Dela via


DefaultAzureCredential Class

public final class DefaultAzureCredential
extends ChainedTokenCredential

DefaultAzureCredential simplifies authentication while developing apps that deploy to Azure by combining credentials used in Azure hosting environments with credentials used in local development. In production, it's better to use something else. For more information, see Usage guidance for DefaultAzureCredential.

Attempts to authenticate with each of these credentials, in the following order, stopping when one provides a token:

  1. EnvironmentCredential
  2. WorkloadIdentityCredential
  3. ManagedIdentityCredential
  4. SharedTokenCacheCredential
  5. IntelliJCredential
  6. AzureCliCredential
  7. AzurePowerShellCredential
  8. AzureDeveloperCliCredential

Consult the documentation of these credentials for more information on how they attempt authentication.

Configure DefaultAzureCredential

DefaultAzureCredential supports a set of configurations through setters on the DefaultAzureCredentialBuilder or environment variables.

  1. Setting the environment variables AZURE_CLIENT_ID, AZURE_CLIENT_SECRET/AZURE_CLIENT_CERTIFICATE_PATH, and AZURE_TENANT_ID configures the DefaultAzureCredential to authenticate as the service principal specified by the values.
  2. Setting managedIdentityClientId(String clientId) on the builder or the environment variable AZURE_CLIENT_ID configures the DefaultAzureCredential to authenticate as a user-defined managed identity, while leaving them empty configures it to authenticate as a system-assigned managed identity.
  3. Setting tenantId(String tenantId) on the builder or the environment variable AZURE_TENANT_ID configures the DefaultAzureCredential to authenticate to a specific tenant for Visual Studio Code, and IntelliJ IDEA.

Sample: Construct DefaultAzureCredential

The following code sample demonstrates the creation of a DefaultAzureCredential, using the DefaultAzureCredentialBuilder to configure it. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

TokenCredential defaultAzureCredential = new DefaultAzureCredentialBuilder().build();

Sample: Construct DefaultAzureCredential with User Assigned Managed Identity

User-Assigned Managed Identity (UAMI) in Azure is a feature that allows you to create an identity in Microsoft Entra ID that is associated with one or more Azure resources. This identity can then be used to authenticate and authorize access to various Azure services and resources. The following code sample demonstrates the creation of a DefaultAzureCredential to target a user assigned managed identity, using the DefaultAzureCredentialBuilder to configure it. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

TokenCredential dacWithUserAssignedManagedIdentity
     = new DefaultAzureCredentialBuilder().managedIdentityClientId("<Managed-Identity-Client-Id").build();

Methods inherited from ChainedTokenCredential

Methods inherited from java.lang.Object

Applies to