@azure/identity package



Provides an errors array containing <xref:AuthenticationError> instance for authentication failures from credentials in a <xref:ChainedTokenCredential>.


Provides details about a failure to authenticate with Azure Active Directory. The errorResponse field contains more details about the specific failure.


Enables authentication to Azure Active Directory using an authorization code that was obtained through the authorization code flow, described in more detail in the Azure Active Directory documentation: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow


This credential will use the currently logged-in user login information via the Azure CLI ('az') commandline tool. To do so, it will read the user access token and expire time with Azure CLI command "az account get-access-token". To be able to use this credential, ensure that you have already logged in via the 'az' tool using the command "az login" from the commandline.


Enables multiple TokenCredential implementations to be tried in order until one of the getToken methods returns an access token.


Enables authentication to Azure Active Directory using a PEM-encoded certificate that is assigned to an App Registration. More information on how to configure certificate authentication can be found here: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad


Enables authentication to Azure Active Directory using a client secret that was generated for an App Registration. More information on how to configure a client secret can be found here: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application


This signifies that the credential that was tried in a chained credential was not available to be used as the credential. Rather than treating this as an error that should halt the chain, it's caught and the chain continues


Provides a default <xref:ChainedTokenCredential> configuration for applications that will be deployed to Azure. The following credential types will be tried, in order:

  • <xref:EnvironmentCredential>
  • <xref:ManagedIdentityCredential>

Consult the documentation of these credential types for more information on how they attempt authentication.


Enables authentication to Azure Active Directory using a device code that the user can enter into https://microsoft.com/devicelogin.


Enables authentication to Azure Active Directory using client secret details configured in the following environment variables:

  • AZURE_TENANT_ID: The Azure Active Directory tenant (directory) ID.
  • AZURE_CLIENT_ID: The client (application) ID of an App Registration in the tenant.
  • AZURE_CLIENT_SECRET: A client secret that was generated for the App Registration.

This credential ultimately uses a <xref:ClientSecretCredential> to perform the authentication using these details. Please consult the documentation of that class for more details.


Enables authentication to Azure Active Directory inside of the web browser using the interactive login flow, either via browser redirects or a popup window. This credential is not currently supported in Node.js.


Attempts authentication using a managed identity that has been assigned to the deployment environment. This authentication type works in Azure VMs, App Service and Azure Functions applications, and inside of Azure Cloud Shell. More information about configuring managed identities can be found here:



Enables authentication to Azure Active Directory with a user's username and password. This credential requires a high degree of trust so you should only use it when other, more secure credential types can't be used.


Connect to Azure using the credential provided by the VSCode extension 'Azure Account'. Once the user has logged in via the extension, this credential can share the same refresh token that is cached by the extension.



The record to use to find the cached tokens in the cache


Defines options for the SubjectNameAndIssuerCredential class.


Provides options to configure the default Azure credentials.


Provides the user code and verification URI where the code must be entered. Also provides a message to display to the user which contains an instruction with these details.


See the official documentation for more details: https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1

NOTE: This documentation is for v1 OAuth support but the same error response details still apply to v2.


Defines options for the InteractiveBrowserCredential class.


Provides options to configure how the Identity library makes authentication requests to Azure Active Directory.


Provides options to configure the Visual Studio Code credential.

Type Aliases


The "login style" to use in the authentication flow:

  • "redirect" redirects the user to the authentication page and then redirects them back to the page once authentication is completed.
  • "popup" opens a new browser window through with the redirect flow is initiated. The user's existing browser window does not leave the current page

Defines the signature of a callback which will be passed to DeviceCodeCredential for the purpose of displaying authentication details to the user.



A list of known Azure authority hosts



Returns a new instance of the <xref:DefaultAzureCredential>.

Function Details


Returns a new instance of the <xref:DefaultAzureCredential>.

function getDefaultAzureCredential()