CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/maven-com-azure--azure-identity

The Azure Identity library provides Microsoft Entra ID token authentication support across the Azure SDK with a comprehensive set of TokenCredential implementations.

Pending
Overview
Eval results
Files

shared-token-cache-authentication.mddocs/

Shared Token Cache Authentication

Legacy authentication mechanism using MSAL shared token cache, formerly used for Visual Studio integration. This credential provides compatibility with legacy token caches.

Capabilities

Shared Token Cache Credential

Provides token credentials from the MSAL shared token cache.

/**
 * Shared token cache credential for legacy token cache integration
 */
class SharedTokenCacheCredential implements TokenCredential {
    Mono<AccessToken> getToken(TokenRequestContext request);
    // Note: Does not support synchronous getTokenSync method
}

class SharedTokenCacheCredentialBuilder extends AadCredentialBuilderBase<SharedTokenCacheCredentialBuilder> {
    SharedTokenCacheCredentialBuilder username(String username);
    SharedTokenCacheCredentialBuilder tokenCachePersistenceOptions(TokenCachePersistenceOptions tokenCachePersistenceOptions);
    SharedTokenCacheCredentialBuilder authenticationRecord(AuthenticationRecord authenticationRecord);
    SharedTokenCacheCredential build();
}

Usage Examples:

import com.azure.identity.SharedTokenCacheCredential;
import com.azure.identity.SharedTokenCacheCredentialBuilder;

// Basic usage with username
TokenCredential credential = new SharedTokenCacheCredentialBuilder()
    .clientId("your-client-id")
    .tenantId("your-tenant-id") 
    .username("user@example.com")
    .build();

// With authentication record for specific account
AuthenticationRecord record = // ... previously obtained record
TokenCredential recordCredential = new SharedTokenCacheCredentialBuilder()
    .clientId("your-client-id")
    .tenantId("your-tenant-id")
    .authenticationRecord(record)
    .build();

// Use with Azure SDK clients
SecretClient client = new SecretClientBuilder()
    .vaultUrl("https://myvault.vault.azure.net/")
    .credential(credential)
    .buildClient();

Legacy Integration

This credential was primarily designed for:

  • Visual Studio integration - Legacy authentication for Visual Studio
  • MSAL token cache compatibility - Reading existing MSAL token caches
  • Migration scenarios - Transitioning from older authentication methods

Token Cache Configuration

// With custom token cache settings
TokenCredential credential = new SharedTokenCacheCredentialBuilder()
    .clientId("your-client-id")
    .tenantId("your-tenant-id")
    .username("user@example.com")
    .tokenCachePersistenceOptions(new TokenCachePersistenceOptions()
        .setName("MyLegacyTokenCache")
        .setUnencryptedStorageAllowed(false))
    .build();

Account Selection

Using Username

// Specify exact username to select account
TokenCredential credential = new SharedTokenCacheCredentialBuilder()
    .username("john.doe@contoso.com")
    .clientId("client-id")
    .build();

Using Authentication Record

// Use authentication record for precise account selection
AuthenticationRecord record = AuthenticationRecord.deserialize(inputStream);
TokenCredential credential = new SharedTokenCacheCredentialBuilder()
    .authenticationRecord(record)
    .clientId("client-id")
    .build();

Migration Path

From SharedTokenCacheCredential to modern credentials:

// Legacy approach (not recommended)
TokenCredential legacyCredential = new SharedTokenCacheCredentialBuilder()
    .username("user@example.com")
    .clientId("client-id")
    .build();

// Modern recommended approach
TokenCredential modernCredential = new DefaultAzureCredentialBuilder()
    .build();

// Or for development scenarios
TokenCredential devCredential = new AzureCliCredentialBuilder()
    .build();

Limitations

  • Read-only: Cannot create new token cache entries
  • Platform dependent: Token cache format varies by platform
  • Legacy format: May not support newest authentication features
  • No sync support: Only supports asynchronous token acquisition

Troubleshooting

Common Issues:

  • "No cached token found": Ensure token cache contains valid entries for the specified user
  • Username mismatch: Verify username exactly matches cached account
  • Cache format errors: Token cache may be corrupted or from incompatible version
  • Permission errors: Check file system permissions for token cache access

Diagnostics:

// Enable detailed logging
TokenCredential credential = new SharedTokenCacheCredentialBuilder()
    .username("user@example.com")
    .clientId("client-id")
    .httpLogOptions(new HttpLogOptions().setLogLevel(HttpLogDetailLevel.BODY_AND_HEADERS))
    .build();

Alternative Recommendations

Instead of SharedTokenCacheCredential, consider:

  • DefaultAzureCredential - Comprehensive authentication chain
  • InteractiveBrowserCredential - Modern interactive authentication
  • AzureCliCredential - Development environment authentication
  • VisualStudioCodeCredential - VS Code integration (if applicable)

Exception Handling

Throws CredentialUnavailableException when:

  • Token cache is empty or doesn't contain entries for specified user
  • Username doesn't match any cached accounts
  • Token cache is corrupted or inaccessible
  • Authentication record references non-existent account

Install with Tessl CLI

npx tessl i tessl/maven-com-azure--azure-identity

docs

advanced-authentication-flows.md

authorization-code-authentication.md

azure-developer-cli-authentication.md

azure-pipelines-authentication.md

client-assertion-authentication.md

configuration-and-utilities.md

credential-chaining.md

default-azure-credential.md

developer-tool-credentials.md

environment-credential.md

index.md

interactive-user-authentication.md

managed-identity-credential.md

service-principal-authentication.md

shared-token-cache-authentication.md

username-password-authentication.md

visual-studio-code-authentication.md

tile.json