@azure/identity package

Classes

AggregateAuthenticationError

Provides an errors array containing <xref:AuthenticationError> instance for authentication failures from credentials in a <xref:ChainedTokenCredential>.

AuthenticationError

Provides details about a failure to authenticate with Azure Active Directory. The errorResponse field contains more details about the specific failure.

AuthorizationCodeCredential

Enables authentication to Azure Active Directory using an authorization code that was obtained through the authorization code flow, described in more detail in the Azure Active Directory documentation: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

AzureCliCredential

This credential will use the currently logged-in user login information via the Azure CLI ('az') commandline tool. To do so, it will read the user access token and expire time with Azure CLI command "az account get-access-token". To be able to use this credential, ensure that you have already logged in via the 'az' tool using the command "az login" from the commandline.

ChainedTokenCredential

Enables multiple TokenCredential implementations to be tried in order until one of the getToken methods returns an access token.

ClientCertificateCredential

Enables authentication to Azure Active Directory using a PEM-encoded certificate that is assigned to an App Registration. More information on how to configure certificate authentication can be found here: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad

ClientSecretCredential

Enables authentication to Azure Active Directory using a client secret that was generated for an App Registration. More information on how to configure a client secret can be found here: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application

CredentialUnavailable

This signifies that the credential that was tried in a chained credential was not available to be used as the credential. Rather than treating this as an error that should halt the chain, it's caught and the chain continues

DefaultAzureCredential

Provides a default <xref:ChainedTokenCredential> configuration for applications that will be deployed to Azure. The following credential types will be tried, in order:

  • <xref:EnvironmentCredential>
  • <xref:ManagedIdentityCredential>

Consult the documentation of these credential types for more information on how they attempt authentication.

DeviceCodeCredential

Enables authentication to Azure Active Directory using a device code that the user can enter into https://microsoft.com/devicelogin.

EnvironmentCredential

Enables authentication to Azure Active Directory using client secret details configured in the following environment variables:

  • AZURE_TENANT_ID: The Azure Active Directory tenant (directory) ID.
  • AZURE_CLIENT_ID: The client (application) ID of an App Registration in the tenant.
  • AZURE_CLIENT_SECRET: A client secret that was generated for the App Registration.

This credential ultimately uses a <xref:ClientSecretCredential> to perform the authentication using these details. Please consult the documentation of that class for more details.

InteractiveBrowserCredential

Enables authentication to Azure Active Directory inside of the web browser using the interactive login flow, either via browser redirects or a popup window. This credential is not currently supported in Node.js.

ManagedIdentityCredential

Attempts authentication using a managed identity that has been assigned to the deployment environment. This authentication type works in Azure VMs, App Service and Azure Functions applications, and inside of Azure Cloud Shell. More information about configuring managed identities can be found here:

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

UsernamePasswordCredential

Enables authentication to Azure Active Directory with a user's username and password. This credential requires a high degree of trust so you should only use it when other, more secure credential types can't be used.

VisualStudioCodeCredential

Connect to Azure using the credential provided by the VSCode extension 'Azure Account'. Once the user has logged in via the extension, this credential can share the same refresh token that is cached by the extension.

Interfaces

AuthenticationRecord

The record to use to find the cached tokens in the cache

ClientCertificateCredentialOptions

Defines options for the SubjectNameAndIssuerCredential class.

DefaultAzureCredentialOptions

Provides options to configure the default Azure credentials.

DeviceCodeInfo

Provides the user code and verification URI where the code must be entered. Also provides a message to display to the user which contains an instruction with these details.

ErrorResponse

See the official documentation for more details: https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1

NOTE: This documentation is for v1 OAuth support but the same error response details still apply to v2.

InteractiveBrowserCredentialOptions

Defines options for the InteractiveBrowserCredential class.

TokenCredentialOptions

Provides options to configure how the Identity library makes authentication requests to Azure Active Directory.

VisualStudioCodeCredentialOptions

Provides options to configure the Visual Studio Code credential.

Type Aliases

BrowserLoginStyle

The "login style" to use in the authentication flow:

  • "redirect" redirects the user to the authentication page and then redirects them back to the page once authentication is completed.
  • "popup" opens a new browser window through with the redirect flow is initiated. The user's existing browser window does not leave the current page
DeviceCodePromptCallback

Defines the signature of a callback which will be passed to DeviceCodeCredential for the purpose of displaying authentication details to the user.

Enums

AzureAuthorityHosts

A list of known Azure authority hosts

Functions

getDefaultAzureCredential()

Returns a new instance of the <xref:DefaultAzureCredential>.

Function Details

getDefaultAzureCredential()

Returns a new instance of the <xref:DefaultAzureCredential>.

function getDefaultAzureCredential()

Returns

TokenCredential