.
- Then, in your Service Bus namespace, create a queue named `queue-identity-test`.
-With the AAD application and the Service Bus namespace configured, make sure `npm start` is running, then go to `http://localhost:8080`, then enter the Tenant ID, the Client ID of the AAD application and the Service Bus Endpoint, then go through the available options to configure the scenario in which you want the authentication to run, then click on the `Send Message` button. Information from the message sent will appear at the bottom.
+With the Microsoft Entra application and the Service Bus namespace configured, make sure `npm start` is running, then go to `http://localhost:8080`, then enter the Tenant ID, the Client ID of the Microsoft Entra application and the Service Bus Endpoint, then go through the available options to configure the scenario in which you want the authentication to run, then click on the `Send Message` button. Information from the message sent will appear at the bottom.
If something unexpected happens, make sure to open the console tab in the browser. The application will be logging as many things as they seemed relevant for debugging.