-
Notifications
You must be signed in to change notification settings - Fork 850
Azure Identity Examples
- Authenticating with
DefaultAzureCredential
- Authenticating a user assigned managed identity with
DefaultAzureCredential
- Authenticating a service principal with a client secret
- Authenticating a service principal with a client certificate
- Authenticating a service principal with a client certificate that has a password
- Authenticating a user account with device code flow
- Authenticating a user account with username and password
- Authenticating a user account interactively in the browser
- Authenticating a user account with auth code flow
- Authenticating a user account with Azure CLI
- Authenticating in Azure with managed identity
- Chaining credentials
- Authenticating with Azure Stack using Azure Identity
This example demonstrates authenticating the ResourcesClient
from the armresources library using the DefaultAzureCredential
.
// The default credential checks environment variables for configuration.
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
// handle error
}
// Azure SDK Azure Resource Management clients accept the credential as a parameter
client := armresources.NewResourcesClient(armcore.NewDefaultConnection(cred, nil), "<subscription ID>")
See more how to configure the DefaultAzureCredential
on your workstation or Azure in Configure DefaultAzureCredential.
This example demonstrates authenticating the ResourcesClient
from the armresources library using the DefaultAzureCredential
, deployed to an Azure resource with a user assigned managed identity configured.
See more about how to configure a user assigned managed identity for an Azure resource in Enable managed identity for Azure resources.
// The default credential will use the user assigned managed identity with the specified client ID.
// The client_ID for the user assigned is set through an environment variable called AZURE_CLIENT_ID.
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
// handle error
}
// Azure SDK Azure Resource Management clients accept the credential as a parameter
client := armresources.NewResourcesClient(armcore.NewDefaultConnection(cred, nil), "<subscription ID>")
This example demonstrates authenticating the ResourcesClient
from the armresources management library using the ClientSecretCredential
.
See more about how to create a service principal and get these values in Creating a Service Principal with the Azure CLI.
// Authenticate with client secret.
cred, err := azidentity.NewClientSecretCredential("<YOUR TENANT ID>", "<YOUR CLIENT ID>", "<YOUR CLIENT SECRET>", nil)
if err != nil {
// handle error
}
// Azure SDK clients accept the credential as a parameter
client := armresources.NewResourcesClient(armcore.NewDefaultConnection(cred, nil), "<subscription ID>")
This example demonstrates authenticating the ResourcesClient
from the armresources management library using the ClientCertificateCredential
.
See more about how to create a service principal and get these values in Creating a Service Principal with the Azure CLI.
// Authenticate with a client certificate.
cred, err := azidentity.NewClientCertificateCredential("<YOUR TENANT ID>", "<YOUR CLIENT ID>", "<PATH TO YOUR CERTIFICATE>", nil)
if err != nil {
// handle error
}
// Azure SDK clients accept the credential as a parameter
client := armresources.NewResourcesClient(armcore.NewDefaultConnection(cred, nil), "<subscription ID>")
This example demonstrates authenticating the ResourcesClient
from the armresources management library using the ClientCertificateCredential
.
See more about how to create a service principal and get these values in Creating a Service Principal with the Azure CLI.
// Authenticate with a client certificate.
cred, err := azidentity.NewClientCertificateCredential(
"<YOUR TENANT ID>",
"<YOUR CLIENT ID>",
"<PATH TO YOUR CERTIFICATE>",
&azidentity.ClientCertificateCredentialOptions{
Password: "<YOUR CERTIFICATE PASSWORD>",
})
if err != nil {
// handle error
}
// Azure SDK clients accept the credential as a parameter
client := armresources.NewResourcesClient(armcore.NewDefaultConnection(cred, nil), "<subscription ID>")
This example demonstrates authenticating the ResourcesClient
from the armresources management library using the DeviceCodeCredential
on an IoT device.
See more about how to configure an AAD application for device code flow in Enable applications for device code flow
// Authenticate with a device code flow.
// Set the options to nil for the device code message to be printed to stdout.
cred, err := azidentity.NewDeviceCodeCredential(nil)
if err != nil {
// handle error
}
// Azure SDK clients accept the credential as a parameter
client := armresources.NewResourcesClient(armcore.NewDefaultConnection(cred, nil), "<subscription ID>")
This example demonstrates authenticating the ResourcesClient
from the armresources management library using the UsernamePasswordCredential
. The user must not have Multi-factor auth turned on.
// Authenticate with username and password.
cred, err := azidentity.NewUsernamePasswordCredential("<YOUR TENANT ID>", "<YOUR CLIENT ID>", "<YOUR USERNAME>", "<YOUR PASSWORD>", nil)
if err != nil {
// handle error
}
// Azure SDK clients accept the credential as a parameter
client := armresources.NewResourcesClient(armcore.NewDefaultConnection(cred, nil), "<subscription ID>")
This example demonstrates authenticating the ResourcesClient
from the armresources management library using the InteractiveBrowserCredential
.
See more about how to configure an AAD application for interactive browser authentication and listen on a port locally in Enable applications for interactive browser oauth 2 flow
// Authenticate with interactive browser credential.
// See the InteractiveBrowserCredentialOptions to modify configurations like custom port number, alternate redirect URL, etc.
cred, err := azidentity.NewInteractiveBrowserCredential(nil)
if err != nil {
// handle error
}
// Azure SDK clients accept the credential as a parameter
client := armresources.NewResourcesClient(armcore.NewDefaultConnection(cred, nil), "<subscription ID>")
This example demonstrates authenticating the ResourcesClient
from the armresources management library using the AuthorizationCodeCredential
on a web application.
First, prompt the user to login at the URL documented at Microsoft identity platform and OAuth 2.0 authorization code flow. You will need the client ID, tenant ID, redirect URL, and the scopes your application plans to access.
Then create an API at the redirect URL with the following code to access the ARM Resources service.
See more about how to configure an AAD application for oauth 2 auth code flow in Enable applications for oauth 2 auth code flow.
// Authenticate with an authorization code.
cred, err := azidentity.NewAuthorizationCodeCredential("<YOUR TENANT ID>", "<YOUR CLIENT ID>", "<AUTH CODE>", "<REDIRECT URL>", nil)
if err != nil {
// handle error
}
// Azure SDK clients accept the credential as a parameter
client := armresources.NewResourcesClient(armcore.NewDefaultConnection(cred, nil), "<subscription ID>")
This example demonstrates authenticating the ResourcesClient
from the armresources management library using the AzureCLICredential
on a workstation with Azure CLI installed and signed in.
See more about how to configure Azure CLI in Sign in Azure CLI for AzureCliCredential.
// Authenticate with Azure CLI.
cred, err := azidentity.NewAzureCLICredential(nil)
if err != nil {
// handle error
}
// Azure SDK clients accept the credential as a parameter
client := armresources.NewResourcesClient(armcore.NewDefaultConnection(cred, nil), "<subscription ID>")
This example demonstrates authenticating the ResourcesClient
from the armresources management library using the ManagedIdentityCredential
in a virtual machine, app service, function app, cloud shell, or AKS environment on Azure, with system assigned, or user assigned managed identity enabled.
See more about how to configure your Azure resource for managed identity in Enable managed identity for Azure resources
// Authenticate in a managed identity environment.
cred, err := azidentity.NewManagedIdentityCredential("", nil) // leave the client_ID parameter empty to use the system assigned identity
if err != nil {
// handle error
}
// Azure SDK clients accept the credential as a parameter
client := armresources.NewResourcesClient(armcore.NewDefaultConnection(cred, nil), "<subscription ID>")
The ChainedTokenCredential
type provides the ability to link together multiple credential instances to be tried sequentially when authenticating. The following example demonstrates creating a credential which will attempt to authenticate using managed identity, and fall back to certificate authentication if a managed identity is unavailable in the current environment. This example authenticates a ResourcesClient
from the armresources management library using ChainedTokenCredential
.
// Instantiate a managed identity credential.
managedIdentityCred, err := azidentity.NewManagedIdentityCredential("", nil) // leave the client_ID parameter empty to use the system assigned identity
if err != nil {
// handle error
}
// Instantiate a client certificate credential.
certificateCred, err := azidentity.NewClientCertificateCredential("<YOUR TENANT ID>", "<YOUR CLIENT ID>", "<PATH TO YOUR CERTIFICATE>", nil)
if err != nil {
// handle error
}
// Authenticate using a chain of credentials
cred, err := azidentity.NewChainedTokenCredential(managedIdentityCred, certificateCred)
if err != nil {
// handle error
}
// Azure SDK clients accept the credential as a parameter
client := armresources.NewResourcesClient(armcore.NewDefaultConnection(cred, nil), "<subscription ID>")