azure_identity library

Classes

AccessToken

Represents an access token with an expiration time.

AzureCliCredential

Attempts to acquire a token through running Azure CLI. Primarily useful in development settings where the user authenticated through az login has an IAM privilege with the target service.

ChainedTokenCredential

Implements a credential that allows fetching a credential through a list of other credential providers. The class will try all providers in sequence and returns the first token it can acquire. This is useful to create a unified implementation that works without changes in local development environments and in production environments, or if the authentication method is not fully known.

CredentialManager

Dynamically requests tokens from registered credential provider as necessary. Offloads the need to cache the token and manage time-out events.

DefaultAzureCredential

Stripped down version of the Azure SDK's DefaultAzureCredential. Will attempt the following authentication methods in sequence:

GetTokenOptions

Defines options for TokenCredential.getToken.

ManagedIdentityCredential2017

Acquires a token through the Azure Managed Identity service. Requires the process to be executed inside Azure and with "managed identity" enabled. Uses the 2017 API.

ManagedIdentityCredential2019

Acquires a token through the Azure Managed Identity service. Requires the process to be executed inside Azure and with "managed identity" enabled. Uses the 2019 API.

ProxiedAzureCliCredential

Attempts to acquire a token through a proxied instance of Azure CLI. The output of Azure CLI is expected at http://host.docker.internal:8181 by default and can be overridden by setting the environment variable AZURE_CLI_PROXY_HOST. This token is intended to be used in development settings where the application is running locally inside a Docker container but does not have access to Azure CLI inside the container.

TokenCredential

Represents a credential capable of providing an authentication token.