AuthorityHost
Language | Name | Required ? | Default Value | Validations | Validation Failure Message |
---|---|---|---|---|---|
.NET | AuthorityHost |
No | "https://login.microsoftonline.com/" | Must be a valid Uri, validation done by URI constructor | N/A |
Java | authorityHost |
No | "https://login.microsoftonline.com/" | 1. Valid URI 2.Follow HTTPS protocol |
1. "Must provide a valid URI for authority host." 2."Authority host must use HTTPS scheme." |
JS/TS | authorityHost |
No | "https://login.microsoftonline.com/" | Follow HTTPS protocol |
"The authorityHost address must use the 'https' protocol." |
Python | authority |
No | "https://login.microsoftonline.com/" | Follow HTTPS protocol |
"'{}' is an invalid authority. The value must be a TLS protected (https) URL." |
Go | AuthorityHost |
No | "https://login.microsoftonline.com/" | None | N/A |
ClientId
Language | Name | Required ? | Default Value | Validations | Validation Failure Message |
---|---|---|---|---|---|
.NET | clientId or ClientId |
No | "04b07795-8ddb-461a-bbee-02f9e1bf7b46" | If specified, must be non-null | ArgumentNullException "clientId" |
Java | clientId |
Yes | N/A | 1. Must be non-null, 2.Character range validated | 1. "Must provide non-null values for clientId property in DeviceCodeCredentialBuilder." 2."Client id must have characters in the range of [A-Z], [0-9], [a-z], '-'" |
JS/TS | clientId |
Yes | N/A | None | N/A |
Python | client_id |
Yes | N/A | None | N/A |
Go | clientID |
Yes | N/A | None | N/A |
TenantId
Language | Name | Required ? | Default Value | Validations | Validation Failure Message |
---|---|---|---|---|---|
.NET | tenantId or TenantId |
No | "organizations" | None | N/A |
Java | tenantId |
No | "organizations" | 1. Must be non-null, 2.Character range validated | 1. "Must provide non-null values for tenantId property in DeviceCodeCredentialBuilder." 2."Tenant id must have characters in the range of [A-Z], [0-9], [a-z], '-', '.'" |
JS/TS | tenantId |
No | "organizations" | None | N/A |
Python | tenant_id |
No | "organizations" | None | N/A |
Go | tenantID |
No | "organizations" | None | N/A |
Callback / Challenge
Language | Name | Required ? | Default Value | Validations | Validation Failure Message |
---|---|---|---|---|---|
.NET | deviceCodeCallback |
No | Default implementation writes message to console | If specified must be non-null | ArgumentNullException "deviceCodeCallback" |
Java | challengeConsumer |
No | Default implementation writes message to console | If specified must be non-null | "Must provide non-null values for challengeConsumer property in DeviceCodeCredentialBuilder." |
JS/TS | userPromptCallback |
No | Default implementation writes message to console | None | N/A |
Python | prompt_callback |
No | Default implementation writes message to console | None | N/A |
Go | callback |
Yes | N/A | None | N/A |
Authentication Record
Language | Name | Required ? | Default Value | Validations | Validation Failure Message |
---|---|---|---|---|---|
.NET | AuthenticationRecord |
No | null | None | N/A |
Java | authenticationRecord |
No | null | None | N/A |
JS/TS | N/A | N/A | N/A | N/A | |
Python | authentication_record |
No | None | None | N/A |
Go | N/A | N/A | N/A | N/A |
Automatic Authentication
Language | Name | Required ? | Default Value | Validations | Validation Failure Message |
---|---|---|---|---|---|
.NET | DisableAutomaticAuthentication |
No | false | None | N/A |
Java | disableAutomaticAuthentication |
No | false | None | N/A |
JS/TS | N/A | N/A | N/A | N/A | |
Python | disable_automatic_authentication |
No | False | None | N/A |
Go | N/A | N/A | N/A | N/A |
Unencrypted Cache
Language | Name | Required ? | Default Value | Validations | Validation Failure Message |
---|---|---|---|---|---|
.NET | AllowUnencryptedCache |
No | false | None | N/A |
Java | allowUnencryptedCache |
No | false | None | N/A |
JS/TS | N/A | N/A | N/A | N/A | |
Python | allow_unencrypted_cache |
No | False | None | N/A |
Go | N/A | N/A | N/A | N/A |
Persistent Cache
Language | Name | Required ? | Default Value | Validations | Validation Failure Message |
---|---|---|---|---|---|
.NET | EnablePersistentCache |
No | false | None | N/A |
Java | enablePersistentCache |
No | false | None | N/A |
JS/TS | N/A | N/A | N/A | N/A | |
Python | enable_persistent_cache |
No | False | None | N/A |
Go | N/A | N/A | N/A | N/A |
Executor Service (Java only)
Language | Name | Required ? | Default Value | Validations | Validation Failure Message |
---|---|---|---|---|---|
Java | executorService |
No | null | None | N/A |
Timeout (Python only)
Language | Name | Required ? | Default Value | Validations | Validation Failure Message |
---|---|---|---|---|---|
Python | timeout |
No | None | None | N/A |
//TODO: Add and Discuss Language specific input parameters (which can be potentially applied across the board)
AUTHORITY HOST
Language | Name | Required ? | Default Value | Validations | Validation Failure Message |
---|---|---|---|---|---|
.NET | AZURE_AUTHORITY_HOST |
No | "https://login.microsoftonline.com/" | Must be a valid Uri, validation done by URI constructor | N/A |
Java | AZURE_AUTHORITY_HOST |
No | "https://login.microsoftonline.com/" | 1. Valid URI, 2.Follow HTTPS protocol |
1. "Must provide a valid URI for authority host." 2."Authority host must use HTTPS scheme." |
JS/TS | AZURE_AUTHORITY_HOST |
No | "https://login.microsoftonline.com/" | Follow HTTPS protocol |
"The authorityHost address must use the 'https' protocol." |
Python | AZURE_AUTHORITY_HOST |
No | "https://login.microsoftonline.com/" | Follow HTTPS protocol |
"'{}' is an invalid authority. The value must be a TLS protected (https) URL." |
Go | AZURE_AUTHORITY_HOST |
No | "https://login.microsoftonline.com/" | None | N/A |
Java
DeviceCodeCredential deviceCodeCredential = new DeviceCodeCredentialBuilder()
.clientId("<Client-Id>")
.build();
.NET
var credential = new DeviceCodeCredential();
Python
DeviceCodeCredential("client_id")
JS/TS
const credential = new DeviceCodeCredential(
undefined,
"CLIENT_ID"
);
GO
handler := func(string) {}
cred, err := NewDeviceCodeCredential(nil, clientID, handler, nil)
Java
DeviceCodeCredential deviceCodeCredentialghj = new DeviceCodeCredentialBuilder()
.authorityHost(AzureAuthorityHosts.AZURE_PUBLIC_CLOUD)
.clientId("Client-Id")
.tenantId("Tenant-Id")
.disableAutomaticAuthentication()
.enablePersistentCache()
.allowUnencryptedCache()
.authenticationRecord(authenticationRecord)
.challengeConsumer(deviceCodeInfo -> System.out.println(deviceCodeInfo.getMessage()))
.executorService(Executors.newSingleThreadExecutor())
.httpClient(HttpClient.createDefault())
.httpPipeline(httpPipeline)
.build();
.NET
options = new DeviceCodeCredentialOptions {
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
ClientId = "xxx",
TenantId = "xxx",
DisableAutomaticAuthentication = false,
EnablePersistentCache = false,
AllowUnencryptedCache = false,
AuthenticationRecord = authRecord
}
var credential = new DeviceCodeCredential()
Python
DeviceCodeCredential(
"client_id",
authority="...",
tenant_id="...",
timeout=42,
prompt_callback=lambda verification_uri, user_code, expires_on: None,
authentication_record=...,
enable_persistent_cache=True,
allow_unencrypted_cache=True,
)
JS/TS
const credential = new DeviceCodeCredential(
"TENANT_ID",
"CLIENT_ID",
(details) => console.log({ details }),
{ authorityHost: "https://adfs.redmond.azurestack.corp.microsoft.com" }
);
GO
handler := func(string) {}
cred, err := NewDeviceCodeCredential(tenantID, clientID, handler, &TokenCredentialOptions{HTTPClient: srv, AuthorityHost: srv.URL()})
Device Code Info Message
Language | Message |
---|---|
.NET | "To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code XXXXXXXX to authenticate." |
Java | "To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code XXXXXXXX to authenticate." |
JS/TS | "To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code XXXXXXXX to authenticate." |
Python | "To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code XXXXXXXX to authenticate." |
Go | N/A - User needs to provide the handler to handle the device code message details |
Authentication Failure Message
.NET
Scenario | Exception/Error Type | Message |
---|---|---|
Automatic Authentication disabled and Get Token is called without calling authenticate first | AuthenticationRequiredException |
Interactive authentication is needed to acquire token. Call Authenticate to initiate the device code authentication. |
Silent authentication fails | AuthenticationRequiredException |
Interactive authentication is needed to acquire token. Call Authenticate to initiate the device code authentication. |
Scope cannot be determined for authority host in authenticate method. | CredentialUnavailableException |
Authenticating in this environment requires specifying a TokenRequestContext. |
Failure do to unhandled exception | AuthenticationFailedException |
DeviceCodeCredential authentication failed: {inner exception message} |
Java
Scenario | Exception/Error Type | Message |
---|---|---|
Automatic Authentication disabled and Get Token is called without calling authenticate first | AuthenticationRequiredException |
"Interactive authentication is needed to acquire token. Call Authenticate to initiate the device code authentication." |
Scope cannot be determined for authority host in authenticate method. | CredentialUnavailableException |
"Authenticating in this environment requires specifying a TokenRequestContext." |
Authentication issue on MSAL end | ClientAuthenticationException |
"Failed to acquire token with device code" |
Python
Scenario | Exception/Error Type | Message |
---|---|---|
MSAL issue in Intiating device flow | ClientAuthenticationError |
"Couldn't begin authentication: {Error Details from MSAL}" |
MSAL timed out waiting for user to authenticate | ClientAuthenticationError |
"Timed out waiting for user to authenticate" |
MSAL Authentication issue | ClientAuthenticationError |
"Authentication failed: {MSAL error details/description}"" |
Scope cannot be determined for authority host in authenticate method. | CredentialUnavailableError |
"Authenticating in this environment requires a value for the 'scopes' keyword argument." |
Automatic Authentication disabled and Get Token is called without calling authenticate first | AuthenticationRequiredError |
"Interactive authentication is required to get a token. Call 'authenticate' to begin. |
No Scope passed in Get Token | ValueError | "'get_token' requires at least one scope" |
JS/TS
Scenario | Exception/Error Type | Message |
---|---|---|
Authentication issue on MSAL end | Error |
"Device Authentication Error + MSAL Error Details" |
GO
Scenario | Exception/Error Type | Message |
---|---|---|
Authentication Failure | AuthenticationFailedError |
"{Error Response message as it is}" |
//TODO: Add and Discuss Language specific error messages (which can be potentially applied across the board)
Key Scenarios:
- Token Fetch Success
- Token Fetch Failure
.NET
Scenario | Log Level | Log Message |
---|---|---|
GetToken Called | INFO | DeviceCodeCredential invoked. Scopes: {1} ParentRequestId: {2} |
GetToken Success | INFO | DeviceCodeCredential succeeded. Scopes: {1} ParentRequestId: {2} ExpiresOn: {3} |
GetToken Failure | INFO | DeviceCodeCredential was unable to retrieve an access token. Scopes: {1} ParentRequestId: {2} |
Unandled Exception | INFO | DeviceCodeCredential was unable to retrieve an access token. Scopes: {1} ParentRequestId: {2} Exception: {3} |
Java
Scenario | Log Level | Log Message |
---|---|---|
Token Fetch Success | INFO | Azure Identity => getToken() result for scopes [{}]: SUCCESS |
Token Fetch Failure | ERROR | Azure Identity => ERROR in getToken() call for scopes [{}]: {} |
Any Exception | ERROR | Error Message in the Exception |
Python
Scenario | Log Level | Log Message |
---|---|---|
Any Error raised in Get token | WARN | "{ClassName}.get_token failed: {Error Details}" |
Token Fetch Success | INFO | "{ClassName}.get_token succeeded" |
JS/TS
Scenario | Log Level | Log Message |
---|---|---|
Error from MSAL | INFO | Message in the Error |
GO
Scenario | Log Level | Log Message |
---|---|---|
Token Fetch Success | LogCredential | "Azure Identity => GetToken() result for {Credential}: SUCCESS , Credential Scopes: [%s]" |
Auth Failure | LogCredential | "Azure Identity => ERROR in GetToken() call for {Credential}: {ErrorDetails} {Stack}" |
//TODO: Add and Discuss Language specific logging scenarios (which can be potentially applied across the board)
// Discuss Go Offline_access scopes logic.