com.azure.identity.AzureDeveloperCliCredential Maven / Gradle / Ivy
Show all versions of azure-identity Show documentation
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
package com.azure.identity;
import com.azure.core.annotation.Immutable;
import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.util.logging.ClientLogger;
import com.azure.identity.implementation.IdentityClient;
import com.azure.identity.implementation.IdentityClientBuilder;
import com.azure.identity.implementation.IdentityClientOptions;
import com.azure.identity.implementation.IdentitySyncClient;
import com.azure.identity.implementation.util.LoggingUtil;
import reactor.core.publisher.Mono;
/**
* Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy
* resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific
* to Azure developers. It allows users to authenticate as a user and/or a service principal against
* Microsoft Entra ID.
* The AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
* the logged-in user or service principal in Azure Developer CLI. It acts as the Azure Developer CLI logged in user or
* service principal and executes an Azure CLI command underneath to authenticate the application against
* Microsoft Entra ID.
*
* Configure AzureDeveloperCliCredential
*
* To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the
* commands below:
*
*
* - Run "azd auth login" in Azure Developer CLI to authenticate interactively as a user.
* - Run "azd auth login --client-id {@code clientID} --client-secret {@code clientSecret}
* --tenant-id {@code tenantID}" to authenticate as a service principal.
*
*
* You may need to repeat this process after a certain time period, depending on the refresh token validity in your
* organization. Generally, the refresh token validity period is a few weeks to a few months.
* AzureDeveloperCliCredential will prompt you to sign in again.
*
* Sample: Construct AzureDeveloperCliCredential
*
* The following code sample demonstrates the creation of a {@link com.azure.identity.AzureDeveloperCliCredential},
* using the {@link com.azure.identity.AzureDeveloperCliCredentialBuilder} to configure it. Once this credential is
* created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential'
* parameter.
*
*
*
* TokenCredential azureDevCliCredential = new AzureDeveloperCliCredentialBuilder()
* .build();
*
*
*
* @see com.azure.identity
* @see AzureDeveloperCliCredentialBuilder
*/
@Immutable
public class AzureDeveloperCliCredential implements TokenCredential {
private static final ClientLogger LOGGER = new ClientLogger(AzureDeveloperCliCredential.class);
private final IdentityClient identityClient;
private final IdentitySyncClient identitySyncClient;
/**
* Creates an AzureDeveloperCliSecretCredential with default identity client options.
* @param tenantId the tenant id of the application
* @param identityClientOptions the options to configure the identity client
*/
AzureDeveloperCliCredential(String tenantId, IdentityClientOptions identityClientOptions) {
IdentityClientBuilder builder = new IdentityClientBuilder()
.tenantId(tenantId)
.identityClientOptions(identityClientOptions);
identityClient = builder.build();
identitySyncClient = builder.buildSyncClient();
}
@Override
public Mono getToken(TokenRequestContext request) {
return identityClient.authenticateWithAzureDeveloperCli(request)
.doOnNext(token -> LoggingUtil.logTokenSuccess(LOGGER, request))
.doOnError(error -> LoggingUtil.logTokenError(LOGGER, identityClient.getIdentityClientOptions(), request,
error))
.onErrorMap(error -> {
if (identityClient.getIdentityClientOptions().isChained()) {
return new CredentialUnavailableException(error.getMessage(), error);
} else {
return error;
}
});
}
@Override
public AccessToken getTokenSync(TokenRequestContext request) {
try {
AccessToken accessToken = identitySyncClient.authenticateWithAzureDeveloperCli(request);
LoggingUtil.logTokenSuccess(LOGGER, request);
return accessToken;
} catch (Exception e) {
LoggingUtil.logTokenError(LOGGER, identityClient.getIdentityClientOptions(), request, e);
if (identityClient.getIdentityClientOptions().isChained()) {
throw new CredentialUnavailableException(e.getMessage(), e);
} else {
throw e;
}
}
}
}