-
Notifications
You must be signed in to change notification settings - Fork 250
/
Copy pathazure.identity.DefaultAzureCredential.yml
239 lines (209 loc) · 9.67 KB
/
azure.identity.DefaultAzureCredential.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
### YamlMime:PythonClass
uid: azure.identity.DefaultAzureCredential
name: DefaultAzureCredential
fullName: azure.identity.DefaultAzureCredential
module: azure.identity
summary: "A credential capable of handling most Azure SDK authentication scenarios.\
\ For more information, See\n[Usage guidance for DefaultAzureCredential](https://aka.ms/azsdk/python/identity/credential-chains#usage-guidance-for-defaultazurecredential).\n\n\
\ The identity it uses depends on the environment. When an access token is needed,\
\ it requests one using these\nidentities in turn, stopping when one provides a\
\ token:\n\n1. A service principal configured by environment variables. See <xref:azure.identity.EnvironmentCredential>\
\ for more details. \n\n2. WorkloadIdentityCredential if environment variable configuration\
\ is set by the Azure workload identity webhook. \n\n3. An Azure managed identity.\
\ See <xref:azure.identity.ManagedIdentityCredential> for more details. \n\n4. On\
\ Windows only: a user who has signed in with a Microsoft application, such as Visual\
\ Studio. If multiple identities are in the cache, then the value of the environment\
\ variable `AZURE_USERNAME` is used to select which identity to use. See <xref:azure.identity.SharedTokenCacheCredential>\
\ for more details. \n\n5. The identity currently logged in to the Azure CLI. \n\
\n6. The identity currently logged in to Azure PowerShell. \n\n7. The identity currently\
\ logged in to the Azure Developer CLI. \n\nThis default behavior is configurable\
\ with keyword arguments."
constructor:
syntax: 'DefaultAzureCredential(**kwargs: Any)'
keywordOnlyParameters:
- name: authority
description: 'Authority of a Microsoft Entra endpoint, for example ''login.microsoftonline.com'',
the authority for Azure Public Cloud (which is the default). <xref:azure.identity.AzureAuthorityHosts>
defines authorities for other clouds. Managed identities ignore this because
they reside in a single cloud.'
types:
- <xref:str>
- name: exclude_workload_identity_credential
description: 'Whether to exclude the workload identity from the credential.
Defaults to **False**.'
types:
- <xref:bool>
- name: exclude_developer_cli_credential
description: 'Whether to exclude the Azure Developer CLI
from the credential. Defaults to **False**.'
types:
- <xref:bool>
- name: exclude_cli_credential
description: Whether to exclude the Azure CLI from the credential. Defaults to
**False**.
types:
- <xref:bool>
- name: exclude_environment_credential
description: 'Whether to exclude a service principal configured by environment
variables from the credential. Defaults to **False**.'
types:
- <xref:bool>
- name: exclude_managed_identity_credential
description: 'Whether to exclude managed identity from the credential.
Defaults to **False**.'
types:
- <xref:bool>
- name: exclude_powershell_credential
description: Whether to exclude Azure PowerShell. Defaults to **False**.
types:
- <xref:bool>
- name: exclude_visual_studio_code_credential
description: 'Whether to exclude stored credential from VS Code.
Defaults to **True**.'
types:
- <xref:bool>
- name: exclude_shared_token_cache_credential
description: 'Whether to exclude the shared token cache. Defaults to
**False**.'
types:
- <xref:bool>
- name: exclude_interactive_browser_credential
description: 'Whether to exclude interactive browser authentication (see
<xref:azure.identity.InteractiveBrowserCredential>). Defaults to **True**.'
types:
- <xref:bool>
- name: interactive_browser_tenant_id
description: 'Tenant ID to use when authenticating a user through
<xref:azure.identity.InteractiveBrowserCredential>. Defaults to the value of
environment variable
AZURE_TENANT_ID, if any. If unspecified, users will authenticate in their home
tenants.'
types:
- <xref:str>
- name: managed_identity_client_id
description: 'The client ID of a user-assigned managed identity. Defaults to the
value
of the environment variable AZURE_CLIENT_ID, if any. If not specified, a system-assigned
identity will be used.'
types:
- <xref:str>
- name: workload_identity_client_id
description: 'The client ID of an identity assigned to the pod. Defaults to the
value
of the environment variable AZURE_CLIENT_ID, if any. If not specified, the pod''s
default identity will be used.'
types:
- <xref:str>
- name: workload_identity_tenant_id
description: 'Preferred tenant for <xref:azure.identity.WorkloadIdentityCredential>.
Defaults to the value of environment variable AZURE_TENANT_ID, if any.'
types:
- <xref:str>
- name: interactive_browser_client_id
description: 'The client ID to be used in interactive browser credential. If not
specified, users will authenticate to an Azure development application.'
types:
- <xref:str>
- name: shared_cache_username
description: 'Preferred username for <xref:azure.identity.SharedTokenCacheCredential>.
Defaults to the value of environment variable AZURE_USERNAME, if any.'
types:
- <xref:str>
- name: shared_cache_tenant_id
description: 'Preferred tenant for <xref:azure.identity.SharedTokenCacheCredential>.
Defaults to the value of environment variable AZURE_TENANT_ID, if any.'
types:
- <xref:str>
- name: visual_studio_code_tenant_id
description: 'Tenant ID to use when authenticating with
<xref:azure.identity.VisualStudioCodeCredential>. Defaults to the "Azure: Tenant"
setting in VS Code''s user
settings or, when that setting has no value, the "organizations" tenant, which
supports only Azure Active
Directory work or school accounts.'
types:
- <xref:str>
- name: process_timeout
description: 'The timeout in seconds to use for developer credentials that run
subprocesses (e.g. AzureCliCredential, AzurePowerShellCredential). Defaults
to **10** seconds.'
types:
- <xref:int>
examples:
- "Create a DefaultAzureCredential.<!--[!code-python[Main](les\\credential_creation_code_snippets.py\
\ )]-->\n\n<!-- literal_block {\"ids\": [], \"classes\": [], \"names\": [], \"dupnames\"\
: [], \"backrefs\": [], \"source\": \"C:\\\\hostedtoolcache\\\\windows\\\\Python\\\
\\3.11.10\\\\x64\\\\Lib\\\\site-packages\\\\py2docfx\\\\dist_temp\\\\56\\\\azure_identity-1.21.0\\\
\\samples\\\\credential_creation_code_snippets.py\", \"xml:space\": \"preserve\"\
, \"force\": false, \"language\": \"python\", \"highlight_args\": {\"linenostart\"\
: 1}, \"linenos\": false} -->\n\n````python\n\n from azure.identity import DefaultAzureCredential\n\
\n credential = DefaultAzureCredential()\n\n ````\n"
methods:
- uid: azure.identity.DefaultAzureCredential.close
name: close
summary: Close the transport session of each credential in the chain.
signature: close() -> None
- uid: azure.identity.DefaultAzureCredential.get_token
name: get_token
summary: 'Request an access token for *scopes*.
This method is called automatically by Azure SDK clients.'
signature: 'get_token(*scopes: str, claims: str | None = None, tenant_id: str |
None = None, **kwargs: Any) -> AccessToken'
parameters:
- name: scopes
description: 'desired scopes for the access token. This method requires at least
one scope.
For more information about scopes, see
[https://learn.microsoft.com/entra/identity-platform/scopes-oidc](https://learn.microsoft.com/entra/identity-platform/scopes-oidc).'
isRequired: true
types:
- <xref:str>
keywordOnlyParameters:
- name: claims
description: 'additional claims required in the token, such as those returned
in a resource provider''s
claims challenge following an authorization failure.'
types:
- <xref:str>
- name: tenant_id
description: optional tenant to include in the token request.
types:
- <xref:str>
return:
description: An access token with the desired scopes.
types:
- <xref:azure.core.credentials.AccessToken>
exceptions:
- type: azure.core.exceptions.ClientAuthenticationError
description: authentication failed. The exception has a *message* attribute listing
each authentication attempt and its error message.
- uid: azure.identity.DefaultAzureCredential.get_token_info
name: get_token_info
summary: 'Request an access token for *scopes*.
This is an alternative to *get_token* to enable certain scenarios that require
additional properties
on the token. This method is called automatically by Azure SDK clients.'
signature: 'get_token_info(*scopes: str, options: TokenRequestOptions | None = None)
-> AccessTokenInfo'
parameters:
- name: scopes
description: 'desired scopes for the access token. This method requires at least
one scope.
For more information about scopes, see [https://learn.microsoft.com/entra/identity-platform/scopes-oidc](https://learn.microsoft.com/entra/identity-platform/scopes-oidc).'
isRequired: true
types:
- <xref:str>
keywordOnlyParameters:
- name: options
description: A dictionary of options for the token request. Unknown options will
be ignored. Optional.
types:
- <xref:azure.core.credentials.TokenRequestOptions>
return:
description: An AccessTokenInfo instance containing information about the token.
types:
- <xref:azure.core.credentials.AccessTokenInfo>
exceptions:
- type: azure.core.exceptions.ClientAuthenticationError
description: authentication failed. The exception has a *message* attribute listing
each authentication attempt and its error message.