tessl/maven-com-azure--azure-core
Azure Core provides shared primitives, abstractions, and helpers for modern Java Azure SDK client libraries
—
Pending
authentication.mddocs/
Authentication System
Comprehensive credential management supporting Azure Active Directory tokens, API keys, SAS tokens, and custom authentication schemes with automatic token refresh and secure credential rotation.
Capabilities
TokenCredential Interface
Core interface for obtaining access tokens for Azure Active Directory authentication with support for various scopes and tenant configurations.
/**
* The interface for credentials that can provide a token.
*/
@FunctionalInterface
interface TokenCredential {
/**
* Asynchronously get a token for a given resource/audience.
* @param request The details of the token request
* @return A Mono containing the access token
*/
Mono<AccessToken> getToken(TokenRequestContext request);
/**
* Synchronously get a token for a given resource/audience.
* @param request The details of the token request
* @return The access token
*/
default AccessToken getTokenSync(TokenRequestContext request) {
return getToken(request).block();
}
}AccessToken
Immutable access token with token string, expiration time, and refresh time for secure token management.
/**
* Represents an immutable access token with a token string and an expiration time.
*/
class AccessToken {
/**
* Creates an access token.
* @param token The token string
* @param expiresAt The token expiration date in UTC
*/
public AccessToken(String token, OffsetDateTime expiresAt);
/**
* Creates an access token.
* @param token The token string
* @param expiresAt The token expiration date in UTC
* @param refreshAt The token refresh date in UTC
*/
public AccessToken(String token, OffsetDateTime expiresAt, OffsetDateTime refreshAt);
/**
* Creates an access token.
* @param token The token string
* @param expiresAt The token expiration date in UTC
* @param refreshAt The token refresh date in UTC
* @param tokenType The token type ("Bearer" or "Pop")
*/
public AccessToken(String token, OffsetDateTime expiresAt, OffsetDateTime refreshAt, String tokenType);
/**
* Gets the token.
* @return The token string
*/
public String getToken();
/**
* Gets the time when the token expires, in UTC.
* @return The token expiration time
*/
public OffsetDateTime getExpiresAt();
/**
* Gets the time when the token should be refreshed, in UTC.
* @return The token refresh time
*/
public OffsetDateTime getRefreshAt();
/**
* Whether the token has expired.
* @return true if the token has expired, false otherwise
*/
public boolean isExpired();
/**
* Gets the token type.
* @return The token type, typically "Bearer" or "Pop"
*/
public String getTokenType();
/**
* Gets the duration until the token expires.
* @return Duration until expiration
*/
public Duration getDurationUntilExpiration();
}TokenRequestContext
Context for token requests containing scopes, tenant ID, claims, and additional authentication parameters.
/**
* Contains details of a request to get a token.
*/
class TokenRequestContext {
/**
* Creates a token request context.
*/
public TokenRequestContext();
/**
* Gets the scopes required by the token.
* @return The scopes required by the token
*/
public List<String> getScopes();
/**
* Sets the scopes required by the token.
* @param scopes The scopes required by the token
* @return The updated TokenRequestContext
*/
public TokenRequestContext setScopes(List<String> scopes);
/**
* Adds scopes to the request.
* @param scopes The scopes to add
* @return The updated TokenRequestContext
*/
public TokenRequestContext addScopes(String... scopes);
/**
* Gets the additional claims to be included in the token.
* @return The additional claims
*/
public String getClaims();
/**
* Sets the additional claims to be included in the token.
* @param claims The additional claims
* @return The updated TokenRequestContext
*/
public TokenRequestContext setClaims(String claims);
/**
* Gets the tenant ID to be used for the authentication request.
* @return The tenant ID
*/
public String getTenantId();
/**
* Sets the tenant ID to be used for the authentication request.
* @param tenantId The tenant ID
* @return The updated TokenRequestContext
*/
public TokenRequestContext setTenantId(String tenantId);
/**
* Indicates whether to enable Continuous Access Evaluation (CAE).
* @return Whether CAE is enabled
*/
public boolean isCaeEnabled();
/**
* Sets whether to enable Continuous Access Evaluation (CAE).
* @param enableCae Whether to enable CAE
* @return The updated TokenRequestContext
*/
public TokenRequestContext setCaeEnabled(boolean enableCae);
/**
* Gets the Proof of Possession options.
* @return The Proof of Possession options
*/
public ProofOfPossessionOptions getProofOfPossessionOptions();
/**
* Sets the Proof of Possession options.
* @param proofOfPossessionOptions The Proof of Possession options
* @return The updated TokenRequestContext
*/
public TokenRequestContext setProofOfPossessionOptions(ProofOfPossessionOptions proofOfPossessionOptions);
}KeyCredential
Base credential class for key-based authentication with secure key rotation support.
/**
* Represents a credential that uses a key to authenticate to an Azure Service.
*/
class KeyCredential {
/**
* Creates a credential that authorizes request with the given key.
* @param key The key used to authorize requests
*/
public KeyCredential(String key);
/**
* Retrieves the key associated to this credential.
* @return The key being used for authorization
*/
public String getKey();
/**
* Rotates the key associated to this credential.
* @param key The new key to associated with this credential
* @return The updated KeyCredential object
*/
public KeyCredential update(String key);
}AzureKeyCredential
Azure-specific key credential with enhanced security features and integration with Azure services.
/**
* Represents a credential that uses an Azure key to authenticate to an Azure Service.
*/
class AzureKeyCredential extends KeyCredential {
/**
* Creates a credential that authorizes request with the given key.
* @param key The key used to authorize requests
*/
public AzureKeyCredential(String key);
/**
* Rotates the key associated to this credential.
* @param key The new key to associated with this credential
* @return The updated AzureKeyCredential object
*/
public AzureKeyCredential update(String key);
}AzureNamedKeyCredential
Credential combining key name and key value for services requiring named key authentication.
/**
* Represents a credential that uses both a key name and key value to authenticate to an Azure Service.
*/
class AzureNamedKeyCredential {
/**
* Creates a credential with specified key name and key value.
* @param name The key name
* @param key The key value
*/
public AzureNamedKeyCredential(String name, String key);
/**
* Gets the key name.
* @return The key name
*/
public String getName();
/**
* Gets the key value.
* @return The key value
*/
public String getKey();
/**
* Rotates the key associated with this credential.
* @param key The new key value
* @return The updated AzureNamedKeyCredential object
*/
public AzureNamedKeyCredential update(String key);
/**
* Rotates both the key name and key value.
* @param name The new key name
* @param key The new key value
* @return The updated AzureNamedKeyCredential object
*/
public AzureNamedKeyCredential update(String name, String key);
}AzureNamedKey
Immutable key pair containing key name and key value for Azure named key authentication.
/**
* Represents a credential bag containing the key and the name of the key.
*/
@Immutable
class AzureNamedKey {
/**
* Retrieves the key.
* @return The key
*/
public String getKey();
/**
* Retrieves the name associated with the key.
* @return The name of the key
*/
public String getName();
}AzureSasCredential
Credential for Shared Access Signature (SAS) authentication with automatic signature parsing and validation.
/**
* Represents a credential that uses a Shared Access Signature to authenticate to an Azure Service.
*/
class AzureSasCredential {
/**
* Creates a credential that authorizes request with the given shared access signature.
* @param signature The shared access signature used to authorize requests
*/
public AzureSasCredential(String signature);
/**
* Retrieves the shared access signature associated to this credential.
* @return The shared access signature being used for authorization
*/
public String getSignature();
/**
* Rotates the shared access signature associated to this credential.
* @param signature The new shared access signature to associate with this credential
* @return The updated AzureSasCredential object
*/
public AzureSasCredential update(String signature);
}BasicAuthenticationCredential
HTTP Basic authentication credential for username and password authentication.
/**
* Represents Basic authentication credential.
*/
class BasicAuthenticationCredential {
/**
* Creates a basic authentication credential.
* @param username The username for authentication
* @param password The password for authentication
*/
public BasicAuthenticationCredential(String username, String password);
/**
* Gets the username.
* @return The username
*/
public String getUsername();
/**
* Gets the password.
* @return The password
*/
public String getPassword();
/**
* Creates the authorization header value for basic authentication.
* @return The authorization header value
*/
public String getAuthorizationHeaderValue();
}ProofOfPossessionOptions
Configuration options for Proof of Possession (PoP) token authentication.
/**
* Options for Proof of Possession authentication.
*/
class ProofOfPossessionOptions {
/**
* Creates Proof of Possession options.
*/
public ProofOfPossessionOptions();
/**
* Gets the HTTP method.
* @return HTTP method
*/
public String getHttpMethod();
/**
* Sets the HTTP method.
* @param httpMethod The HTTP method
* @return Updated ProofOfPossessionOptions
*/
public ProofOfPossessionOptions setHttpMethod(String httpMethod);
/**
* Gets the request URL.
* @return Request URL
*/
public String getUrl();
/**
* Sets the request URL.
* @param url The request URL
* @return Updated ProofOfPossessionOptions
*/
public ProofOfPossessionOptions setUrl(String url);
/**
* Gets additional claims.
* @return Map of additional claims
*/
public Map<String, Object> getAdditionalClaims();
/**
* Sets additional claims.
* @param additionalClaims Map of additional claims
* @return Updated ProofOfPossessionOptions
*/
public ProofOfPossessionOptions setAdditionalClaims(Map<String, Object> additionalClaims);
}SimpleTokenCache
Basic token cache implementation for storing and retrieving access tokens.
/**
* A simple, thread-safe token cache implementation.
*/
class SimpleTokenCache {
/**
* Creates a new SimpleTokenCache.
*/
public SimpleTokenCache();
/**
* Gets a cached token.
* @param key Cache key
* @return Cached AccessToken or null if not found
*/
public AccessToken getToken(String key);
/**
* Caches a token.
* @param key Cache key
* @param token Token to cache
*/
public void putToken(String key, AccessToken token);
/**
* Removes a token from cache.
* @param key Cache key
*/
public void removeToken(String key);
/**
* Clears all cached tokens.
*/
public void clear();
/**
* Gets the number of cached tokens.
* @return Number of cached tokens
*/
public int size();
}HttpAuthorization
HTTP Authorization header representation for various authentication schemes.
/**
* Represents the value of an Authorization header.
*/
class HttpAuthorization {
/**
* Creates an HttpAuthorization instance.
* @param scheme The authorization scheme (e.g., "Bearer", "Basic")
* @param parameter The authorization parameter (e.g., token, credentials)
*/
public HttpAuthorization(String scheme, String parameter);
/**
* Gets the authorization scheme.
* @return The authorization scheme
*/
public String getScheme();
/**
* Gets the authorization parameter.
* @return The authorization parameter
*/
public String getParameter();
/**
* Gets the full authorization header value.
* @return Authorization header value in format "scheme parameter"
*/
@Override
public String toString();
/**
* Creates a Bearer token authorization.
* @param token The bearer token
* @return HttpAuthorization for bearer token
*/
public static HttpAuthorization bearerToken(String token);
/**
* Creates a Basic authentication authorization.
* @param credentials The base64-encoded credentials
* @return HttpAuthorization for basic auth
*/
public static HttpAuthorization basicAuth(String credentials);
}Client Traits
Builder traits for consistent credential configuration across Azure SDK clients.
/**
* Trait for Azure SDK client builders that support TokenCredential.
*/
interface TokenCredentialTrait<T> {
/**
* Sets the TokenCredential used to authorize requests sent by the service client.
* @param credential TokenCredential used to authorize requests
* @return The updated builder object
*/
T credential(TokenCredential credential);
}
/**
* Trait for Azure SDK client builders that support AzureKeyCredential.
*/
interface AzureKeyCredentialTrait<T> {
/**
* Sets the AzureKeyCredential used to authorize requests sent by the service client.
* @param credential AzureKeyCredential used to authorize requests
* @return The updated builder object
*/
T credential(AzureKeyCredential credential);
}
/**
* Trait for Azure SDK client builders that support AzureNamedKeyCredential.
*/
interface AzureNamedKeyCredentialTrait<T> {
/**
* Sets the AzureNamedKeyCredential used to authorize requests sent by the service client.
* @param credential AzureNamedKeyCredential used to authorize requests
* @return The updated builder object
*/
T credential(AzureNamedKeyCredential credential);
}
/**
* Trait for Azure SDK client builders that support AzureSasCredential.
*/
interface AzureSasCredentialTrait<T> {
/**
* Sets the AzureSasCredential used to authorize requests sent by the service client.
* @param credential AzureSasCredential used to authorize requests
* @return The updated builder object
*/
T credential(AzureSasCredential credential);
}
/**
* Trait for Azure SDK client builders that support KeyCredential.
*/
interface KeyCredentialTrait<T> {
/**
* Sets the KeyCredential used to authorize requests sent by the service client.
* @param credential KeyCredential used to authorize requests
* @return The updated builder object
*/
T credential(KeyCredential credential);
}
/**
* Trait for Azure SDK client builders that support connection strings.
*/
interface ConnectionStringTrait<T> {
/**
* Sets the connection string for the service.
* @param connectionString Connection string for the service
* @return The updated builder object
*/
T connectionString(String connectionString);
}Usage Examples
Using TokenCredential
import com.azure.core.credential.*;
import com.azure.identity.DefaultAzureCredentialBuilder;
// Create a TokenCredential (typically from azure-identity library)
TokenCredential credential = new DefaultAzureCredentialBuilder().build();
// Create token request context
TokenRequestContext request = new TokenRequestContext()
.addScopes("https://vault.azure.net/.default")
.setTenantId("tenant-id");
// Get access token asynchronously
Mono<AccessToken> tokenMono = credential.getToken(request);
AccessToken token = tokenMono.block();
// Check token properties
System.out.println("Token: " + token.getToken());
System.out.println("Expires at: " + token.getExpiresAt());
System.out.println("Is expired: " + token.isExpired());Using Key Credentials
import com.azure.core.credential.*;
// Azure Key Credential
AzureKeyCredential keyCredential = new AzureKeyCredential("your-api-key");
System.out.println("Key: " + keyCredential.getKey());
// Rotate the key
keyCredential.update("new-api-key");
// Azure Named Key Credential
AzureNamedKeyCredential namedKeyCredential = new AzureNamedKeyCredential("keyName", "keyValue");
System.out.println("Name: " + namedKeyCredential.getName());
System.out.println("Key: " + namedKeyCredential.getKey());
// Azure SAS Credential
String sasToken = "sp=r&st=2023-01-01T00:00:00Z&se=2023-12-31T23:59:59Z&sv=2022-11-02&sr=c&sig=...";
AzureSasCredential sasCredential = new AzureSasCredential(sasToken);
System.out.println("SAS: " + sasCredential.getSignature());Using Basic Authentication
import com.azure.core.credential.BasicAuthenticationCredential;
BasicAuthenticationCredential basicAuth =
new BasicAuthenticationCredential("username", "password");
String authHeader = basicAuth.getAuthorizationHeaderValue();
System.out.println("Authorization: " + authHeader); // "Basic dXNlcm5hbWU6cGFzc3dvcmQ="Token Caching
import com.azure.core.credential.*;
import java.time.OffsetDateTime;
SimpleTokenCache cache = new SimpleTokenCache();
// Cache a token
AccessToken token = new AccessToken("token123", OffsetDateTime.now().plusHours(1));
cache.putToken("vault-token", token);
// Retrieve cached token
AccessToken cachedToken = cache.getToken("vault-token");
if (cachedToken != null && !cachedToken.isExpired()) {
System.out.println("Using cached token: " + cachedToken.getToken());
} else {
System.out.println("Token expired or not found, need to refresh");
}Proof of Possession Authentication
import com.azure.core.credential.*;
ProofOfPossessionOptions popOptions = new ProofOfPossessionOptions()
.setHttpMethod("POST")
.setUrl("https://api.example.com/secure-endpoint")
.setAdditionalClaims(Map.of("aud", "https://api.example.com"));
TokenRequestContext request = new TokenRequestContext()
.addScopes("https://api.example.com/.default")
.setProofOfPossessionOptions(popOptions);
// Use with TokenCredential that supports PoP
AccessToken popToken = credential.getToken(request).block();Install with Tessl CLI
npx tessl i tessl/maven-com-azure--azure-core