tessl/maven-com-azure--azure-identity

The Azure Identity library provides Microsoft Entra ID token authentication support across the Azure SDK with a comprehensive set of TokenCredential implementations.

—

Pending

Overview

Eval results

Files

Azure Pipelines Authentication

Name: tessl/maven-com-azure--azure-identity
Author: tessl

Authenticates using Azure Pipelines service connections for CI/CD scenarios, enabling secure authentication in Azure DevOps pipeline environments.

Capabilities

Azure Pipelines Credential

Acquires tokens using Azure Pipelines service connection for CI/CD authentication.

/**
 * Azure Pipelines credential for CI/CD environments
 */
class AzurePipelinesCredential implements TokenCredential {
    Mono<AccessToken> getToken(TokenRequestContext request);
    AccessToken getTokenSync(TokenRequestContext request);
}

class AzurePipelinesCredentialBuilder extends AadCredentialBuilderBase<AzurePipelinesCredentialBuilder> {
    AzurePipelinesCredentialBuilder serviceConnectionId(String serviceConnectionId);
    AzurePipelinesCredentialBuilder systemAccessToken(String systemAccessToken);
    AzurePipelinesCredentialBuilder tokenCachePersistenceOptions(TokenCachePersistenceOptions tokenCachePersistenceOptions);
    AzurePipelinesCredential build();
}

Usage Examples:

import com.azure.identity.AzurePipelinesCredential;
import com.azure.identity.AzurePipelinesCredentialBuilder;

// Basic usage in Azure Pipelines
TokenCredential credential = new AzurePipelinesCredentialBuilder()
    .clientId("your-client-id")
    .tenantId("your-tenant-id")
    .serviceConnectionId("your-service-connection-id")
    .systemAccessToken(System.getenv("SYSTEM_ACCESSTOKEN"))
    .build();

// Use in pipeline tasks
StorageClient client = new StorageClientBuilder()
    .endpoint("https://mystorageaccount.blob.core.windows.net")
    .credential(credential)
    .buildClient();

Azure Pipelines Setup

1. Create Service Connection

In Azure DevOps:

Go to Project Settings → Service connections
Create new Azure Resource Manager connection
Choose "Service principal (automatic)" or "Service principal (manual)"
Note the Service Connection ID from the connection details

2. Pipeline Configuration

# azure-pipelines.yml
trigger:
- main

pool:
  vmImage: 'ubuntu-latest'

variables:
  serviceConnectionId: 'your-service-connection-id'

steps:
- task: JavaToolInstaller@0
  inputs:
    versionSpec: '11'
    jdkArchitectureOption: 'x64'
    jdkSourceOption: 'PreInstalled'

- script: |
    mvn clean compile exec:java -Dexec.mainClass="com.example.MyApp"
  env:
    SYSTEM_ACCESSTOKEN: $(System.AccessToken)
    SERVICE_CONNECTION_ID: $(serviceConnectionId)
  displayName: 'Run Java application'

3. Java Application Code

public class PipelineApp {
    public static void main(String[] args) {
        // Get values from environment
        String serviceConnectionId = System.getenv("SERVICE_CONNECTION_ID");
        String systemAccessToken = System.getenv("SYSTEM_ACCESSTOKEN");
        
        // Create credential
        TokenCredential credential = new AzurePipelinesCredentialBuilder()
            .clientId("your-client-id")
            .tenantId("your-tenant-id")
            .serviceConnectionId(serviceConnectionId)
            .systemAccessToken(systemAccessToken)
            .build();
            
        // Use with Azure services
        // ... your application logic
    }
}

Environment Requirements

Required Environment Variables:

SYSTEM_OIDCREQUESTURI - Automatically set by Azure Pipelines
Custom variables for client ID, tenant ID, and service connection ID

System Access Token: The pipeline must have access to the system access token:

# Enable OAuth token access
steps:
- script: echo "Using system token"
  env:
    SYSTEM_ACCESSTOKEN: $(System.AccessToken)

Configuration Options

// With token cache persistence
TokenCredential credential = new AzurePipelinesCredentialBuilder()
    .clientId("your-client-id")
    .tenantId("your-tenant-id")
    .serviceConnectionId("service-connection-id")
    .systemAccessToken(System.getenv("SYSTEM_ACCESSTOKEN"))
    .tokenCachePersistenceOptions(new TokenCachePersistenceOptions()
        .setName("PipelineTokenCache"))
    .additionallyAllowedTenants("tenant1", "tenant2")
    .build();

Security Best Practices

Store sensitive values in Azure DevOps variables (mark as secret)
Use service connections instead of hardcoded credentials
Limit service principal permissions to minimum required
Enable pipeline restrictions on service connections
Use variable groups for shared configuration

Exception Handling

Throws CredentialUnavailableException when:

SYSTEM_OIDCREQUESTURI environment variable is not set
Service connection ID is invalid
System access token is missing or invalid
Pipeline environment is not properly configured

Troubleshooting

Common Issues:

"SYSTEM_OIDCREQUESTURI not found": Ensure running in Azure Pipelines environment
Service connection errors: Verify service connection exists and has proper permissions
Token access denied: Enable OAuth token access in pipeline YAML or classic editor
Permission errors: Check service principal permissions on target resources

Install with Tessl CLI

npx tessl i tessl/maven-com-azure--azure-identity

docs

advanced-authentication-flows.md

authorization-code-authentication.md

azure-developer-cli-authentication.md

azure-pipelines-authentication.md

client-assertion-authentication.md

configuration-and-utilities.md

credential-chaining.md

default-azure-credential.md

developer-tool-credentials.md

environment-credential.md

index.md

interactive-user-authentication.md

managed-identity-credential.md

service-principal-authentication.md

shared-token-cache-authentication.md

username-password-authentication.md

visual-studio-code-authentication.md

tile.json

tessl/maven-com-azure--azure-identity