ClientCertificateCredentialOptions interface

  • Reference
Package:
@azure/identity

Optional parameters for the ClientCertificateCredential class.

Extends

MultiTenantTokenCredentialOptions,CredentialPersistenceOptions,AuthorityValidationOptions

Properties

sendCertificateChain

Option to include x5c header for SubjectName and Issuer name authorization. Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim

Inherited Properties

additionallyAllowedTenants

For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.
additionalPolicies

Additional policies to include in the HTTP pipeline.
allowInsecureConnection

Set to true if the request is sent over HTTP instead of HTTPS
authorityHost

The authority host to use for authentication requests. Possible values are available through AzureAuthorityHosts. The default is "https://login.microsoftonline.com".
disableInstanceDiscovery

The field determines whether instance discovery is performed when attempting to authenticate. Setting this to true will completely disable both instance discovery and authority validation. As a result, it's crucial to ensure that the configured authority host is valid and trustworthy. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.
httpClient

The HttpClient that will be used to send HTTP requests.
loggingOptions

Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.
proxyOptions

Options to configure a proxy for outgoing requests.
redirectOptions

Options for how redirect responses are handled.
retryOptions

Options that control how to retry failed requests.
telemetryOptions

Options for setting common telemetry and tracing info to outgoing requests.
tlsOptions

Options for configuring TLS authentication
tokenCachePersistenceOptions

Options to provide to the persistence layer (if one is available) when storing credentials.

You must first register a persistence provider plugin. See the @azure/identity-cache-persistence package on NPM.

Example:

import { cachePersistencePlugin } from "@azure/identity-cache-persistence";
import { useIdentityPlugin, DeviceCodeCredential } from "@azure/identity";

useIdentityPlugin(cachePersistencePlugin);

async function main() {
  const credential = new DeviceCodeCredential({
    tokenCachePersistenceOptions: {
      enabled: true
    }
  });
}

main().catch((error) => {
  console.error("An error occurred:", error);
  process.exit(1);
});
userAgentOptions

Options for adding user agent details to outgoing requests.

Property Details

sendCertificateChain

Option to include x5c header for SubjectName and Issuer name authorization. Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim

sendCertificateChain?: boolean

Property Value

boolean

Inherited Property Details

additionallyAllowedTenants

For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.

additionallyAllowedTenants?: string[]

Property Value

string[]

Inherited From MultiTenantTokenCredentialOptions.additionallyAllowedTenants

additionalPolicies

Additional policies to include in the HTTP pipeline.

additionalPolicies?: AdditionalPolicyConfig[]

Property Value

AdditionalPolicyConfig[]

Inherited From MultiTenantTokenCredentialOptions.additionalPolicies

allowInsecureConnection

Set to true if the request is sent over HTTP instead of HTTPS

allowInsecureConnection?: boolean

Property Value

boolean

Inherited From MultiTenantTokenCredentialOptions.allowInsecureConnection

authorityHost

The authority host to use for authentication requests. Possible values are available through AzureAuthorityHosts. The default is "https://login.microsoftonline.com".

authorityHost?: string

Property Value

string

Inherited From MultiTenantTokenCredentialOptions.authorityHost

disableInstanceDiscovery

The field determines whether instance discovery is performed when attempting to authenticate. Setting this to true will completely disable both instance discovery and authority validation. As a result, it's crucial to ensure that the configured authority host is valid and trustworthy. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.

disableInstanceDiscovery?: boolean

Property Value

boolean

Inherited From AuthorityValidationOptions.disableInstanceDiscovery

httpClient

The HttpClient that will be used to send HTTP requests.

httpClient?: HttpClient

Property Value

HttpClient

Inherited From MultiTenantTokenCredentialOptions.httpClient

loggingOptions

Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.

loggingOptions?: LogPolicyOptions & { allowLoggingAccountIdentifiers?: boolean, enableUnsafeSupportLogging?: boolean }

Property Value

LogPolicyOptions & { allowLoggingAccountIdentifiers?: boolean, enableUnsafeSupportLogging?: boolean }

Inherited From MultiTenantTokenCredentialOptions.loggingOptions

proxyOptions

Options to configure a proxy for outgoing requests.

proxyOptions?: ProxySettings

Property Value

ProxySettings

Inherited From MultiTenantTokenCredentialOptions.proxyOptions

redirectOptions

Options for how redirect responses are handled.

redirectOptions?: RedirectPolicyOptions

Property Value

RedirectPolicyOptions

Inherited From MultiTenantTokenCredentialOptions.redirectOptions

retryOptions

Options that control how to retry failed requests.

retryOptions?: PipelineRetryOptions

Property Value

PipelineRetryOptions

Inherited From MultiTenantTokenCredentialOptions.retryOptions

telemetryOptions

Options for setting common telemetry and tracing info to outgoing requests.

telemetryOptions?: TelemetryOptions

Property Value

TelemetryOptions

Inherited From MultiTenantTokenCredentialOptions.telemetryOptions

tlsOptions

Options for configuring TLS authentication

tlsOptions?: TlsSettings

Property Value

TlsSettings

Inherited From MultiTenantTokenCredentialOptions.tlsOptions

tokenCachePersistenceOptions

Options to provide to the persistence layer (if one is available) when storing credentials.

You must first register a persistence provider plugin. See the @azure/identity-cache-persistence package on NPM.

Example:

import { cachePersistencePlugin } from "@azure/identity-cache-persistence";
import { useIdentityPlugin, DeviceCodeCredential } from "@azure/identity";

useIdentityPlugin(cachePersistencePlugin);

async function main() {
  const credential = new DeviceCodeCredential({
    tokenCachePersistenceOptions: {
      enabled: true
    }
  });
}

main().catch((error) => {
  console.error("An error occurred:", error);
  process.exit(1);
});

tokenCachePersistenceOptions?: TokenCachePersistenceOptions

Property Value

TokenCachePersistenceOptions

Inherited From CredentialPersistenceOptions.tokenCachePersistenceOptions

userAgentOptions

Options for adding user agent details to outgoing requests.

userAgentOptions?: UserAgentPolicyOptions

Property Value

UserAgentPolicyOptions

Inherited From MultiTenantTokenCredentialOptions.userAgentOptions