DeviceCodeCredential Class
Authenticates users through the device code flow.
When get_token is called, this credential acquires a verification URL and code from Microsoft Entra ID. A user must browse to the URL, enter the code, and authenticate with Microsoft Entra ID. If the user authenticates successfully, the credential receives an access token.
This credential is primarily useful for authenticating a user in an environment without a web browser, such as an SSH session. If a web browser is available, InteractiveBrowserCredential is more convenient because it automatically opens a browser to the login page.
- Inheritance
-
azure.identity._internal.interactive.InteractiveCredentialDeviceCodeCredential
Constructor
DeviceCodeCredential(client_id: str = '04b07795-8ddb-461a-bbee-02f9e1bf7b46', *, timeout: int | None = None, prompt_callback: Callable[[str, str, datetime], None] | None = None, **kwargs: Any)Parameters
| Name | Description |
|---|---|
|
client_id
|
client ID of the application users will authenticate to. When not specified users will authenticate to an Azure development application. default value: 04b07795-8ddb-461a-bbee-02f9e1bf7b46
|
Keyword-Only Parameters
| Name | Description |
|---|---|
|
authority
|
Authority of a Microsoft Entra endpoint, for example "login.microsoftonline.com", the authority for Azure Public Cloud (which is the default). AzureAuthorityHosts defines authorities for other clouds. |
|
tenant_id
|
a Microsoft Entra tenant ID. Defaults to the "organizations" tenant, which can authenticate work or school accounts. Required for single-tenant applications. |
|
timeout
|
seconds to wait for the user to authenticate. Defaults to the validity period of the device code as set by Microsoft Entra ID, which also prevails when timeout is longer. |
|
prompt_callback
|
A callback enabling control of how authentication
instructions are presented. Must accept arguments (
If this argument isn't provided, the credential will print instructions to stdout. |
|
authentication_record
|
AuthenticationRecord returned by authenticate |
|
disable_automatic_authentication
|
if True, get_token will raise AuthenticationRequiredError when user interaction is required to acquire a token. Defaults to False. |
|
cache_persistence_options
|
configuration for persistent token caching. If unspecified, the credential will cache tokens in memory. |
|
disable_instance_discovery
|
Determines whether or not instance discovery is performed when attempting to authenticate. Setting this to true will completely disable both instance discovery and authority validation. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority. By setting this to True, the validation of the authority is disabled. As a result, it is crucial to ensure that the configured authority host is valid and trustworthy. |
|
enable_support_logging
|
Enables additional support logging in the underlying MSAL library. This logging potentially contains personally identifiable information and is intended to be used only for troubleshooting purposes. |
Examples
Create a DeviceCodeCredential.
from azure.identity import DeviceCodeCredential
credential = DeviceCodeCredential()
Methods
| authenticate |
Interactively authenticate a user. |
| close | |
| get_token |
Request an access token for scopes. This method is called automatically by Azure SDK clients. |
authenticate
Interactively authenticate a user.
authenticate(*, scopes: Iterable[str] | None = None, claims: str | None = None, **kwargs: Any) -> AuthenticationRecordKeyword-Only Parameters
| Name | Description |
|---|---|
|
scopes
|
scopes to request during authentication, such as those provided by scopes. If provided, successful authentication will cache an access token for these scopes. |
|
claims
|
additional claims required in the token, such as those provided by claims |
Returns
| Type | Description |
|---|---|
Exceptions
| Type | Description |
|---|---|
|
authentication failed. The error's |
close
close() -> NoneKeyword-Only Parameters
| Name | Description |
|---|---|
|
scopes
|
scopes to request during authentication, such as those provided by scopes. If provided, successful authentication will cache an access token for these scopes. |
|
claims
|
additional claims required in the token, such as those provided by claims |
Exceptions
| Type | Description |
|---|---|
|
authentication failed. The error's |
get_token
Request an access token for scopes.
This method is called automatically by Azure SDK clients.
get_token(*scopes: str, claims: str | None = None, tenant_id: str | None = None, enable_cae: bool = False, **kwargs: Any) -> AccessTokenParameters
| Name | Description |
|---|---|
|
scopes
Required
|
desired scopes for the access token. This method requires at least one scope. For more information about scopes, see https://learn.microsoft.com/entra/identity-platform/scopes-oidc. |
Keyword-Only Parameters
| Name | Description |
|---|---|
|
claims
|
additional claims required in the token, such as those returned in a resource provider's claims challenge following an authorization failure |
|
tenant_id
|
optional tenant to include in the token request. |
|
enable_cae
|
indicates whether to enable Continuous Access Evaluation (CAE) for the requested token. Defaults to False. |
Returns
| Type | Description |
|---|---|
|
An access token with the desired scopes. |
Exceptions
| Type | Description |
|---|---|
|
the credential is unable to attempt authentication because it lacks required data, state, or platform support |
|
|
authentication failed. The error's |
|
|
user interaction is necessary to acquire a token, and the credential is configured not to begin this automatically. Call |
|
|
to begin interactive authentication. |
Azure SDK for Python
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for