AadCredentialBuilderBase<T> Class

Package:

com.azure.identity

Maven Artifact:

com.azure:azure-identity:1.14.0

• java.lang.Object
• • com.azure.identity.CredentialBuilderBase<T>
  • • com.azure.identity.AadCredentialBuilderBase<T>

Type Parameters

T

the type of the credential builder

public abstract class AadCredentialBuilderBase
extends CredentialBuilderBase<T>

The base class for credential builders that allow specifying a client ID, tenant ID, authority host, and additionally allowed tenants for Microsoft Entra ID.

Constructor Summary

Constructor	Description
AadCredentialBuilderBase()	Constructs an instance of AadCredentialBuilderBase.

Method Summary

Modifier and Type	Method and Description
T	additionallyAllowedTenants(String[] additionallyAllowedTenants) For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens.
T	additionallyAllowedTenants(List<String> additionallyAllowedTenants) For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens.
T	authorityHost(String authorityHost) Specifies the Microsoft Entra endpoint to acquire tokens.
T	clientId(String clientId) Sets the client ID of the application.
T	disableInstanceDiscovery() Disables the setting which determines whether or not instance discovery is performed when attempting to authenticate.
T	enableUnsafeSupportLogging() Enables additional support logging for public and confidential client applications.
T	executorService(ExecutorService executorService) Specifies the ExecutorService to be used to execute the authentication requests.
T	tenantId(String tenantId) Sets the tenant ID of the application.

Methods inherited from CredentialBuilderBase

addPolicy clientOptions configuration enableAccountIdentifierLogging httpClient httpLogOptions httpPipeline maxRetry pipeline proxyOptions retryOptions retryPolicy retryTimeout

Methods inherited from java.lang.Object

clone equals finalize getClass hashCode notify notifyAll toString wait wait wait

Constructor Details

AadCredentialBuilderBase

public AadCredentialBuilderBase()

Constructs an instance of AadCredentialBuilderBase.

Method Details

additionallyAllowedTenants

public T additionallyAllowedTenants(String[] additionallyAllowedTenants)

For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant on which the application is installed.

Parameters:

additionallyAllowedTenants - the additionally allowed tenants.

Returns:

An updated instance of this builder with the additional tenants configured.

additionallyAllowedTenants

public T additionallyAllowedTenants(List additionallyAllowedTenants)

For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant on which the application is installed.

Parameters:

additionallyAllowedTenants - the additionally allowed tenants.

Returns:

An updated instance of this builder with the additional tenants configured.

authorityHost

public T authorityHost(String authorityHost)

Specifies the Microsoft Entra endpoint to acquire tokens.

Parameters:

authorityHost - the Microsoft Entra endpoint

Returns:

An updated instance of this builder with the authority host set as specified.

clientId

public T clientId(String clientId)

Sets the client ID of the application.

Parameters:

clientId - the client ID of the application.

Returns:

An updated instance of this builder with the client id set as specified.

disableInstanceDiscovery

public T disableInstanceDiscovery()

Disables the setting which determines whether or not instance discovery is performed when attempting to authenticate. This will completely disable both instance discovery and authority validation. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority. By utilizing this API, the validation of the authority is disabled. As a result, it is crucial to ensure that the configured authority host is valid and trustworthy.

Returns:

An updated instance of this builder with instance discovery disabled.

enableUnsafeSupportLogging

public T enableUnsafeSupportLogging()

Enables additional support logging for public and confidential client applications. This enables PII logging in MSAL4J as described here.

This operation will log PII including tokens. It should only be used when directed by support.

Returns:

An updated instance of this builder with additional support logging enabled.

executorService

public T executorService(ExecutorService executorService)

Specifies the ExecutorService to be used to execute the authentication requests. Developer is responsible for maintaining the lifecycle of the ExecutorService.

If this is not configured, the common fork join pool will be used which is also shared with other application tasks. If the common pool is heavily used for other tasks, authentication requests might starve and setting up this executor service should be considered.

The executor service and can be safely shutdown if the TokenCredential is no longer being used by the Azure SDK clients and should be shutdown before the application exits.

Parameters:

executorService - the executor service to use for executing authentication requests.

Returns:

An updated instance of this builder with the executor service set as specified.

tenantId

public T tenantId(String tenantId)

Sets the tenant ID of the application.

Parameters:

tenantId - the tenant ID of the application.

Returns:

An updated instance of this builder with the tenant id set as specified.