ClientSecretCredential Class
Authenticates as a service principal using a client secret.
- Inheritance
-
azure.identity._internal.client_credential_base.ClientCredentialBaseClientSecretCredential
Constructor
ClientSecretCredential(tenant_id: str, client_id: str, client_secret: str, **kwargs: Any)Parameters
| Name | Description |
|---|---|
|
tenant_id
Required
|
ID of the service principal's tenant. Also called its "directory" ID. |
|
client_id
Required
|
The service principal's client ID |
|
client_secret
Required
|
One of the service principal's client secrets |
Keyword-Only Parameters
| Name | Description |
|---|---|
|
authority
|
Authority of a Microsoft Entra endpoint, for example "login.microsoftonline.com", the authority for Azure Public Cloud (which is the default). AzureAuthorityHosts defines authorities for other clouds. |
|
cache_persistence_options
|
Configuration for persistent token caching. If unspecified, the credential will cache tokens in memory. |
|
disable_instance_discovery
|
Determines whether or not instance discovery is performed when attempting to authenticate. Setting this to true will completely disable both instance discovery and authority validation. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority. By setting this to True, the validation of the authority is disabled. As a result, it is crucial to ensure that the configured authority host is valid and trustworthy. |
|
additionally_allowed_tenants
|
Specifies tenants in addition to the specified "tenant_id" for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application can access. |
Examples
Create a ClientSecretCredential.
from azure.identity import ClientSecretCredential
credential = ClientSecretCredential(
tenant_id="<tenant_id>",
client_id="<client_id>",
client_secret="<client_secret>",
)
Methods
| close | |
| get_token |
Request an access token for scopes. This method is called automatically by Azure SDK clients. |
close
close() -> Noneget_token
Request an access token for scopes.
This method is called automatically by Azure SDK clients.
get_token(*scopes: str, claims: str | None = None, tenant_id: str | None = None, enable_cae: bool = False, **kwargs: Any) -> AccessTokenParameters
| Name | Description |
|---|---|
|
scopes
Required
|
desired scopes for the access token. This method requires at least one scope. For more information about scopes, see https://learn.microsoft.com/entra/identity-platform/scopes-oidc. |
Keyword-Only Parameters
| Name | Description |
|---|---|
|
claims
|
additional claims required in the token, such as those returned in a resource provider's claims challenge following an authorization failure. |
|
tenant_id
|
optional tenant to include in the token request. |
|
enable_cae
|
indicates whether to enable Continuous Access Evaluation (CAE) for the requested token. Defaults to False. |
Returns
| Type | Description |
|---|---|
|
An access token with the desired scopes. |
Exceptions
| Type | Description |
|---|---|
|
the credential is unable to attempt authentication because it lacks required data, state, or platform support |
|
|
authentication failed. The error's |
Azure SDK for Python
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for