azidentity

package module
v0.12.1-0...-f4515d6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 1, 2022 License: MIT Imports: 33 Imported by: 0

README

Azure Identity Client Module for Go

The Azure Identity module provides Azure Active Directory (Azure AD) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

PkgGoDev | Azure Active Directory documentation | Source code

Getting started

Install the module

This project uses Go modules for versioning and dependency management.

Install the Azure Identity module:

go get -u github.com/Azure/azure-sdk-for-go/sdk/azidentity

Prerequisites

  • an Azure subscription
  • A recent version of Go. This module supports the two most recent stable versions.
Authenticating during local development

When debugging and executing code locally, developers typically use their own accounts to authenticate calls to Azure services. The azidentity module supports authenticating through developer tools to simplify local development.

Authenticating via the Azure CLI

DefaultAzureCredential and AzureCLICredential can authenticate as the user signed in to the Azure CLI. To sign in to the Azure CLI, run az login. On a system with a default web browser, the Azure CLI will launch the browser to authenticate a user.

When no default browser is available, az login will use the device code authentication flow. This can also be selected manually by running az login --use-device-code.

Key concepts

Credentials

A credential is a type which contains or can obtain the data needed for a service client to authenticate requests. Service clients across the Azure SDK accept a credential instance when they are constructed, and use that credential to authenticate requests.

The azidentity module focuses on OAuth authentication with Azure Active Directory (AAD). It offers a variety of credential types capable of acquiring an Azure AD access token. See Credential Types for a list of this module's credential types.

DefaultAzureCredential

DefaultAzureCredential is appropriate for most apps that will be deployed to Azure. It combines common production credentials with development credentials. It attempts to authenticate via the following mechanisms in this order, stopping when one succeeds:

DefaultAzureCredential authentication flow

  • Environment - DefaultAzureCredential will read account information specified via environment variables and use it to authenticate.
  • Managed Identity - If the app is deployed to an Azure host with managed identity enabled, DefaultAzureCredential will authenticate with it.
  • Azure CLI - If a user or service principal has authenticated via the Azure CLI az login command, DefaultAzureCredential will authenticate that identity.

Note: DefaultAzureCredential is intended to simplify getting started with the SDK by handling common scenarios with reasonable default behaviors. Developers who want more control or whose scenario isn't served by the default settings should use other credential types.

Managed Identity

DefaultAzureCredential and ManagedIdentityCredential support managed identity authentication in any hosting environment which supports managed identities, such as (this list is not exhaustive):

Examples

Authenticate with DefaultAzureCredential

This example demonstrates authenticating a client from the armresources module with DefaultAzureCredential.

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
  // handle error
}

client := armresources.NewResourceGroupsClient("subscription ID", cred, nil)

See more how to configure the DefaultAzureCredential on your workstation or Azure in Configure DefaultAzureCredential.

Specify a user-assigned managed identity for DefaultAzureCredential

To configure DefaultAzureCredential to authenticate a user-assigned managed identity, set the AZURE_CLIENT_ID environment variable to the identity's client ID.

Define a custom authentication flow with ChainedTokenCredential

DefaultAzureCredential is generally the quickest way to get started developing apps for Azure. For more advanced scenarios, [ChainedTokenCredential][chain_cred_ref] links multiple credential instances to be tried sequentially when authenticating. It will try each chained credential in turn until one provides a token or fails to authenticate due to an error.

The following example demonstrates creating a credential, which will attempt to authenticate using managed identity. It will fall back to authenticating via the Azure CLI when a managed identity is unavailable.

managedId, err := azidentity.NewManagedIdentityCredential(nil)
if err != nil {
  // handle error
}
azCLI, err := azidentity.NewAzureCLICredential(nil)
if err != nil {
  // handle error
}
chain, err := azidentity.NewChainedTokenCredential([]azcore.TokenCredential{managedID, azCLI})
if err != nil {
  // handle error
}

client := armresources.NewResourceGroupsClient("subscription ID", chain, nil)

Credential Types

Authenticating Azure Hosted Applications
Credential Usage
DefaultAzureCredential Simplified authentication experience for getting started developing Azure apps
ChainedTokenCredential Define custom authentication flows, composing multiple credentials
EnvironmentCredential Authenticate a service principal or user configured by environment variables
ManagedIdentityCredential Authenticate the managed identity of an Azure resource
Authenticating Service Principals
Credential Usage
ClientSecretCredential Authenticate a service principal with a secret
ClientCertificateCredential Authenticate a service principal with a certificate
Authenticating Users
Credential Usage
InteractiveBrowserCredential Interactively authenticate a user with the default web browser
DeviceCodeCredential Interactively authenticate a user on a device with limited UI
UsernamePasswordCredential Authenticate a user with a username and password
AuthorizationCodeCredential Authenticate a user with a previously obtained authorization code
Authenticating via Development Tools
Credential Usage
AzureCLICredential Authenticate as the user signed in to the Azure CLI

Environment Variables

DefaultAzureCredential and EnvironmentCredential can be configured with environment variables. Each type of authentication requires values for specific variables:

Service principal with secret
variable name value
AZURE_CLIENT_ID id of an Azure Active Directory application
AZURE_TENANT_ID id of the application's Azure Active Directory tenant
AZURE_CLIENT_SECRET one of the application's client secrets
Service principal with certificate
variable name value
AZURE_CLIENT_ID id of an Azure Active Directory application
AZURE_TENANT_ID id of the application's Azure Active Directory tenant
AZURE_CLIENT_CERTIFICATE_PATH path to a PEM-encoded certificate file including private key (without password protection)
Username and password
variable name value
AZURE_CLIENT_ID id of an Azure Active Directory application
AZURE_USERNAME a username (usually an email address)
AZURE_PASSWORD that user's password

Configuration is attempted in the above order. For example, if values for a client secret and certificate are both present, the client secret will be used.

Troubleshooting

Error Handling

Credentials return an error when they fail to authenticate or lack data they require to authenticate. For guidance on resolving errors from specific credential types, see the troubleshooting guide.

For more details on handling specific Azure Active Directory errors please refer to the Azure Active Directory error code documentation.

Logging

This module uses the classification-based logging implementation in azcore. To enable console logging for all SDK modules, set AZURE_SDK_GO_LOGGING to all. Use the azcore/log package to control log event output or to enable logs for azidentity only. For example:

import azlog "github.com/Azure/azure-sdk-for-go/sdk/azcore/log"

// print log output to stdout
azlog.SetListener(func(event azlog.Event, s string) {
    fmt.Println(s)
})

// include only azidentity credential logs
azlog.SetEvents(azidentity.EventCredential)

Credentials log basic information only, such as GetToken success or failure and errors. These log entries don't contain authentication secrets but may contain sensitive information.

Next steps

Client and management modules listed on the Azure SDK releases page support authenticating with azidentity credential types. You can learn more about using these libraries in their documentation, which is linked from the release page.

Provide Feedback

If you encounter bugs or have suggestions, please open an issue.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Impressions

Documentation

Overview

azidentity provides Azure Active Directory token authentication for Azure SDK clients.

Azure SDK clients supporting token authentication can use any azidentity credential. For example, authenticating a resource group client with DefaultAzureCredential: 

cred, err := azidentity.NewDefaultAzureCredential(nil)
...
client := armresources.NewResourceGroupsClient("subscription ID", cred, nil)

Different credential types implement different authentication flows. Each credential's documentation describes how it authenticates.

Index

Examples

Constants

View Source 
const EventAuthentication log.Event = "Authentication"

EventAuthentication entries contain information about authentication. This includes information like the names of environment variables used when obtaining credentials and the type of credential used.

Variables

This section is empty.

Functions

func ParseCertificates 

func ParseCertificates(certData []byte, password []byte) ([]*x509.Certificate, crypto.PrivateKey, error)

ParseCertificates loads certificates and a private key for use with NewClientCertificateCredential. certData: certificate data encoded in PEM or PKCS12 format, including the certificate's private key. password: the password required to decrypt the private key. Pass nil if the key is not encrypted. This function can't decrypt keys in PEM format.

Types

type AuthenticationFailedError 

type AuthenticationFailedError interface {
	errorinfo.NonRetriable
	RawResponse() *http.Response
	// contains filtered or unexported methods
}

AuthenticationFailedError indicates an authentication request has failed.

type AuthorityHost 

type AuthorityHost string

AuthorityHost is the base URL for Azure Active Directory 

const (
	// AzureChina is a global constant to use in order to access the Azure China cloud.
	AzureChina AuthorityHost = "https://login.chinacloudapi.cn/"
	// AzureGovernment is a global constant to use in order to access the Azure Government cloud.
	AzureGovernment AuthorityHost = "https://login.microsoftonline.us/"
	// AzurePublicCloud is a global constant to use in order to access the Azure public cloud.
	AzurePublicCloud AuthorityHost = "https://login.microsoftonline.com/"
)

type AuthorizationCodeCredential 

type AuthorizationCodeCredential struct {
	// contains filtered or unexported fields
}

AuthorizationCodeCredential authenticates by redeeming an authorization code previously obtained from Azure Active Directory. The authorization code flow is described in more detail in Azure Active Directory documentation: https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow

func NewAuthorizationCodeCredential 

func NewAuthorizationCodeCredential(tenantID string, clientID string, authCode string, redirectURL string, options *AuthorizationCodeCredentialOptions) (*AuthorizationCodeCredential, error)

NewAuthorizationCodeCredential constructs an AuthorizationCodeCredential. tenantID: The application's Azure Active Directory tenant or directory ID. clientID: The application's client ID. authCode: The authorization code received from the authorization code flow. Note that authorization codes are single-use. redirectURL: The application's redirect URL. Must match the redirect URL used to request the authorization code. options: Optional configuration.

func (*AuthorizationCodeCredential) GetToken 

func (c *AuthorizationCodeCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (*azcore.AccessToken, error)

GetToken obtains a token from Azure Active Directory by redeeming the authorization code. This method is called automatically by Azure SDK clients. ctx: Context controlling the request lifetime. opts: Options for the token request, in particular the desired scope of the access token.

type AuthorizationCodeCredentialOptions 

type AuthorizationCodeCredentialOptions struct {
	azcore.ClientOptions

	// ClientSecret is one of the application's client secrets.
	ClientSecret string
	// AuthorityHost is the base URL of an Azure Active Directory authority. Defaults
	// to the value of environment variable AZURE_AUTHORITY_HOST, if set, or AzurePublicCloud.
	AuthorityHost AuthorityHost
}

AuthorizationCodeCredentialOptions contains optional parameters for AuthorizationCodeCredential.

type AzureCLICredential 

type AzureCLICredential struct {
	// contains filtered or unexported fields
}

AzureCLICredential authenticates as the identity logged in to the Azure CLI.

func NewAzureCLICredential 

func NewAzureCLICredential(options *AzureCLICredentialOptions) (*AzureCLICredential, error)

NewAzureCLICredential constructs an AzureCLICredential. options: Optional configuration.

func (*AzureCLICredential) GetToken 

func (c *AzureCLICredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (*azcore.AccessToken, error)

GetToken requests a token from the Azure CLI. This credential doesn't cache tokens, so every call invokes the CLI. This method is called automatically by Azure SDK clients. ctx: Context controlling the request lifetime. opts: Options for the token request, in particular the desired scope of the access token.

type AzureCLICredentialOptions 

type AzureCLICredentialOptions struct {

	// TenantID identifies the tenant the credential should authenticate in.
	// Defaults to the CLI's default tenant, which is typically the home tenant of the logged in user.
	TenantID string
	// contains filtered or unexported fields
}

AzureCLICredentialOptions contains optional parameters for AzureCLICredential.

type ChainedTokenCredential 

type ChainedTokenCredential struct {
	// contains filtered or unexported fields
}

ChainedTokenCredential is a chain of credentials that enables fallback behavior when a credential can't authenticate.

func NewChainedTokenCredential 

func NewChainedTokenCredential(sources []azcore.TokenCredential, options *ChainedTokenCredentialOptions) (*ChainedTokenCredential, error)

NewChainedTokenCredential creates a ChainedTokenCredential. sources: Credential instances to comprise the chain. GetToken() will invoke them in the given order. options: Optional configuration.

func (*ChainedTokenCredential) GetToken 

func (c *ChainedTokenCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (token *azcore.AccessToken, err error)

GetToken calls GetToken on the chained credentials in turn, stopping when one returns a token. This method is called automatically by Azure SDK clients. ctx: Context controlling the request lifetime. opts: Options for the token request, in particular the desired scope of the access token.

type ChainedTokenCredentialOptions 

type ChainedTokenCredentialOptions struct {
}

ChainedTokenCredentialOptions contains optional parameters for ChainedTokenCredential.

type ClientCertificateCredential 

type ClientCertificateCredential struct {
	// contains filtered or unexported fields
}

ClientCertificateCredential authenticates a service principal with a certificate.

func NewClientCertificateCredential 

func NewClientCertificateCredential(tenantID string, clientID string, certs []*x509.Certificate, key crypto.PrivateKey, options *ClientCertificateCredentialOptions) (*ClientCertificateCredential, error)

NewClientCertificateCredential constructs a ClientCertificateCredential. tenantID: The application's Azure Active Directory tenant or directory ID. clientID: The application's client ID. certs: one or more certificates, for example as returned by ParseCertificates() key: the signing certificate's private key, for example as returned by ParseCertificates() options: Optional configuration.

Example 
package main

import (
	"log"
	"os"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
)

const (
	certPath = "testdata/certificate.pem"
	clientID = "fake-client-id"
	tenantID = "fake-tenant"
)

var cred *azidentity.ClientCertificateCredential

func handleError(err error) {
	if err != nil {
		log.Panicf("example failed: %v", err)
	}
}

func main() {
	data, err := os.ReadFile(certPath)
	handleError(err)

	// NewClientCertificateCredential requires at least one *x509.Certificate, and a crypto.PrivateKey.
	// ParseCertificates returns these given certificate data in PEM or PKCS12 format. It handles common scenarios
	// but has limitations, for example it doesn't load PEM encrypted private keys.
	certs, key, err := azidentity.ParseCertificates(data, nil)
	handleError(err)

	cred, err = azidentity.NewClientCertificateCredential(tenantID, clientID, certs, key, nil)
	handleError(err)

}

Output:

func (*ClientCertificateCredential) GetToken 

func (c *ClientCertificateCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (*azcore.AccessToken, error)

GetToken obtains a token from Azure Active Directory. This method is called automatically by Azure SDK clients. ctx: Context controlling the request lifetime. opts: Options for the token request, in particular the desired scope of the access token.

type ClientCertificateCredentialOptions 

type ClientCertificateCredentialOptions struct {
	azcore.ClientOptions

	// SendCertificateChain controls whether the credential sends the public certificate chain in the x5c
	// header of each token request's JWT. This is required for Subject Name/Issuer (SNI) authentication.
	// Defaults to False.
	SendCertificateChain bool
	// AuthorityHost is the base URL of an Azure Active Directory authority. Defaults
	// to the value of environment variable AZURE_AUTHORITY_HOST, if set, or AzurePublicCloud.
	AuthorityHost AuthorityHost
}

ClientCertificateCredentialOptions contains optional parameters for ClientCertificateCredential.

type ClientID 

type ClientID string

ClientID is an identity's client ID. Use it with ManagedIdentityCredentialOptions, for example: ManagedIdentityCredentialOptions{ID: ClientID("7cf7db0d-...")}

func (ClientID) String 

func (c ClientID) String() string

type ClientSecretCredential 

type ClientSecretCredential struct {
	// contains filtered or unexported fields
}

ClientSecretCredential authenticates an application with a client secret.

func NewClientSecretCredential 

func NewClientSecretCredential(tenantID string, clientID string, clientSecret string, options *ClientSecretCredentialOptions) (*ClientSecretCredential, error)

NewClientSecretCredential constructs a ClientSecretCredential. tenantID: The application's Azure Active Directory tenant or directory ID. clientID: The application's client ID. clientSecret: One of the application's client secrets. options: Optional configuration.

func (*ClientSecretCredential) GetToken 

func (c *ClientSecretCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (*azcore.AccessToken, error)

GetToken obtains a token from Azure Active Directory. This method is called automatically by Azure SDK clients. ctx: Context used to control the request lifetime. opts: Options for the token request, in particular the desired scope of the access token.

type ClientSecretCredentialOptions 

type ClientSecretCredentialOptions struct {
	azcore.ClientOptions

	// AuthorityHost is the base URL of an Azure Active Directory authority. Defaults
	// to the value of environment variable AZURE_AUTHORITY_HOST, if set, or AzurePublicCloud.
	AuthorityHost AuthorityHost
}

ClientSecretCredentialOptions contains optional parameters for ClientSecretCredential.

type CredentialUnavailableError 

type CredentialUnavailableError interface {
	errorinfo.NonRetriable
	// contains filtered or unexported methods
}

CredentialUnavailableError indicates a credential can't attempt authenticate because it lacks required data or state.

type DefaultAzureCredential 

type DefaultAzureCredential struct {
	// contains filtered or unexported fields
}

DefaultAzureCredential is a default credential chain for applications that will deploy to Azure. It combines credentials suitable for deployment with credentials suitable for local development. It attempts to authenticate with each of these credential types, in the following order, stopping when one provides a token: - EnvironmentCredential - ManagedIdentityCredential - AzureCLICredential Consult the documentation for these credential types for more information on how they authenticate.

func NewDefaultAzureCredential 

func NewDefaultAzureCredential(options *DefaultAzureCredentialOptions) (*DefaultAzureCredential, error)

NewDefaultAzureCredential creates a DefaultAzureCredential.

func (*DefaultAzureCredential) GetToken 

func (c *DefaultAzureCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (token *azcore.AccessToken, err error)

GetToken obtains a token from Azure Active Directory. This method is called automatically by Azure SDK clients. ctx: Context used to control the request lifetime. opts: Options for the token request, in particular the desired scope of the access token.

type DefaultAzureCredentialOptions 

type DefaultAzureCredentialOptions struct {
	azcore.ClientOptions

	// AuthorityHost is the base URL of an Azure Active Directory authority. Defaults
	// to the value of environment variable AZURE_AUTHORITY_HOST, if set, or AzurePublicCloud.
	AuthorityHost AuthorityHost
	// TenantID identifies the tenant the Azure CLI should authenticate in.
	// Defaults to the CLI's default tenant, which is typically the home tenant of the user logged in to the CLI.
	TenantID string
}

DefaultAzureCredentialOptions contains optional parameters for DefaultAzureCredential. These options may not apply to all credentials in the chain.

type DeviceCodeCredential 

type DeviceCodeCredential struct {
	// contains filtered or unexported fields
}

DeviceCodeCredential acquires tokens for a user via the device code flow, which has the user browse to an Azure Active Directory URL, enter a code, and authenticate. It's useful for authenticating a user in an environment without a web browser, such as an SSH session. If a web browser is available, InteractiveBrowserCredential is more convenient because it automatically opens a browser to the login page.

func NewDeviceCodeCredential 

func NewDeviceCodeCredential(options *DeviceCodeCredentialOptions) (*DeviceCodeCredential, error)

NewDeviceCodeCredential creates a DeviceCodeCredential. options: Optional configuration.

func (*DeviceCodeCredential) GetToken 

func (c *DeviceCodeCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (*azcore.AccessToken, error)

GetToken obtains a token from Azure Active Directory. It will begin the device code flow and poll until the user completes authentication. This method is called automatically by Azure SDK clients. ctx: Context used to control the request lifetime. opts: Options for the token request, in particular the desired scope of the access token.

type DeviceCodeCredentialOptions 

type DeviceCodeCredentialOptions struct {
	azcore.ClientOptions

	// TenantID is the Azure Active Directory tenant the credential authenticates in. Defaults to the
	// "organizations" tenant, which can authenticate work and school accounts. Required for single-tenant
	// applications.
	TenantID string
	// ClientID is the ID of the application users will authenticate to.
	// Defaults to the ID of an Azure development application.
	ClientID string
	// UserPrompt controls how the credential presents authentication instructions. The credential calls
	// this function with authentication details when it receives a device code. By default, the credential
	// prints these details to stdout.
	UserPrompt func(context.Context, DeviceCodeMessage) error
	// AuthorityHost is the base URL of an Azure Active Directory authority. Defaults
	// to the value of environment variable AZURE_AUTHORITY_HOST, if set, or AzurePublicCloud.
	AuthorityHost AuthorityHost
}

DeviceCodeCredentialOptions contains optional parameters for DeviceCodeCredential.

type DeviceCodeMessage 

type DeviceCodeMessage struct {
	// UserCode is the user code returned by the service.
	UserCode string `json:"user_code"`
	// VerificationURL is the URL at which the user must authenticate.
	VerificationURL string `json:"verification_uri"`
	// Message is user instruction from Azure Active Directory.
	Message string `json:"message"`
}

DeviceCodeMessage contains the information a user needs to complete authentication.

type EnvironmentCredential 

type EnvironmentCredential struct {
	// contains filtered or unexported fields
}

EnvironmentCredential authenticates a service principal with a secret or certificate, or a user with a password, depending on environment variable configuration. It reads configuration from these variables, in the following order:

Service principal: - AZURE_TENANT_ID: ID of the service principal's tenant. Also called its "directory" ID. - AZURE_CLIENT_ID: the service principal's client ID - AZURE_CLIENT_SECRET: one of the service principal's client secrets

Service principal with certificate:

  • AZURE_TENANT_ID: ID of the service principal's tenant. Also called its "directory" ID.
  • AZURE_CLIENT_ID: the service principal's client ID
  • AZURE_CLIENT_CERTIFICATE_PATH: path to a PEM or PKCS12 certificate file including the private key. The certificate must not be password-protected.

User with username and password:

  • AZURE_CLIENT_ID: the application's client ID
  • AZURE_USERNAME: a username (usually an email address)
  • AZURE_PASSWORD: that user's password
  • AZURE_TENANT_ID: (optional) tenant to authenticate in. If not set, defaults to the "organizations" tenant, which can authenticate only Azure Active Directory work or school accounts.

func NewEnvironmentCredential 

func NewEnvironmentCredential(options *EnvironmentCredentialOptions) (*EnvironmentCredential, error)

NewEnvironmentCredential creates an EnvironmentCredential. options: Optional configuration.

func (*EnvironmentCredential) GetToken 

func (c *EnvironmentCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (*azcore.AccessToken, error)

GetToken obtains a token from Azure Active Directory. This method is called automatically by Azure SDK clients. ctx: Context used to control the request lifetime. opts: Options for the token request, in particular the desired scope of the access token.

type EnvironmentCredentialOptions 

type EnvironmentCredentialOptions struct {
	azcore.ClientOptions

	// AuthorityHost is the base URL of an Azure Active Directory authority. Defaults
	// to the value of environment variable AZURE_AUTHORITY_HOST, if set, or AzurePublicCloud.
	AuthorityHost AuthorityHost
}

EnvironmentCredentialOptions contains optional parameters for EnvironmentCredential

type InteractiveBrowserCredential 

type InteractiveBrowserCredential struct {
	// contains filtered or unexported fields
}

InteractiveBrowserCredential opens a browser to interactively authenticate a user.

func NewInteractiveBrowserCredential 

func NewInteractiveBrowserCredential(options *InteractiveBrowserCredentialOptions) (*InteractiveBrowserCredential, error)

NewInteractiveBrowserCredential constructs a new InteractiveBrowserCredential. options: Optional configuration.

func (*InteractiveBrowserCredential) GetToken 

func (c *InteractiveBrowserCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (*azcore.AccessToken, error)

GetToken obtains a token from Azure Active Directory. This method is called automatically by Azure SDK clients. ctx: Context used to control the request lifetime. opts: Options for the token request, in particular the desired scope of the access token.

type InteractiveBrowserCredentialOptions 

type InteractiveBrowserCredentialOptions struct {
	azcore.ClientOptions

	// TenantID is the Azure Active Directory tenant the credential authenticates in. Defaults to the
	// "organizations" tenant, which can authenticate work and school accounts.
	TenantID string
	// ClientID is the ID of the application users will authenticate to.
	// Defaults to the ID of an Azure development application.
	ClientID string
	// RedirectURL will be supported in a future version but presently doesn't work: https://github.com/Azure/azure-sdk-for-go/issues/15632.
	// Applications which have "http://localhost" registered as a redirect URL need not set this option.
	ClientSecret string
	RedirectURL  string
	// AuthorityHost is the base URL of an Azure Active Directory authority. Defaults
	// to the value of environment variable AZURE_AUTHORITY_HOST, if set, or AzurePublicCloud.
	AuthorityHost AuthorityHost
}

InteractiveBrowserCredentialOptions contains optional parameters for InteractiveBrowserCredential.

type ManagedIDKind 

type ManagedIDKind interface {
	fmt.Stringer
	// contains filtered or unexported methods
}

ManagedIDKind identifies the ID of a managed identity as either a client or resource ID

type ManagedIdentityCredential 

type ManagedIdentityCredential struct {
	// contains filtered or unexported fields
}

ManagedIdentityCredential authenticates with an Azure managed identity in any hosting environment which supports managed identities. This credential defaults to using a system-assigned identity. Use ManagedIdentityCredentialOptions.ID to specify a user-assigned identity. See Azure Active Directory documentation for more information about managed identities: https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview

func NewManagedIdentityCredential 

func NewManagedIdentityCredential(options *ManagedIdentityCredentialOptions) (*ManagedIdentityCredential, error)

NewManagedIdentityCredential creates a ManagedIdentityCredential. options: Optional configuration.

func (*ManagedIdentityCredential) GetToken 

func (c *ManagedIdentityCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (*azcore.AccessToken, error)

GetToken obtains a token from Azure Active Directory. This method is called automatically by Azure SDK clients. ctx: Context used to control the request lifetime. opts: Options for the token request, in particular the desired scope of the access token.

type ManagedIdentityCredentialOptions 

type ManagedIdentityCredentialOptions struct {
	azcore.ClientOptions

	// ID is the ID of a managed identity the credential should authenticate. Set this field to use a specific identity
	// instead of the hosting environment's default. The value may be the identity's client ID or resource ID, but note that
	// some platforms don't accept resource IDs.
	ID ManagedIDKind
}

ManagedIdentityCredentialOptions contains optional parameters for ManagedIdentityCredential.

type ResourceID 

type ResourceID string

ResourceID is an identity's resource ID. Use it with ManagedIdentityCredentialOptions, for example: ManagedIdentityCredentialOptions{ID: ResourceID("/subscriptions/...")}

func (ResourceID) String 

func (r ResourceID) String() string

type UsernamePasswordCredential 

type UsernamePasswordCredential struct {
	// contains filtered or unexported fields
}

UsernamePasswordCredential authenticates user with a password. Microsoft doesn't recommend this kind of authentication, because it's less secure than other authentication flows. This credential is not interactive, so it isn't compatible with any form of multi-factor authentication, and the application must already have user or admin consent. This credential can only authenticate work and school accounts; it can't authenticate Microsoft accounts.

func NewUsernamePasswordCredential 

func NewUsernamePasswordCredential(tenantID string, clientID string, username string, password string, options *UsernamePasswordCredentialOptions) (*UsernamePasswordCredential, error)

NewUsernamePasswordCredential creates a UsernamePasswordCredential. tenantID: The ID of the Azure Active Directory tenant the credential authenticates in. clientID: The ID of the application users will authenticate to. username: A username (typically an email address). password: That user's password. options: Optional configuration.

func (*UsernamePasswordCredential) GetToken 

func (c *UsernamePasswordCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (*azcore.AccessToken, error)

GetToken obtains a token from Azure Active Directory. This method is called automatically by Azure SDK clients. ctx: Context used to control the request lifetime. opts: Options for the token request, in particular the desired scope of the access token.

type UsernamePasswordCredentialOptions 

type UsernamePasswordCredentialOptions struct {
	azcore.ClientOptions

	// AuthorityHost is the base URL of an Azure Active Directory authority. Defaults
	// to the value of environment variable AZURE_AUTHORITY_HOST, if set, or AzurePublicCloud.
	AuthorityHost AuthorityHost
}

UsernamePasswordCredentialOptions contains optional parameters for UsernamePasswordCredential.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.