Dela via


TokenCredential Interface

public interface TokenCredential

Token Credential interface serves as a fundamental component for managing and providing access tokens required for Azure Active Directory (Azure AD) authentication when making requests to Azure services.

The TokenCredential interface, offers getToken(TokenRequestContext request) and getTokenSync(TokenRequestContext request) methods. These methods are responsible for retrieving an access token that can be used to authenticate requests to Azure services. The scopes parameter specified as part of TokenRequestContext represents the resources or permissions required for the token.

The Token Credential interface is implemented by various credential classes in the Azure Identity library. These credential classes handle the authentication process and provide the necessary access tokens based on the specified scopes and any additional configuration.

By utilizing the Token Credential interface, you can abstract the authentication logic away from your application code. This allows for flexibility in choosing authentication mechanisms and simplifies the management of access tokens, including token caching and refreshing. It provides a consistent approach to authenticate requests across different Azure services and libraries.

Here are some examples of credential classes that implement the Token Credential interface:

  • DefaultAzureCredential: Represents a credential that tries a series of authentication methods to authenticate requests automatically. It simplifies the process by automatically selecting an appropriate authentication mechanism based on the environment, such as environment variables, managed identities, and developer tool credentials.
  • ClientSecretCredential: Represents a credential that uses a client ID, client secret, and tenant ID to authenticate. It is suitable for scenarios where you have a client application that needs to authenticate with Azure services using a client secret.
  • ClientCertificateCredential: Represents a credential that uses a client ID, client certificate, and tenant ID for authentication. This credential is useful when your client application has a client certificate available for authentication.
  • InteractiveBrowserCredential: Represents a credential that performs an interactive authentication flow with the user in a browser. It is useful for scenarios where the user needs to provide consent or multi-factor authentication is required.

You can find more credential classes that implement the TokenCredential interface in our Azure Identity library.

These credential classes can be used in combination with various Azure client libraries to authenticate requests and access Azure services without the need to manage access tokens manually. The Token Credential interface provides a consistent way to handle Azure Active Directory (AAD) authentication across different Azure services and SDKs in a secure and efficient manner.

Method Summary

Modifier and Type Method and Description
abstract Mono<AccessToken> getToken(TokenRequestContext request)

Asynchronously get a token for a given resource/audience.

default AccessToken getTokenSync(TokenRequestContext request)

Synchronously get a token for a given resource/audience.

Method Details

getToken

public abstract Mono getToken(TokenRequestContext request)

Asynchronously get a token for a given resource/audience.

This method is called automatically by Azure SDK client libraries.

You may call this method directly, but you must also handle token caching and token refreshing.

Parameters:

request - the details of the token request

Returns:

a Publisher that emits a single access token

getTokenSync

public default AccessToken getTokenSync(TokenRequestContext request)

Synchronously get a token for a given resource/audience.

This method is called automatically by Azure SDK client libraries.

You may call this method directly, but you must also handle token caching and token refreshing.

Parameters:

request - the details of the token request

Returns:

The Access Token

Applies to