ClientSecretCredential Class
Authenticates as a service principal using a client secret.
- Inheritance
-
azure.identity.aio._internal.AsyncContextManagerClientSecretCredentialazure.identity.aio._internal.get_token_mixin.GetTokenMixinClientSecretCredential
Constructor
ClientSecretCredential(tenant_id: str, client_id: str, client_secret: str, **kwargs: Any)Parameters
| Name | Description |
|---|---|
|
tenant_id
Required
|
ID of the service principal's tenant. Also called its 'directory' ID. |
|
client_id
Required
|
The service principal's client ID |
|
client_secret
Required
|
One of the service principal's client secrets |
Keyword-Only Parameters
| Name | Description |
|---|---|
|
authority
|
Authority of a Microsoft Entra endpoint, for example 'login.microsoftonline.com', the authority for Azure Public Cloud (which is the default). AzureAuthorityHosts defines authorities for other clouds. |
|
cache_persistence_options
|
Configuration for persistent token caching. If unspecified, the credential will cache tokens in memory. |
|
additionally_allowed_tenants
|
Specifies tenants in addition to the specified "tenant_id" for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application can access. |
Examples
Create a ClientSecretCredential.
from azure.identity.aio import ClientSecretCredential
credential = ClientSecretCredential(
tenant_id="<tenant_id>",
client_id="<client_id>",
client_secret="<client_secret>",
)
Methods
| close |
Close the credential's transport session. |
| get_token |
Request an access token for scopes. This method is called automatically by Azure SDK clients. |
close
Close the credential's transport session.
async close() -> Noneget_token
Request an access token for scopes.
This method is called automatically by Azure SDK clients.
async get_token(*scopes: str, claims: str | None = None, tenant_id: str | None = None, enable_cae: bool = False, **kwargs: Any) -> AccessTokenParameters
| Name | Description |
|---|---|
|
scopes
Required
|
desired scopes for the access token. This method requires at least one scope. For more information about scopes, see https://learn.microsoft.com/entra/identity-platform/scopes-oidc. |
Keyword-Only Parameters
| Name | Description |
|---|---|
|
claims
|
additional claims required in the token, such as those returned in a resource provider's claims challenge following an authorization failure. |
|
tenant_id
|
optional tenant to include in the token request. |
|
enable_cae
|
indicates whether to enable Continuous Access Evaluation (CAE) for the requested token. Defaults to False. |
Returns
| Type | Description |
|---|---|
|
An access token with the desired scopes. |
Exceptions
| Type | Description |
|---|---|
|
the credential is unable to attempt authentication because it lacks required data, state, or platform support |
|
|
authentication failed. The error's |
Azure SDK for Python
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for