or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

advanced-authentication-flows.mdauthorization-code-authentication.mdazure-developer-cli-authentication.mdazure-pipelines-authentication.mdclient-assertion-authentication.mdconfiguration-and-utilities.mdcredential-chaining.mddefault-azure-credential.mddeveloper-tool-credentials.mdenvironment-credential.mdindex.mdinteractive-user-authentication.mdmanaged-identity-credential.mdservice-principal-authentication.mdshared-token-cache-authentication.mdusername-password-authentication.mdvisual-studio-code-authentication.md

developer-tool-credentials.mddocs/

0
# Developer Tool Credentials
1


2
Developer tool credentials enable authentication using cached credentials from various Azure development tools. These credentials are ideal for local development environments where developers have already authenticated through familiar tools.
3


4
## Azure CLI Credential
5


6
Authenticate using cached credentials from Azure CLI (`az login`).
7


8
```java
9
import com.azure.identity.AzureCliCredential;
10
import com.azure.identity.AzureCliCredentialBuilder;
11


12
// Use default Azure CLI credential
13
TokenCredential credential = new AzureCliCredentialBuilder().build();
14


15
// Use with Azure SDK client
16
ResourceManagementClient client = ResourceManagementClient.builder()
17
    .credential(credential)
18
    .subscriptionId("subscription-id")
19
    .buildClient();
20
```
21


22
## Azure PowerShell Credential
23


24
Authenticate using cached credentials from Azure PowerShell (`Connect-AzAccount`).
25


26
```java
27
import com.azure.identity.AzurePowerShellCredential;
28
import com.azure.identity.AzurePowerShellCredentialBuilder;
29


30
// Use Azure PowerShell credential
31
TokenCredential credential = new AzurePowerShellCredentialBuilder().build();
32


33
// Configure with custom options
34
TokenCredential customCredential = new AzurePowerShellCredentialBuilder()
35
    .maxRetry(3)
36
    .httpClient(httpClient)
37
    .build();
38
```
39


40
## Azure Developer CLI Credential
41


42
Authenticate using cached credentials from Azure Developer CLI (`azd auth login`).
43


44
```java
45
import com.azure.identity.AzureDeveloperCliCredential;
46
import com.azure.identity.AzureDeveloperCliCredentialBuilder;
47


48
// Use Azure Developer CLI credential
49
TokenCredential credential = new AzureDeveloperCliCredentialBuilder().build();
50


51
// Configure with tenant ID
52
TokenCredential tenantCredential = new AzureDeveloperCliCredentialBuilder()
53
    .tenantId("tenant-id")
54
    .build();
55
```
56


57
## IntelliJ Credential
58


59
Authenticate using cached credentials from Azure Toolkit for IntelliJ.
60


61
```java
62
import com.azure.identity.IntelliJCredential;
63
import com.azure.identity.IntelliJCredentialBuilder;
64


65
// Use IntelliJ credential
66
TokenCredential credential = new IntelliJCredentialBuilder().build();
67


68
// Configure for specific tenant
69
TokenCredential tenantCredential = new IntelliJCredentialBuilder()
70
    .tenantId("tenant-id")
71
    .build();
72
```
73


74
## Visual Studio Code Credential
75


76
Authenticate using cached credentials from Azure Account extension for VS Code.
77


78
```java
79
import com.azure.identity.VisualStudioCodeCredential;
80
import com.azure.identity.VisualStudioCodeCredentialBuilder;
81


82
// Use Visual Studio Code credential
83
TokenCredential credential = new VisualStudioCodeCredentialBuilder().build();
84


85
// Configure with tenant ID
86
TokenCredential tenantCredential = new VisualStudioCodeCredentialBuilder()
87
    .tenantId("tenant-id")
88
    .build();
89
```
90


91
## Shared Token Cache Credential
92


93
Authenticate using shared token cache from various Microsoft authentication tools.
94


95
```java
96
import com.azure.identity.SharedTokenCacheCredential;
97
import com.azure.identity.SharedTokenCacheCredentialBuilder;
98


99
// Use shared token cache
100
TokenCredential credential = new SharedTokenCacheCredentialBuilder().build();
101


102
// Configure with specific account
103
TokenCredential accountCredential = new SharedTokenCacheCredentialBuilder()
104
    .tenantId("tenant-id")
105
    .clientId("client-id")
106
    .username("user@domain.com")
107
    .build();
108
```
109


110
## Multiple Tool Strategy
111


112
Use multiple developer tools in a chain for maximum compatibility.
113


114
```java
115
import com.azure.identity.ChainedTokenCredential;
116
import com.azure.identity.ChainedTokenCredentialBuilder;
117


118
// Chain multiple developer credentials
119
TokenCredential developerCredential = new ChainedTokenCredentialBuilder()
120
    .addLast(new AzureCliCredentialBuilder().build())
121
    .addLast(new AzurePowerShellCredentialBuilder().build())
122
    .addLast(new AzureDeveloperCliCredentialBuilder().build())
123
    .addLast(new IntelliJCredentialBuilder().build())
124
    .addLast(new VisualStudioCodeCredentialBuilder().build())
125
    .build();
126
```
127


128
## Configuration Options
129


130
```java
131
// Configure with common options
132
TokenCredential credential = new AzureCliCredentialBuilder()
133
    .tenantId("tenant-id")  // Specify tenant for multi-tenant scenarios
134
    .additionallyAllowedTenants("*")  // Allow any tenant
135
    .maxRetry(3)  // Maximum retry attempts
136
    .httpClient(httpClient)  // Custom HTTP client
137
    .build();
138
```
139


140
## Error Handling
141


142
```java
143
try {
144
    TokenCredential credential = new AzureCliCredentialBuilder().build();
145
    
146
    AccessToken token = credential.getTokenSync(
147
        new TokenRequestContext().addScopes("https://management.azure.com/.default")
148
    );
149
    
150
    System.out.println("Successfully authenticated with Azure CLI");
151
    
152
} catch (CredentialUnavailableException e) {
153
    System.err.println("Azure CLI not available: " + e.getMessage());
154
    // Common causes:
155
    // - Azure CLI not installed
156
    // - User not logged in (need to run 'az login')
157
    // - CLI session expired
158
} catch (ClientAuthenticationException e) {
159
    System.err.println("Authentication failed: " + e.getMessage());
160
    // Authentication errors with the cached credentials
161
}
162
```
163


164
## Environment Requirements
165


166
### Azure CLI
167
- **Installation**: Azure CLI must be installed and available in PATH
168
- **Authentication**: User must be logged in (`az login`)
169
- **Version**: Supports Azure CLI 2.0 and later
170


171
### Azure PowerShell
172
- **Installation**: Azure PowerShell module must be installed
173
- **Authentication**: User must be connected (`Connect-AzAccount`)
174
- **Version**: Supports Azure PowerShell 1.0 and later
175


176
### Azure Developer CLI
177
- **Installation**: Azure Developer CLI must be installed
178
- **Authentication**: User must be logged in (`azd auth login`)
179
- **Version**: Supports azd 0.4.0 and later
180


181
### IntelliJ IDEA
182
- **Plugin**: Azure Toolkit for IntelliJ must be installed
183
- **Authentication**: User must be signed in through the plugin
184
- **Cache Location**: Credentials stored in user profile
185


186
### Visual Studio Code
187
- **Extension**: Azure Account extension must be installed
188
- **Authentication**: User must be signed in through the extension
189
- **Cache Location**: Credentials stored in user profile
190


191
## Tenant Selection
192


193
```java
194
// Specify tenant for multi-tenant users
195
TokenCredential credential = new AzureCliCredentialBuilder()
196
    .tenantId("specific-tenant-id")
197
    .build();
198


199
// Allow additional tenants
200
TokenCredential multiTenantCredential = new AzureCliCredentialBuilder()
201
    .tenantId("primary-tenant-id")
202
    .additionallyAllowedTenants("tenant-1", "tenant-2")
203
    .build();
204
```
205


206
## API Reference
207


208
```java { .api }
209
class AzureCliCredential implements TokenCredential {
210
    Mono<AccessToken> getToken(TokenRequestContext request);
211
    AccessToken getTokenSync(TokenRequestContext request);
212
}
213


214
class AzureCliCredentialBuilder extends CredentialBuilderBase<AzureCliCredentialBuilder> {
215
    AzureCliCredentialBuilder tenantId(String tenantId);
216
    AzureCliCredentialBuilder additionallyAllowedTenants(String... additionallyAllowedTenants);
217
    AzureCliCredential build();
218
}
219


220
class AzurePowerShellCredential implements TokenCredential {
221
    Mono<AccessToken> getToken(TokenRequestContext request);
222
}
223


224
class AzurePowerShellCredentialBuilder extends CredentialBuilderBase<AzurePowerShellCredentialBuilder> {
225
    AzurePowerShellCredentialBuilder tenantId(String tenantId);
226
    AzurePowerShellCredential build();
227
}
228


229
class AzureDeveloperCliCredential implements TokenCredential {
230
    Mono<AccessToken> getToken(TokenRequestContext request);
231
    AccessToken getTokenSync(TokenRequestContext request);
232
}
233


234
class AzureDeveloperCliCredentialBuilder extends CredentialBuilderBase<AzureDeveloperCliCredentialBuilder> {
235
    AzureDeveloperCliCredentialBuilder tenantId(String tenantId);
236
    AzureDeveloperCliCredential build();
237
}
238


239
class IntelliJCredential implements TokenCredential {
240
    Mono<AccessToken> getToken(TokenRequestContext request);
241
}
242


243
class IntelliJCredentialBuilder extends CredentialBuilderBase<IntelliJCredentialBuilder> {
244
    IntelliJCredentialBuilder tenantId(String tenantId);
245
    IntelliJCredential build();
246
}
247


248
class VisualStudioCodeCredential implements TokenCredential {
249
    Mono<AccessToken> getToken(TokenRequestContext request);
250
}
251


252
class VisualStudioCodeCredentialBuilder extends CredentialBuilderBase<VisualStudioCodeCredentialBuilder> {
253
    VisualStudioCodeCredentialBuilder tenantId(String tenantId);
254
    VisualStudioCodeCredential build();
255
}
256


257
class SharedTokenCacheCredential implements TokenCredential {
258
    Mono<AccessToken> getToken(TokenRequestContext request);
259
}
260


261
class SharedTokenCacheCredentialBuilder extends AadCredentialBuilderBase<SharedTokenCacheCredentialBuilder> {
262
    SharedTokenCacheCredentialBuilder username(String username);
263
    SharedTokenCacheCredentialBuilder authenticationRecord(AuthenticationRecord authenticationRecord);
264
    SharedTokenCacheCredentialBuilder tokenCachePersistenceOptions(TokenCachePersistenceOptions tokenCachePersistenceOptions);
265
    SharedTokenCacheCredential build();
266
}
267
```
268


269
## Best Practices
270


271
1. **Development Only**: Use developer credentials only in development environments, never in production
272
2. **Tool Availability**: Check that the required tool is installed and user is authenticated
273
3. **Credential Chaining**: Chain multiple developer credentials for maximum compatibility
274
4. **Tenant Specification**: Specify tenant ID for multi-tenant scenarios
275
5. **Error Handling**: Handle CredentialUnavailableException gracefully when tools aren't available
276
6. **Cache Refresh**: Re-authenticate with tools periodically as cached credentials expire
277
7. **Security**: Developer credentials inherit the permissions of the logged-in user account
278


279
## Troubleshooting
280


281
Common issues and solutions:
282


283
- **Tool Not Found**: Ensure the development tool is installed and in the system PATH
284
- **Not Logged In**: Authenticate with the tool using its login command
285
- **Expired Session**: Re-authenticate if the cached credentials have expired
286
- **Permission Denied**: Ensure the user account has appropriate permissions for the requested resources
287
- **Multi-Tenant Issues**: Specify the correct tenant ID for multi-tenant scenarios