tessl/maven-com-azure--azure-identity
The Azure Identity library provides Microsoft Entra ID token authentication support across the Azure SDK with a comprehensive set of TokenCredential implementations.
—
Pending
client-assertion-authentication.mddocs/
Client Assertion Authentication
Authenticates using client assertions (JWT bearer tokens) for service principal authentication, providing a secure and scalable authentication method.
Capabilities
Client Assertion Credential
Acquires tokens using client assertion and service principal authentication.
/**
* Client assertion credential for service principal authentication
*/
class ClientAssertionCredential implements TokenCredential {
Mono<AccessToken> getToken(TokenRequestContext request);
AccessToken getTokenSync(TokenRequestContext request);
}
class ClientAssertionCredentialBuilder extends AadCredentialBuilderBase<ClientAssertionCredentialBuilder> {
ClientAssertionCredentialBuilder clientAssertion(Supplier<String> clientAssertionSupplier);
ClientAssertionCredentialBuilder tokenCachePersistenceOptions(TokenCachePersistenceOptions tokenCachePersistenceOptions);
ClientAssertionCredential build();
}Usage Examples:
import com.azure.identity.ClientAssertionCredential;
import com.azure.identity.ClientAssertionCredentialBuilder;
import java.util.function.Supplier;
// Create a supplier that generates JWT assertions
Supplier<String> assertionSupplier = () -> {
// Your logic to generate JWT assertion
return generateJwtAssertion();
};
// Create credential with client assertion
TokenCredential credential = new ClientAssertionCredentialBuilder()
.clientId("your-client-id")
.tenantId("your-tenant-id")
.clientAssertion(assertionSupplier)
.build();
// Use with Azure SDK clients
BlobServiceClient client = new BlobServiceClientBuilder()
.endpoint("https://mystorageaccount.blob.core.windows.net")
.credential(credential)
.buildClient();JWT Assertion Requirements:
The client assertion must be a valid JWT with:
iss(issuer): The client ID of the applicationsub(subject): The client ID of the applicationaud(audience): The Azure AD token endpointexp(expiration): Token expiration timenbf(not before): Token valid from timejti(JWT ID): Unique identifier for the token
Advanced Configuration
// With token cache persistence
TokenCredential credential = new ClientAssertionCredentialBuilder()
.clientId("your-client-id")
.tenantId("your-tenant-id")
.clientAssertion(assertionSupplier)
.tokenCachePersistenceOptions(new TokenCachePersistenceOptions()
.setName("MyAppTokenCache"))
.build();Exception Handling
Throws CredentialUnavailableException when:
- Client assertion supplier returns null or invalid JWT
- Required configuration parameters are missing
- Authentication fails due to invalid assertion
Install with Tessl CLI
npx tessl i tessl/maven-com-azure--azure-identitydocs
advanced-authentication-flows.mdauthorization-code-authentication.mdazure-developer-cli-authentication.mdazure-pipelines-authentication.mdclient-assertion-authentication.mdconfiguration-and-utilities.mdcredential-chaining.mddefault-azure-credential.mddeveloper-tool-credentials.mdenvironment-credential.mdindex.mdinteractive-user-authentication.mdmanaged-identity-credential.mdservice-principal-authentication.mdshared-token-cache-authentication.mdusername-password-authentication.mdvisual-studio-code-authentication.md