EnvironmentCredential Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Enables authentication to Microsoft Entra ID using a client secret or certificate, or as a user with a username and password.
Configuration is attempted in this order, using these environment variables:
Service principal with secret:Variable | Description |
---|---|
AZURE_TENANT_ID | The Microsoft Entra tenant (directory) ID. |
AZURE_CLIENT_ID | The client (application) ID of an App Registration in the tenant. |
AZURE_CLIENT_SECRET | A client secret that was generated for the App Registration. |
Variable | Description |
---|---|
AZURE_TENANT_ID | The Microsoft Entra tenant (directory) ID. |
AZURE_CLIENT_ID | The client (application) ID of an App Registration in the tenant. |
AZURE_CLIENT_CERTIFICATE_PATH | A path to certificate and private key pair in PEM or PFX format, which can authenticate the App Registration. |
AZURE_CLIENT_CERTIFICATE_PASSWORD | (Optional) The password protecting the certificate file (currently only supported for PFX (PKCS12) certificates). |
AZURE_CLIENT_SEND_CERTIFICATE_CHAIN | (Optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to `true` or `1`, authentication requests include the x5c header. |
Variable | Description |
---|---|
AZURE_TENANT_ID | The Microsoft Entra tenant (directory) ID. |
AZURE_CLIENT_ID | The client (application) ID of an App Registration in the tenant. |
AZURE_USERNAME | The username, also known as upn, of a Microsoft Entra user account. |
AZURE_PASSWORD | The password of the Microsoft Entra user account. Note this does not support accounts with MFA enabled. |
This credential ultimately uses a ClientSecretCredential, ClientCertificateCredential, or UsernamePasswordCredential to perform the authentication using these details. Please consult the documentation of that class for more details.
public class EnvironmentCredential : Azure.Core.TokenCredential
type EnvironmentCredential = class
inherit TokenCredential
Public Class EnvironmentCredential
Inherits TokenCredential
- Inheritance
Constructors
EnvironmentCredential() |
Creates an instance of the EnvironmentCredential class and reads client secret details from environment variables. If the expected environment variables are not found at this time, the GetToken method will return the default AccessToken when invoked. |
EnvironmentCredential(EnvironmentCredentialOptions) |
Creates an instance of the EnvironmentCredential class and reads client secret details from environment variables. If the expected environment variables are not found at this time, the GetToken method will return the default AccessToken when invoked. |
Methods
GetToken(TokenRequestContext, CancellationToken) |
Obtains a token from Microsoft Entra ID, using the client details specified in the environment variables AZURE_TENANT_ID, AZURE_CLIENT_ID, and AZURE_CLIENT_SECRET or AZURE_USERNAME and AZURE_PASSWORD to authenticate. Acquired tokens are cached by the credential instance. Token lifetime and refreshing is handled automatically. Where possible, reuse credential instances to optimize cache effectiveness. |
GetTokenAsync(TokenRequestContext, CancellationToken) |
Obtains a token from Microsoft Entra ID, using the client details specified in the environment variables AZURE_TENANT_ID, AZURE_CLIENT_ID, and AZURE_CLIENT_SECRET or AZURE_USERNAME and AZURE_PASSWORD to authenticate. Acquired tokens are cached by the credential instance. Token lifetime and refreshing is handled automatically. Where possible, reuse credential instances to optimize cache effectiveness. |