com.azure.identity.UsernamePasswordCredential Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of azure-identity Show documentation
Show all versions of azure-identity Show documentation
This module contains client library for Microsoft Azure Identity.
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
package com.azure.identity;
import com.azure.core.annotation.Immutable;
import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.util.logging.ClientLogger;
import com.azure.identity.implementation.IdentityClient;
import com.azure.identity.implementation.IdentityClientBuilder;
import com.azure.identity.implementation.IdentityClientOptions;
import com.azure.identity.implementation.IdentitySyncClient;
import com.azure.identity.implementation.MsalAuthenticationAccount;
import com.azure.identity.implementation.MsalToken;
import com.azure.identity.implementation.util.LoggingUtil;
import reactor.core.publisher.Mono;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicReference;
/**
* An AAD credential that acquires a token with a username and a password. Users with 2FA/MFA (Multi-factored auth)
* turned on will not be able to use this credential. Please use {@link DeviceCodeCredential} or {@link
* InteractiveBrowserCredential} instead, or create a service principal if you want to authenticate silently.
*/
@Immutable
public class UsernamePasswordCredential implements TokenCredential {
private static final ClientLogger LOGGER = new ClientLogger(UsernamePasswordCredential.class);
private final String username;
private final String password;
private final IdentityClient identityClient;
private final IdentitySyncClient identitySyncClient;
private final String authorityHost;
private final AtomicReference cachedToken;
/**
* Creates a UserCredential with the given identity client options.
*
* @param clientId the client ID of the application
* @param tenantId the tenant ID of the application
* @param username the username of the user
* @param password the password of the user
* @param identityClientOptions the options for configuring the identity client
*/
UsernamePasswordCredential(String clientId, String tenantId, String username, String password,
IdentityClientOptions identityClientOptions) {
Objects.requireNonNull(username, "'username' cannot be null.");
Objects.requireNonNull(password, "'password' cannot be null.");
this.username = username;
this.password = password;
IdentityClientBuilder builder =
new IdentityClientBuilder()
.tenantId(tenantId)
.clientId(clientId)
.identityClientOptions(identityClientOptions);
identityClient = builder.build();
identitySyncClient = builder.buildSyncClient();
cachedToken = new AtomicReference<>();
this.authorityHost = identityClientOptions.getAuthorityHost();
}
@Override
public Mono getToken(TokenRequestContext request) {
return Mono.defer(() -> {
if (cachedToken.get() != null) {
return identityClient.authenticateWithPublicClientCache(request, cachedToken.get())
.onErrorResume(t -> Mono.empty());
} else {
return Mono.empty();
}
}).switchIfEmpty(Mono.defer(() -> identityClient.authenticateWithUsernamePassword(request, username, password)))
.map(this::updateCache)
.doOnNext(token -> LoggingUtil.logTokenSuccess(LOGGER, request))
.doOnError(error -> LoggingUtil.logTokenError(LOGGER, identityClient.getIdentityClientOptions(),
request, error));
}
@Override
public AccessToken getTokenSync(TokenRequestContext request) {
if (cachedToken.get() != null) {
try {
return identitySyncClient.authenticateWithPublicClientCache(request, cachedToken.get());
} catch (Exception e) { }
}
try {
MsalToken accessToken = identitySyncClient.authenticateWithUsernamePassword(request, username, password);
updateCache(accessToken);
LoggingUtil.logTokenSuccess(LOGGER, request);
return accessToken;
} catch (Exception e) {
LoggingUtil.logTokenError(LOGGER, identityClient.getIdentityClientOptions(), request, e);
throw e;
}
}
/**
* Authenticates the user using the specified username and password.
*
* @param request The details of the authentication request.
*
* @return The {@link AuthenticationRecord} of the authenticated account.
*/
public Mono authenticate(TokenRequestContext request) {
return Mono.defer(() -> identityClient.authenticateWithUsernamePassword(request, username, password))
.map(this::updateCache)
.map(msalToken -> cachedToken.get().getAuthenticationRecord());
}
/**
* Authenticates the user using the specified username and password.
*
* @return The {@link AuthenticationRecord} of the authenticated account.
*/
public Mono authenticate() {
String defaultScope = AzureAuthorityHosts.getDefaultScope(authorityHost);
if (defaultScope == null) {
return Mono.error(LoggingUtil.logCredentialUnavailableException(LOGGER,
identityClient.getIdentityClientOptions(), new CredentialUnavailableException("Authenticating in this "
+ "environment requires specifying a TokenRequestContext.")));
}
return authenticate(new TokenRequestContext().addScopes(defaultScope));
}
private AccessToken updateCache(MsalToken msalToken) {
cachedToken.set(
new MsalAuthenticationAccount(
new AuthenticationRecord(msalToken.getAuthenticationResult(),
identityClient.getTenantId(), identityClient.getClientId()),
msalToken.getAccount().getTenantProfiles()));
return msalToken;
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy