tessl/maven-com-azure--azure-identity
The Azure Identity library provides Microsoft Entra ID token authentication support across the Azure SDK with a comprehensive set of TokenCredential implementations.
—
Pending
authorization-code-authentication.mddocs/
Authorization Code Authentication
Authenticates using OAuth 2.0 authorization code flow, commonly used in web applications where users authorize the application to access Azure resources.
Capabilities
Authorization Code Credential
Exchanges an authorization code for access tokens using OAuth 2.0 authorization code flow.
/**
* Authorization code credential for OAuth 2.0 authorization code flow
*/
class AuthorizationCodeCredential implements TokenCredential {
Mono<AccessToken> getToken(TokenRequestContext request);
// Note: Does not support synchronous getTokenSync method
}
class AuthorizationCodeCredentialBuilder extends AadCredentialBuilderBase<AuthorizationCodeCredentialBuilder> {
AuthorizationCodeCredentialBuilder authorizationCode(String authCode);
AuthorizationCodeCredentialBuilder redirectUrl(String redirectUrl);
AuthorizationCodeCredentialBuilder clientSecret(String clientSecret);
AuthorizationCodeCredential build();
}Usage Examples:
import com.azure.identity.AuthorizationCodeCredential;
import com.azure.identity.AuthorizationCodeCredentialBuilder;
// For confidential client applications (with client secret)
TokenCredential credential = new AuthorizationCodeCredentialBuilder()
.clientId("your-client-id")
.tenantId("your-tenant-id")
.authorizationCode("authorization-code-from-redirect")
.redirectUrl("https://yourapp.com/auth/callback")
.clientSecret("your-client-secret")
.build();
// For public client applications (without client secret)
TokenCredential publicCredential = new AuthorizationCodeCredentialBuilder()
.clientId("your-public-client-id")
.tenantId("your-tenant-id")
.authorizationCode("authorization-code-from-redirect")
.redirectUrl("https://yourapp.com/auth/callback")
.build();
// Use with Azure SDK clients
GraphServiceClient graphClient = GraphServiceClient.builder()
.authenticationProvider(new TokenCredentialAuthProvider(credential))
.buildClient();Authorization Flow Steps:
-
Authorization Request: Direct user to authorization endpoint
https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize ?client_id={client-id} &response_type=code &redirect_uri={redirect-uri} &scope={scopes} &state={state} -
Authorization Code Receipt: Handle redirect with authorization code
String authCode = request.getParameter("code"); -
Token Exchange: Use authorization code to create credential
TokenCredential credential = new AuthorizationCodeCredentialBuilder() .authorizationCode(authCode) // ... other configuration .build();
Configuration Options
// With additional tenant support
TokenCredential credential = new AuthorizationCodeCredentialBuilder()
.clientId("your-client-id")
.tenantId("your-tenant-id")
.authorizationCode("auth-code")
.redirectUrl("https://yourapp.com/callback")
.clientSecret("client-secret")
.additionallyAllowedTenants("tenant1", "tenant2")
.build();Security Considerations
- Authorization codes are single-use: Each code can only be exchanged once
- Short-lived: Authorization codes typically expire within 10 minutes
- PKCE recommended: Use Proof Key for Code Exchange for public clients
- State parameter: Always validate state parameter to prevent CSRF attacks
Exception Handling
Throws CredentialUnavailableException when:
- Authorization code is invalid or expired
- Redirect URL doesn't match registered URL
- Client authentication fails
- Required parameters are missing
Install with Tessl CLI
npx tessl i tessl/maven-com-azure--azure-identitydocs
advanced-authentication-flows.mdauthorization-code-authentication.mdazure-developer-cli-authentication.mdazure-pipelines-authentication.mdclient-assertion-authentication.mdconfiguration-and-utilities.mdcredential-chaining.mddefault-azure-credential.mddeveloper-tool-credentials.mdenvironment-credential.mdindex.mdinteractive-user-authentication.mdmanaged-identity-credential.mdservice-principal-authentication.mdshared-token-cache-authentication.mdusername-password-authentication.mdvisual-studio-code-authentication.md