DeviceCodeCredential Class

Authenticates users through the device code flow.

When <xref:azure.identity.get_token> is called, this credential acquires a verification URL and code from Azure Active Directory. A user must browse to the URL, enter the code, and authenticate with Azure Active Directory. If the user authenticates successfully, the credential receives an access token.

This credential is primarily useful for authenticating a user in an environment without a web browser, such as an SSH session. If a web browser is available, InteractiveBrowserCredential is more convenient because it automatically opens a browser to the login page.

Inheritance
azure.identity._internal.interactive.InteractiveCredential
DeviceCodeCredential

Constructor

DeviceCodeCredential(client_id: Optional[str] = '04b07795-8ddb-461a-bbee-02f9e1bf7b46', **kwargs: Any)

Parameters

client_id
str
Required

client ID of the application users will authenticate to. When not specified users will authenticate to an Azure development application.

authority
str

Authority of an Azure Active Directory endpoint, for example "login.microsoftonline.com", the authority for Azure Public Cloud (which is the default). AzureAuthorityHosts defines authorities for other clouds.

tenant_id
str

an Azure Active Directory tenant ID. Defaults to the "organizations" tenant, which can authenticate work or school accounts. Required for single-tenant applications.

timeout
int

seconds to wait for the user to authenticate. Defaults to the validity period of the device code as set by Azure Active Directory, which also prevails when timeout is longer.

prompt_callback
<xref:Callable>[str, str, datetime]

A callback enabling control of how authentication instructions are presented. Must accept arguments (verification_uri, user_code, expires_on):

  • verification_uri (str) the URL the user must visit

  • user_code (str) the code the user must enter there

  • expires_on (datetime.datetime) the UTC time at which the code will expire

If this argument isn't provided, the credential will print instructions to stdout.

authentication_record
AuthenticationRecord

AuthenticationRecord returned by <xref:azure.identity.authenticate>

disable_automatic_authentication
bool

if True, <xref:azure.identity.get_token> will raise AuthenticationRequiredError when user interaction is required to acquire a token. Defaults to False.

cache_persistence_options
TokenCachePersistenceOptions

configuration for persistent token caching. If unspecified, the credential will cache tokens in memory.