DefaultAzureCredential Class
A default credential capable of handling most Azure SDK authentication scenarios.
The identity it uses depends on the environment. When an access token is needed, it requests one using these identities in turn, stopping when one provides a token:
A service principal configured by environment variables. See EnvironmentCredential for more details.
An Azure managed identity. See ManagedIdentityCredential for more details.
On Windows only: a user who has signed in with a Microsoft application, such as Visual Studio. If multiple identities are in the cache, then the value of the environment variable
AZURE_USERNAME
is used to select which identity to use. See SharedTokenCacheCredential for more details.The user currently signed in to Visual Studio Code.
The identity currently logged in to the Azure CLI.
The identity currently logged in to Azure PowerShell.
This default behavior is configurable with keyword arguments.
- Inheritance
-
azure.identity._credentials.chained.ChainedTokenCredentialDefaultAzureCredential
Constructor
DefaultAzureCredential(**kwargs: Any)
Parameters
- authority
- str
Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com', the authority for Azure Public Cloud (which is the default). AzureAuthorityHosts defines authorities for other clouds. Managed identities ignore this because they reside in a single cloud.
- exclude_cli_credential
- bool
Whether to exclude the Azure CLI from the credential. Defaults to False.
- exclude_environment_credential
- bool
Whether to exclude a service principal configured by environment variables from the credential. Defaults to False.
- exclude_managed_identity_credential
- bool
Whether to exclude managed identity from the credential. Defaults to False.
- exclude_powershell_credential
- bool
Whether to exclude Azure PowerShell. Defaults to False.
- exclude_visual_studio_code_credential
- bool
Whether to exclude stored credential from VS Code. Defaults to False.
- exclude_shared_token_cache_credential
- bool
Whether to exclude the shared token cache. Defaults to False.
- exclude_interactive_browser_credential
- bool
Whether to exclude interactive browser authentication (see InteractiveBrowserCredential). Defaults to True.
- interactive_browser_tenant_id
- str
Tenant ID to use when authenticating a user through InteractiveBrowserCredential. Defaults to the value of environment variable AZURE_TENANT_ID, if any. If unspecified, users will authenticate in their home tenants.
- managed_identity_client_id
- str
The client ID of a user-assigned managed identity. Defaults to the value of the environment variable AZURE_CLIENT_ID, if any. If not specified, a system-assigned identity will be used.
- interactive_browser_client_id
- str
The client ID to be used in interactive browser credential. If not specified, users will authenticate to an Azure development application.
- shared_cache_username
- str
Preferred username for SharedTokenCacheCredential. Defaults to the value of environment variable AZURE_USERNAME, if any.
- shared_cache_tenant_id
- str
Preferred tenant for SharedTokenCacheCredential. Defaults to the value of environment variable AZURE_TENANT_ID, if any.
- visual_studio_code_tenant_id
- str
Tenant ID to use when authenticating with VisualStudioCodeCredential. Defaults to the "Azure: Tenant" setting in VS Code's user settings or, when that setting has no value, the "organizations" tenant, which supports only Azure Active Directory work or school accounts.
Methods
get_token |
Request an access token for scopes. This method is called automatically by Azure SDK clients. |
get_token
Request an access token for scopes.
This method is called automatically by Azure SDK clients.
get_token(*scopes: str, **kwargs: Any) -> AccessToken
Parameters
- tenant_id
- str
optional tenant to include in the token request.
Return type
Exceptions
authentication failed. The exception has a message attribute listing each authentication attempt and its error message.
Feedback
Submit and view feedback for