tessl/maven-com-azure--azure-identity
The Azure Identity library provides Microsoft Entra ID token authentication support across the Azure SDK with a comprehensive set of TokenCredential implementations.
—
Pending
developer-tool-credentials.mddocs/
Developer Tool Credentials
Developer tool credentials enable authentication using cached credentials from various Azure development tools. These credentials are ideal for local development environments where developers have already authenticated through familiar tools.
Azure CLI Credential
Authenticate using cached credentials from Azure CLI (az login).
import com.azure.identity.AzureCliCredential;
import com.azure.identity.AzureCliCredentialBuilder;
// Use default Azure CLI credential
TokenCredential credential = new AzureCliCredentialBuilder().build();
// Use with Azure SDK client
ResourceManagementClient client = ResourceManagementClient.builder()
.credential(credential)
.subscriptionId("subscription-id")
.buildClient();Azure PowerShell Credential
Authenticate using cached credentials from Azure PowerShell (Connect-AzAccount).
import com.azure.identity.AzurePowerShellCredential;
import com.azure.identity.AzurePowerShellCredentialBuilder;
// Use Azure PowerShell credential
TokenCredential credential = new AzurePowerShellCredentialBuilder().build();
// Configure with custom options
TokenCredential customCredential = new AzurePowerShellCredentialBuilder()
.maxRetry(3)
.httpClient(httpClient)
.build();Azure Developer CLI Credential
Authenticate using cached credentials from Azure Developer CLI (azd auth login).
import com.azure.identity.AzureDeveloperCliCredential;
import com.azure.identity.AzureDeveloperCliCredentialBuilder;
// Use Azure Developer CLI credential
TokenCredential credential = new AzureDeveloperCliCredentialBuilder().build();
// Configure with tenant ID
TokenCredential tenantCredential = new AzureDeveloperCliCredentialBuilder()
.tenantId("tenant-id")
.build();IntelliJ Credential
Authenticate using cached credentials from Azure Toolkit for IntelliJ.
import com.azure.identity.IntelliJCredential;
import com.azure.identity.IntelliJCredentialBuilder;
// Use IntelliJ credential
TokenCredential credential = new IntelliJCredentialBuilder().build();
// Configure for specific tenant
TokenCredential tenantCredential = new IntelliJCredentialBuilder()
.tenantId("tenant-id")
.build();Visual Studio Code Credential
Authenticate using cached credentials from Azure Account extension for VS Code.
import com.azure.identity.VisualStudioCodeCredential;
import com.azure.identity.VisualStudioCodeCredentialBuilder;
// Use Visual Studio Code credential
TokenCredential credential = new VisualStudioCodeCredentialBuilder().build();
// Configure with tenant ID
TokenCredential tenantCredential = new VisualStudioCodeCredentialBuilder()
.tenantId("tenant-id")
.build();Shared Token Cache Credential
Authenticate using shared token cache from various Microsoft authentication tools.
import com.azure.identity.SharedTokenCacheCredential;
import com.azure.identity.SharedTokenCacheCredentialBuilder;
// Use shared token cache
TokenCredential credential = new SharedTokenCacheCredentialBuilder().build();
// Configure with specific account
TokenCredential accountCredential = new SharedTokenCacheCredentialBuilder()
.tenantId("tenant-id")
.clientId("client-id")
.username("user@domain.com")
.build();Multiple Tool Strategy
Use multiple developer tools in a chain for maximum compatibility.
import com.azure.identity.ChainedTokenCredential;
import com.azure.identity.ChainedTokenCredentialBuilder;
// Chain multiple developer credentials
TokenCredential developerCredential = new ChainedTokenCredentialBuilder()
.addLast(new AzureCliCredentialBuilder().build())
.addLast(new AzurePowerShellCredentialBuilder().build())
.addLast(new AzureDeveloperCliCredentialBuilder().build())
.addLast(new IntelliJCredentialBuilder().build())
.addLast(new VisualStudioCodeCredentialBuilder().build())
.build();Configuration Options
// Configure with common options
TokenCredential credential = new AzureCliCredentialBuilder()
.tenantId("tenant-id") // Specify tenant for multi-tenant scenarios
.additionallyAllowedTenants("*") // Allow any tenant
.maxRetry(3) // Maximum retry attempts
.httpClient(httpClient) // Custom HTTP client
.build();Error Handling
try {
TokenCredential credential = new AzureCliCredentialBuilder().build();
AccessToken token = credential.getTokenSync(
new TokenRequestContext().addScopes("https://management.azure.com/.default")
);
System.out.println("Successfully authenticated with Azure CLI");
} catch (CredentialUnavailableException e) {
System.err.println("Azure CLI not available: " + e.getMessage());
// Common causes:
// - Azure CLI not installed
// - User not logged in (need to run 'az login')
// - CLI session expired
} catch (ClientAuthenticationException e) {
System.err.println("Authentication failed: " + e.getMessage());
// Authentication errors with the cached credentials
}Environment Requirements
Azure CLI
- Installation: Azure CLI must be installed and available in PATH
- Authentication: User must be logged in (
az login) - Version: Supports Azure CLI 2.0 and later
Azure PowerShell
- Installation: Azure PowerShell module must be installed
- Authentication: User must be connected (
Connect-AzAccount) - Version: Supports Azure PowerShell 1.0 and later
Azure Developer CLI
- Installation: Azure Developer CLI must be installed
- Authentication: User must be logged in (
azd auth login) - Version: Supports azd 0.4.0 and later
IntelliJ IDEA
- Plugin: Azure Toolkit for IntelliJ must be installed
- Authentication: User must be signed in through the plugin
- Cache Location: Credentials stored in user profile
Visual Studio Code
- Extension: Azure Account extension must be installed
- Authentication: User must be signed in through the extension
- Cache Location: Credentials stored in user profile
Tenant Selection
// Specify tenant for multi-tenant users
TokenCredential credential = new AzureCliCredentialBuilder()
.tenantId("specific-tenant-id")
.build();
// Allow additional tenants
TokenCredential multiTenantCredential = new AzureCliCredentialBuilder()
.tenantId("primary-tenant-id")
.additionallyAllowedTenants("tenant-1", "tenant-2")
.build();API Reference
class AzureCliCredential implements TokenCredential {
Mono<AccessToken> getToken(TokenRequestContext request);
AccessToken getTokenSync(TokenRequestContext request);
}
class AzureCliCredentialBuilder extends CredentialBuilderBase<AzureCliCredentialBuilder> {
AzureCliCredentialBuilder tenantId(String tenantId);
AzureCliCredentialBuilder additionallyAllowedTenants(String... additionallyAllowedTenants);
AzureCliCredential build();
}
class AzurePowerShellCredential implements TokenCredential {
Mono<AccessToken> getToken(TokenRequestContext request);
}
class AzurePowerShellCredentialBuilder extends CredentialBuilderBase<AzurePowerShellCredentialBuilder> {
AzurePowerShellCredentialBuilder tenantId(String tenantId);
AzurePowerShellCredential build();
}
class AzureDeveloperCliCredential implements TokenCredential {
Mono<AccessToken> getToken(TokenRequestContext request);
AccessToken getTokenSync(TokenRequestContext request);
}
class AzureDeveloperCliCredentialBuilder extends CredentialBuilderBase<AzureDeveloperCliCredentialBuilder> {
AzureDeveloperCliCredentialBuilder tenantId(String tenantId);
AzureDeveloperCliCredential build();
}
class IntelliJCredential implements TokenCredential {
Mono<AccessToken> getToken(TokenRequestContext request);
}
class IntelliJCredentialBuilder extends CredentialBuilderBase<IntelliJCredentialBuilder> {
IntelliJCredentialBuilder tenantId(String tenantId);
IntelliJCredential build();
}
class VisualStudioCodeCredential implements TokenCredential {
Mono<AccessToken> getToken(TokenRequestContext request);
}
class VisualStudioCodeCredentialBuilder extends CredentialBuilderBase<VisualStudioCodeCredentialBuilder> {
VisualStudioCodeCredentialBuilder tenantId(String tenantId);
VisualStudioCodeCredential build();
}
class SharedTokenCacheCredential implements TokenCredential {
Mono<AccessToken> getToken(TokenRequestContext request);
}
class SharedTokenCacheCredentialBuilder extends AadCredentialBuilderBase<SharedTokenCacheCredentialBuilder> {
SharedTokenCacheCredentialBuilder username(String username);
SharedTokenCacheCredentialBuilder authenticationRecord(AuthenticationRecord authenticationRecord);
SharedTokenCacheCredentialBuilder tokenCachePersistenceOptions(TokenCachePersistenceOptions tokenCachePersistenceOptions);
SharedTokenCacheCredential build();
}Best Practices
- Development Only: Use developer credentials only in development environments, never in production
- Tool Availability: Check that the required tool is installed and user is authenticated
- Credential Chaining: Chain multiple developer credentials for maximum compatibility
- Tenant Specification: Specify tenant ID for multi-tenant scenarios
- Error Handling: Handle CredentialUnavailableException gracefully when tools aren't available
- Cache Refresh: Re-authenticate with tools periodically as cached credentials expire
- Security: Developer credentials inherit the permissions of the logged-in user account
Troubleshooting
Common issues and solutions:
- Tool Not Found: Ensure the development tool is installed and in the system PATH
- Not Logged In: Authenticate with the tool using its login command
- Expired Session: Re-authenticate if the cached credentials have expired
- Permission Denied: Ensure the user account has appropriate permissions for the requested resources
- Multi-Tenant Issues: Specify the correct tenant ID for multi-tenant scenarios
Install with Tessl CLI
npx tessl i tessl/maven-com-azure--azure-identitydocs
advanced-authentication-flows.mdauthorization-code-authentication.mdazure-developer-cli-authentication.mdazure-pipelines-authentication.mdclient-assertion-authentication.mdconfiguration-and-utilities.mdcredential-chaining.mddefault-azure-credential.mddeveloper-tool-credentials.mdenvironment-credential.mdindex.mdinteractive-user-authentication.mdmanaged-identity-credential.mdservice-principal-authentication.mdshared-token-cache-authentication.mdusername-password-authentication.mdvisual-studio-code-authentication.md