InteractiveBrowserCredentialBuilder Class

Package:

com.azure.identity

Maven Artifact:

com.azure:azure-identity:1.14.1

• java.lang.Object
• • com.azure.identity.CredentialBuilderBase<T>
  • • com.azure.identity.AadCredentialBuilderBase<T>
    • • com.azure.identity.InteractiveBrowserCredentialBuilder

public class InteractiveBrowserCredentialBuilder
extends AadCredentialBuilderBase<InteractiveBrowserCredentialBuilder>

Fluent credential builder for instantiating a InteractiveBrowserCredential.

Interactive browser authentication is a type of authentication flow offered by Microsoft Entra ID that enables users to sign in to applications and services using a web browser. This authentication method is commonly used for web applications, where users enter their credentials directly into a web page. With interactive browser authentication, the user navigates to a web application and is prompted to enter their username and password credentials. The application then redirects the user to the Microsoft Entra ID sign-in page, where they are prompted to enter their credentials again. After the user successfully authenticates, Microsoft Entra ID issues a security token that the application can use to authorize the user's access to its resources. The InteractiveBrowserCredential interactively authenticates a user and acquires a token with the default system browser and offers a smooth authentication experience by letting a user use their own credentials to authenticate the application. When authenticated, the oauth2 flow notifies the credential of the authentication code through the reply URL. For more information refer to the conceptual knowledge and configuration details.

Sample: Construct InteractiveBrowserCredential

The following code sample demonstrates the creation of a InteractiveBrowserCredential, using the InteractiveBrowserCredentialBuilder to configure it. By default, the credential targets a localhost redirect URL, to override that behaviour a redirectUrl(String redirectUrl) can be optionally specified. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

TokenCredential interactiveBrowserCredential = new InteractiveBrowserCredentialBuilder().redirectUrl(
     "http://localhost:8765").build();

Constructor Summary

Constructor	Description
InteractiveBrowserCredentialBuilder()	Constructs an instance of InteractiveBrowserCredentialBuilder.

Method Summary

Modifier and Type	Method and Description
InteractiveBrowserCredentialBuilder	additionallyAllowedTenants(String[] additionallyAllowedTenants) For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens.
InteractiveBrowserCredentialBuilder	additionallyAllowedTenants(List<String> additionallyAllowedTenants) For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens.
InteractiveBrowserCredentialBuilder	authenticationRecord(AuthenticationRecord authenticationRecord) Sets the AuthenticationRecord captured from a previous authentication.
InteractiveBrowserCredentialBuilder	browserCustomizationOptions(BrowserCustomizationOptions browserCustomizationOptions) Configures the options for customizing the browser for interactive authentication.
InteractiveBrowserCredential	build() Creates a new InteractiveBrowserCredential with the current configurations.
InteractiveBrowserCredentialBuilder	clientId(String clientId) Sets the client ID of the Microsoft Entra application that users will sign in to.
InteractiveBrowserCredentialBuilder	disableAutomaticAuthentication() Disables the automatic authentication and prevents the InteractiveBrowserCredential from automatically prompting the user.
InteractiveBrowserCredentialBuilder	loginHint(String loginHint) Sets the username suggestion to pre-fill the login page's username/email address field.
InteractiveBrowserCredentialBuilder	port(int port) Deprecated Configure the redirect URL as http://localhost:{port} via redirectUrl(String redirectUrl) instead. Sets the port for the local HTTP server, for which http://localhost:{port} must be registered as a valid reply URL on the application.
InteractiveBrowserCredentialBuilder	redirectUrl(String redirectUrl) Sets the Redirect URL where STS will callback the application with the security code.
InteractiveBrowserCredentialBuilder	tokenCachePersistenceOptions(TokenCachePersistenceOptions tokenCachePersistenceOptions) Configures the persistent shared token cache options and enables the persistent token cache which is disabled by default.

Methods inherited from AadCredentialBuilderBase

additionallyAllowedTenants additionallyAllowedTenants authorityHost clientId disableInstanceDiscovery enableUnsafeSupportLogging executorService tenantId

Methods inherited from CredentialBuilderBase

addPolicy clientOptions configuration enableAccountIdentifierLogging httpClient httpLogOptions httpPipeline maxRetry pipeline proxyOptions retryOptions retryPolicy retryTimeout

Methods inherited from java.lang.Object

clone equals finalize getClass hashCode notify notifyAll toString wait wait wait

Constructor Details

InteractiveBrowserCredentialBuilder

public InteractiveBrowserCredentialBuilder()

Constructs an instance of InteractiveBrowserCredentialBuilder.

Method Details

additionallyAllowedTenants

public InteractiveBrowserCredentialBuilder additionallyAllowedTenants(String[] additionallyAllowedTenants)

For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant on which the application is installed. If no value is specified for TenantId this option will have no effect, and the credential will acquire tokens for any requested tenant.

Overrides:

InteractiveBrowserCredentialBuilder.additionallyAllowedTenants(String[] additionallyAllowedTenants)

Parameters:

additionallyAllowedTenants - the additionally allowed tenants.

Returns:

An updated instance of this builder with the additional tenants configured.

additionallyAllowedTenants

public InteractiveBrowserCredentialBuilder additionallyAllowedTenants(List additionallyAllowedTenants)

For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant on which the application is installed. If no value is specified for TenantId this option will have no effect, and the credential will acquire tokens for any requested tenant.

Overrides:

InteractiveBrowserCredentialBuilder.additionallyAllowedTenants(List<String> additionallyAllowedTenants)

Parameters:

additionallyAllowedTenants - the additionally allowed tenants.

Returns:

An updated instance of this builder with the additional tenants configured.

authenticationRecord

public InteractiveBrowserCredentialBuilder authenticationRecord(AuthenticationRecord authenticationRecord)

Sets the AuthenticationRecord captured from a previous authentication.

Parameters:

authenticationRecord - The Authentication record to be configured.

Returns:

An updated instance of this builder with the configured authentication record.

browserCustomizationOptions

public InteractiveBrowserCredentialBuilder browserCustomizationOptions(BrowserCustomizationOptions browserCustomizationOptions)

Configures the options for customizing the browser for interactive authentication.

Parameters:

browserCustomizationOptions - the browser customization options

Returns:

An updated instance of this builder with the browser customization options configured.

build

public InteractiveBrowserCredential build()

Creates a new InteractiveBrowserCredential with the current configurations.

Returns:

a InteractiveBrowserCredential with the current configurations.

clientId

public InteractiveBrowserCredentialBuilder clientId(String clientId)

Sets the client ID of the Microsoft Entra application that users will sign in to. It is recommended that developers register their applications and assign appropriate roles. For more information, visit this doc for app registration. If not specified, users will authenticate to an Azure development application, which is not recommended for production scenarios.

Overrides:

InteractiveBrowserCredentialBuilder.clientId(String clientId)

Parameters:

clientId - the client ID of the application.

Returns:

An updated instance of this builder with the client id configured.

disableAutomaticAuthentication

public InteractiveBrowserCredentialBuilder disableAutomaticAuthentication()

Disables the automatic authentication and prevents the InteractiveBrowserCredential from automatically prompting the user. If automatic authentication is disabled a AuthenticationRequiredException will be thrown from getToken(TokenRequestContext request) in the case that user interaction is necessary. The application is responsible for handling this exception, and calling authenticate() or authenticate(TokenRequestContext request) to authenticate the user interactively.

Returns:

An updated instance of this builder with automatic authentication disabled.

loginHint

public InteractiveBrowserCredentialBuilder loginHint(String loginHint)

Sets the username suggestion to pre-fill the login page's username/email address field. A user may still log in with a different username.

Parameters:

loginHint - the username suggestion to pre-fill the login page's username/email address field.

Returns:

An updated instance of this builder with login hint configured.

port

@Deprecated
public InteractiveBrowserCredentialBuilder port(int port)

Deprecated

Configure the redirect URL as http://localhost:{port} via redirectUrl(String redirectUrl) instead.

Sets the port for the local HTTP server, for which http://localhost:{port} must be registered as a valid reply URL on the application.

Parameters:

port - the port on which the credential will listen for the browser authentication result

Returns:

An updated instance of this builder with the port configured.

redirectUrl

public InteractiveBrowserCredentialBuilder redirectUrl(String redirectUrl)

Sets the Redirect URL where STS will callback the application with the security code. It is required if a custom client id is specified via clientId(String clientId) and must match the redirect URL specified during the application registration.

Parameters:

redirectUrl - the redirect URL to listen on and receive security code.

Returns:

An updated instance of this builder with the configured redirect URL.

tokenCachePersistenceOptions

public InteractiveBrowserCredentialBuilder tokenCachePersistenceOptions(TokenCachePersistenceOptions tokenCachePersistenceOptions)

Configures the persistent shared token cache options and enables the persistent token cache which is disabled by default. If configured, the credential will store tokens in a cache persisted to the machine, protected to the current user, which can be shared by other credentials and processes.

Parameters:

tokenCachePersistenceOptions - the token cache configuration options

Returns:

An updated instance of this builder with the token cache options configured.