DefaultAzureCredential class
Provides a default ChainedTokenCredential configuration that works for most applications that use Azure SDK client libraries. For more information, see DefaultAzureCredential overview.
The following credential types will be tried, in order:
- EnvironmentCredential
- WorkloadIdentityCredential
- ManagedIdentityCredential
- VisualStudioCodeCredential
- AzureCliCredential
- AzurePowerShellCredential
- AzureDeveloperCliCredential
- <xref:BrokerCredential>
Consult the documentation of these credential types for more information on how they attempt authentication.
The following example demonstrates how to use the requiredEnvVars option to ensure that certain environment variables are set before the DefaultAzureCredential is instantiated.
If any of the specified environment variables are missing or empty, an error will be thrown, preventing the application from continuing execution without the necessary configuration.
It also demonstrates how to set the AZURE_TOKEN_CREDENTIALS environment variable to control which credentials are included in the chain.
import { DefaultAzureCredential } from "@azure/identity";
const credential = new DefaultAzureCredential({
requiredEnvVars: [
"AZURE_CLIENT_ID",
"AZURE_TENANT_ID",
"AZURE_CLIENT_SECRET",
"AZURE_TOKEN_CREDENTIALS",
],
});
- Extends
Constructors
| Default |
Creates an instance of the DefaultAzureCredential class with DefaultAzureCredentialClientIdOptions. |
| Default |
Creates an instance of the DefaultAzureCredential class with DefaultAzureCredentialOptions. |
| Default |
Creates an instance of the DefaultAzureCredential class with DefaultAzureCredentialResourceIdOptions. |
Inherited Methods
| get |
Returns the first access token returned by one of the chained
This method is called automatically by Azure SDK client libraries. You may call this method directly, but you must also handle token caching and token refreshing. |
Constructor Details
DefaultAzureCredential(DefaultAzureCredentialClientIdOptions)
Creates an instance of the DefaultAzureCredential class with DefaultAzureCredentialClientIdOptions.
new DefaultAzureCredential(options?: DefaultAzureCredentialClientIdOptions)Parameters
Optional parameters. See DefaultAzureCredentialClientIdOptions.
DefaultAzureCredential(DefaultAzureCredentialOptions)
Creates an instance of the DefaultAzureCredential class with DefaultAzureCredentialOptions.
new DefaultAzureCredential(options?: DefaultAzureCredentialOptions)Parameters
- options
- DefaultAzureCredentialOptions
Optional parameters. See DefaultAzureCredentialOptions.
DefaultAzureCredential(DefaultAzureCredentialResourceIdOptions)
Creates an instance of the DefaultAzureCredential class with DefaultAzureCredentialResourceIdOptions.
new DefaultAzureCredential(options?: DefaultAzureCredentialResourceIdOptions)Parameters
Optional parameters. See DefaultAzureCredentialResourceIdOptions.
Inherited Method Details
getToken(string | string[], GetTokenOptions)
Returns the first access token returned by one of the chained
TokenCredential implementations. Throws an AggregateAuthenticationError
when one or more credentials throws an AuthenticationError and
no credentials have returned an access token.
This method is called automatically by Azure SDK client libraries. You may call this method directly, but you must also handle token caching and token refreshing.
function getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>Parameters
- scopes
-
string | string[]
The list of scopes for which the token will have access.
- options
- GetTokenOptions
The options used to configure any requests this
TokenCredential implementation might make.
Returns
Promise<AccessToken>
Inherited From ChainedTokenCredential.getToken