azure.identity.aio package¶
Module contents¶
Credentials for asynchronous Azure SDK clients.
-
class
azure.identity.aio.
AuthorizationCodeCredential
(tenant_id: str, client_id: str, authorization_code: str, redirect_uri: str, **kwargs)[source]¶ Bases:
azure.identity.aio._credentials.base.AsyncCredentialBase
Authenticates by redeeming an authorization code previously obtained from Azure Active Directory.
See https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow for more information about the authentication flow.
Parameters: - tenant_id (str) – ID of the application’s Azure Active Directory tenant. Also called its ‘directory’ ID.
- client_id (str) – the application’s client ID
- authorization_code (str) – the authorization code from the user’s log-in
- redirect_uri (str) – The application’s redirect URI. Must match the URI used to request the authorization code.
Keyword Arguments: - authority (str) – Authority of an Azure Active Directory endpoint, for example ‘login.microsoftonline.com’,
the authority for Azure Public Cloud (which is the default).
KnownAuthorities
defines authorities for other clouds. - client_secret (str) – One of the application’s client secrets. Required only for web apps and web APIs.
-
get_token
(*scopes, **kwargs) → AccessToken[source]¶ Request an access token for
scopes
.The first time this method is called, the credential will redeem its authorization code. On subsequent calls the credential will return a cached access token or redeem a refresh token, if it acquired a refresh token upon redeeming the authorization code.
Note
This method is called by Azure SDK clients. It isn’t intended for use in application code.
Parameters: scopes (str) – desired scopes for the access token
Return type: Raises: Keyword Arguments: - executor (Executor) – An Executor instance used to execute asynchronous calls
- loop – An event loop on which to schedule network I/O. If not provided, the currently running loop will be used.
-
class
azure.identity.aio.
CertificateCredential
(tenant_id, client_id, certificate_path, **kwargs)[source]¶ Bases:
azure.identity._base.CertificateCredentialBase
,azure.identity.aio._credentials.base.AsyncCredentialBase
Authenticates as a service principal using a certificate.
Parameters: - tenant_id (str) – ID of the service principal’s tenant. Also called its ‘directory’ ID.
- client_id (str) – the service principal’s client ID
- certificate_path (str) – path to a PEM-encoded certificate file including the private key
Keyword Arguments: - authority (str) – Authority of an Azure Active Directory endpoint, for example ‘login.microsoftonline.com’,
the authority for Azure Public Cloud (which is the default).
KnownAuthorities
defines authorities for other clouds. - password (str or bytes) – The certificate’s password. If a unicode string, it will be encoded as UTF-8. If the certificate requires a different encoding, pass appropriately encoded bytes instead.
-
get_token
(*scopes, **kwargs) → AccessToken[source]¶ Asynchronously request an access token for scopes.
Note
This method is called by Azure SDK clients. It isn’t intended for use in application code.
Parameters: scopes (str) – desired scopes for the token Return type: azure.core.credentials.AccessToken
Raises: ClientAuthenticationError –
-
class
azure.identity.aio.
ClientSecretCredential
(tenant_id: str, client_id: str, client_secret: str, **kwargs)[source]¶ Bases:
azure.identity._base.ClientSecretCredentialBase
,azure.identity.aio._credentials.base.AsyncCredentialBase
Authenticates as a service principal using a client ID and client secret.
Parameters: - tenant_id (str) – ID of the service principal’s tenant. Also called its ‘directory’ ID.
- client_id (str) – the service principal’s client ID
- client_secret (str) – one of the service principal’s client secrets
Keyword Arguments: authority (str) – Authority of an Azure Active Directory endpoint, for example ‘login.microsoftonline.com’, the authority for Azure Public Cloud (which is the default).
KnownAuthorities
defines authorities for other clouds.-
get_token
(*scopes, **kwargs) → AccessToken[source]¶ Asynchronously request an access token for scopes.
Note
This method is called by Azure SDK clients. It isn’t intended for use in application code.
Parameters: scopes (str) – desired scopes for the token Return type: azure.core.credentials.AccessToken
Raises: ClientAuthenticationError –
-
class
azure.identity.aio.
DefaultAzureCredential
(**kwargs)[source]¶ Bases:
azure.identity.aio._credentials.chained.ChainedTokenCredential
A default credential capable of handling most Azure SDK authentication scenarios.
The identity it uses depends on the environment. When an access token is needed, it requests one using these identities in turn, stopping when one provides a token:
- A service principal configured by environment variables. See
EnvironmentCredential
for more details. - An Azure managed identity. See
ManagedIdentityCredential
for more details. - On Windows only: a user who has signed in with a Microsoft application, such as Visual Studio. If multiple
identities are in the cache, then the value of the environment variable
AZURE_USERNAME
is used to select which identity to use. SeeSharedTokenCacheCredential
for more details.
This default behavior is configurable with keyword arguments.
Keyword Arguments: - authority (str) – Authority of an Azure Active Directory endpoint, for example ‘login.microsoftonline.com’,
the authority for Azure Public Cloud (which is the default).
KnownAuthorities
defines authorities for other clouds. Managed identities ignore this because they reside in a single cloud. - exclude_environment_credential (bool) – Whether to exclude a service principal configured by environment variables from the credential. Defaults to False.
- exclude_managed_identity_credential (bool) – Whether to exclude managed identity from the credential. Defaults to False.
- exclude_shared_token_cache_credential (bool) – Whether to exclude the shared token cache. Defaults to False.
- shared_cache_username (str) – Preferred username for
SharedTokenCacheCredential
. Defaults to the value of environment variable AZURE_USERNAME, if any. - shared_cache_tenant_id (str) – Preferred tenant for
SharedTokenCacheCredential
. Defaults to the value of environment variable AZURE_TENANT_ID, if any.
-
get_token
(*scopes, **kwargs)[source]¶ Asynchronously request an access token for scopes.
Note
This method is called by Azure SDK clients. It isn’t intended for use in application code.
Parameters: scopes (str) – desired scopes for the token Raises: ClientAuthenticationError – authentication failed. The exception has a message attribute listing each authentication attempt and its error message.
- A service principal configured by environment variables. See
-
class
azure.identity.aio.
EnvironmentCredential
(**kwargs)[source]¶ Bases:
azure.identity.aio._credentials.base.AsyncCredentialBase
A credential configured by environment variables.
This credential is capable of authenticating as a service principal using a client secret or a certificate, or as a user with a username and password. Configuration is attempted in this order, using these environment variables:
- Service principal with secret:
- AZURE_TENANT_ID: ID of the service principal’s tenant. Also called its ‘directory’ ID.
- AZURE_CLIENT_ID: the service principal’s client ID
- AZURE_CLIENT_SECRET: one of the service principal’s client secrets
- Service principal with certificate:
- AZURE_TENANT_ID: ID of the service principal’s tenant. Also called its ‘directory’ ID.
- AZURE_CLIENT_ID: the service principal’s client ID
- AZURE_CLIENT_CERTIFICATE_PATH: path to a PEM-encoded certificate file including the private key The certificate must not be password-protected.
-
get_token
(*scopes, **kwargs) → AccessToken[source]¶ Asynchronously request an access token for scopes.
Note
This method is called by Azure SDK clients. It isn’t intended for use in application code.
Parameters: scopes (str) – desired scopes for the token Return type: azure.core.credentials.AccessToken
Raises: ClientAuthenticationError –
-
class
azure.identity.aio.
ManagedIdentityCredential
(**kwargs)[source]¶ Bases:
object
Authenticates with an Azure managed identity in any hosting environment which supports managed identities.
See the Azure Active Directory documentation for more information about managed identities: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
Keyword Arguments: client_id (str) – ID of a user-assigned identity. Leave unspecified to use a system-assigned identity. -
get_token
(*scopes, **kwargs) → AccessToken[source]¶ Asynchronously request an access token for scopes.
Note
This method is called by Azure SDK clients. It isn’t intended for use in application code.
Parameters: scopes (str) – desired scopes for the token Return type: azure.core.credentials.AccessToken
Raises: ClientAuthenticationError –
-
-
class
azure.identity.aio.
ChainedTokenCredential
(*credentials)[source]¶ Bases:
azure.identity.aio._credentials.base.AsyncCredentialBase
A sequence of credentials that is itself a credential.
Its
get_token()
method callsget_token
on each credential in the sequence, in order, returning the first valid token received.Parameters: credentials ( azure.core.credentials.AsyncTokenCredential
) – credential instances to form the chain-
get_token
(*scopes, **kwargs) → AccessToken[source]¶ Asynchronously request a token from each credential, in order, returning the first token received.
If no credential provides a token, raises
azure.core.exceptions.ClientAuthenticationError
with an error message from each credential.Note
This method is called by Azure SDK clients. It isn’t intended for use in application code.
Parameters: scopes (str) – desired scopes for the token Raises: ClientAuthenticationError –
-
Bases:
azure.identity._internal.shared_token_cache.SharedTokenCacheBase
,azure.identity.aio._credentials.base.AsyncCredentialBase
Authenticates using tokens in the local cache shared between Microsoft applications.
Parameters: username (str) – Username (typically an email address) of the user to authenticate as. This is required because the local cache may contain tokens for multiple identities. Close the credential’s transport session.
Get an access token for scopes from the shared cache.
Note
This method is called by Azure SDK clients. It isn’t intended for use in application code.
If no access token is cached, attempt to acquire one using a cached refresh token.
Parameters: scopes (str) – desired scopes for the token Return type: azure.core.credentials.AccessToken
Raises: ClientAuthenticationError – when the cache is unavailable or no access token can be acquired from it Keyword Arguments: authority (str) – Authority of an Azure Active Directory endpoint, for example ‘login.microsoftonline.com’, the authority for Azure Public Cloud (which is the default). KnownAuthorities
defines authorities for other clouds.