EnvironmentCredential class
Enables authentication to Microsoft Entra ID using a client secret or certificate, or as a user with a username and password.
Constructors
Environment |
Creates an instance of the EnvironmentCredential class and decides what credential to use depending on the available environment variables. Required environment variables:
If setting the AZURE_TENANT_ID, then you can also set the additionally allowed tenants
Environment variables used for client credential authentication:
Alternatively, users can provide environment variables for username and password authentication:
If the environment variables required to perform the authentication are missing, a CredentialUnavailableError will be thrown. If the authentication fails, or if there's an unknown error, an AuthenticationError will be thrown. |
Methods
get |
Authenticates with Microsoft Entra ID and returns an access token if successful. |
Constructor Details
EnvironmentCredential(EnvironmentCredentialOptions)
Creates an instance of the EnvironmentCredential class and decides what credential to use depending on the available environment variables.
Required environment variables:
AZURE_TENANT_ID
: The Microsoft Entra tenant (directory) ID.AZURE_CLIENT_ID
: The client (application) ID of an App Registration in the tenant.
If setting the AZURE_TENANT_ID, then you can also set the additionally allowed tenants
AZURE_ADDITIONALLY_ALLOWED_TENANTS
: For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens with a single semicolon delimited string. Use * to allow all tenants.
Environment variables used for client credential authentication:
AZURE_CLIENT_SECRET
: A client secret that was generated for the App Registration.AZURE_CLIENT_CERTIFICATE_PATH
: The path to a PEM certificate to use during the authentication, instead of the client secret.AZURE_CLIENT_CERTIFICATE_PASSWORD
: (optional) password for the certificate file.AZURE_CLIENT_SEND_CERTIFICATE_CHAIN
: (optional) indicates that the certificate chain should be set in x5c header to support subject name / issuer based authentication.
Alternatively, users can provide environment variables for username and password authentication:
AZURE_USERNAME
: Username to authenticate with.AZURE_PASSWORD
: Password to authenticate with.
If the environment variables required to perform the authentication are missing, a CredentialUnavailableError will be thrown. If the authentication fails, or if there's an unknown error, an AuthenticationError will be thrown.
new EnvironmentCredential(options?: EnvironmentCredentialOptions)
Parameters
- options
- EnvironmentCredentialOptions
Options for configuring the client which makes the authentication request.
Method Details
getToken(string | string[], GetTokenOptions)
Authenticates with Microsoft Entra ID and returns an access token if successful.
function getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>
Parameters
- scopes
-
string | string[]
The list of scopes for which the token will have access.
- options
- GetTokenOptions
Optional parameters. See GetTokenOptions.
Returns
Promise<AccessToken>