Namespace Azure.Identity

Classes

AuthenticationFailedException: An exception class raised for errors in authenticating client requests.

AuthenticationRecord: Account information relating to an authentication request.

AuthenticationRequiredException: An exception indicating that interactive authentication is required.

AuthorizationCodeCredential: Authenticates by redeeming an authorization code previously obtained from Microsoft Entra ID. See https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow for more information about the authorization code authentication flow.

AuthorizationCodeCredentialOptions: Options used to configure the AuthorizationCodeCredential.

AzureAuthorityHosts: Defines fields exposing the well known authority hosts for the Azure Public Cloud and sovereign clouds.

AzureCliCredential: Enables authentication to Microsoft Entra ID using Azure CLI to obtain an access token.

AzureCliCredentialOptions: Options for configuring the AzureCliCredential.

AzureDeveloperCliCredential: Enables authentication to Microsoft Entra ID using Azure Developer CLI to obtain an access token.

AzureDeveloperCliCredentialOptions: Options for configuring the AzureDeveloperCliCredential.

AzurePipelinesCredential: Credential which authenticates using an Azure Pipelines service connection.

AzurePipelinesCredentialOptions: Options used to configure the AzurePipelinesCredential.

AzurePowerShellCredential: Enables authentication to Microsoft Entra ID using Azure PowerShell to obtain an access token.

AzurePowerShellCredentialOptions: Options for configuring the AzurePowerShellCredential.

BrowserCustomizationOptions: Options to customize browser view.

ChainedTokenCredential: Provides a Azure.Core.TokenCredential implementation which chains multiple Azure.Core.TokenCredential implementations to be tried in order until one of the getToken methods returns a non-default Azure.Core.AccessToken.

ClientAssertionCredential: Enables authentication of a Microsoft Entra service principal using a signed client assertion.

ClientAssertionCredentialOptions: Options used to configure the ClientAssertionCredential.

ClientCertificateCredential: Enables authentication of a service principal to Microsoft Entra ID using a X509 certificate that is assigned to its App Registration. More information on how to configure certificate authentication can be found at https://learn.microsoft.com/entra/identity-platform/certificate-credentials#register-your-certificate-with-microsoft-identity-platform.

ClientCertificateCredentialOptions: Options used to configure the ClientCertificateCredential.

ClientSecretCredential: Enables authentication to Microsoft Entra ID using a client secret that was generated for an App Registration. More information on how to configure a client secret can be found at https://learn.microsoft.com/entra/identity-platform/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application.

ClientSecretCredentialOptions: Options used to configure the ClientSecretCredential.

CredentialUnavailableException: An exception indicating a Azure.Core.TokenCredential did not attempt to authenticate and retrieve Azure.Core.AccessToken, as its prerequisite information or state was not available.

DefaultAzureCredential

Provides a default Azure.Core.TokenCredential authentication flow for applications that will be deployed to Azure. The following credential types, if enabled, will be tried, in order:

Consult the documentation of these credential types for more information on how they attempt authentication.

DefaultAzureCredentialOptions: Options to configure the DefaultAzureCredential authentication flow and requests made to Azure Identity services.

DeviceCodeCredential: A Azure.Core.TokenCredential implementation which authenticates a user using the device code flow, and provides access tokens for that user account. For more information on the device code authentication flow see https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Device-Code-Flow.

DeviceCodeCredentialOptions: Options to configure the DeviceCodeCredential.

EnvironmentCredential

Enables authentication to Microsoft Entra ID using a client secret or certificate, or as a user with a username and password.

Configuration is attempted in this order, using these environment variables:

Service principal with secret:

Variable	Description
AZURE_TENANT_ID	The Microsoft Entra tenant (directory) ID.
AZURE_CLIENT_ID	The client (application) ID of an App Registration in the tenant.
AZURE_CLIENT_SECRET	A client secret that was generated for the App Registration.

Service principal with certificate:

Variable	Description
AZURE_TENANT_ID	The Microsoft Entra tenant (directory) ID.
AZURE_CLIENT_ID	The client (application) ID of an App Registration in the tenant.
AZURE_CLIENT_CERTIFICATE_PATH	A path to certificate and private key pair in PEM or PFX format, which can authenticate the App Registration.
AZURE_CLIENT_CERTIFICATE_PASSWORD	(Optional) The password protecting the certificate file (currently only supported for PFX (PKCS12) certificates).
AZURE_CLIENT_SEND_CERTIFICATE_CHAIN	(Optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to `true` or `1`, authentication requests include the x5c header.

Username and password:

Variable	Description
AZURE_TENANT_ID	The Microsoft Entra tenant (directory) ID.
AZURE_CLIENT_ID	The client (application) ID of an App Registration in the tenant.
AZURE_USERNAME	The username, also known as upn, of a Microsoft Entra user account.
AZURE_PASSWORD	The password of the Microsoft Entra user account. Note this does not support accounts with MFA enabled.

This credential ultimately uses a ClientSecretCredential, ClientCertificateCredential, or UsernamePasswordCredential to perform the authentication using these details. Please consult the documentation of that class for more details.

EnvironmentCredentialOptions: Options used to configure the EnvironmentCredential.

IdentityModelFactory: Model factory that enables mocking for the Azure Identity library.

InteractiveBrowserCredential: A Azure.Core.TokenCredential implementation which launches the system default browser to interactively authenticate a user, and obtain an access token. The browser will only be launched to authenticate the user once, then will silently acquire access tokens through the users refresh token as long as it's valid.

InteractiveBrowserCredentialOptions: Options to configure the InteractiveBrowserCredential.

ManagedIdentityCredential: Attempts authentication using a managed identity that has been assigned to the deployment environment. This authentication type works for all Azure-hosted environments that support managed identity. More information about configuring managed identities can be found at https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/overview.

OnBehalfOfCredential: Enables authentication to Microsoft Entra ID using an On-Behalf-Of flow.

OnBehalfOfCredentialOptions

SharedTokenCacheCredential: Authenticates using tokens in a local cache file. This is a legacy mechanism for authenticating clients using credentials provided to Visual Studio. This mechanism for Visual Studio authentication has been replaced by the VisualStudioCredential.

SharedTokenCacheCredentialOptions: Options to configure the SharedTokenCacheCredential authentication.

TokenCachePersistenceOptions: Options controlling the storage of the token cache.

TokenCacheRefreshArgs: Args sent to TokenCache OnBefore and OnAfter events.

TokenCacheUpdatedArgs: Data regarding an update of a token cache.

TokenCredentialDiagnosticsOptions: Exposes client options related to logging, telemetry, and distributed tracing.

TokenCredentialOptions: Options to configure requests made to the OAUTH identity service.

UnsafeTokenCacheOptions: Options controlling the storage of the token cache.

UsernamePasswordCredential: Enables authentication to Microsoft Entra ID using a user's username and password. If the user has MFA enabled this credential will fail to get a token throwing an AuthenticationFailedException. Also, this credential requires a high degree of trust and is not recommended outside of prototyping when more secure credentials can be used.

UsernamePasswordCredentialOptions: Options to configure the UsernamePasswordCredential.

VisualStudioCodeCredential

Enables authentication to Microsoft Entra ID as the user signed in to Visual Studio Code via the 'Azure Account' extension.

It's a known issue that VisualStudioCodeCredential doesn't work with Azure Account extension versions newer than 0.9.11. A long-term fix to this problem is in progress. In the meantime, consider authenticating with AzureCliCredential.

VisualStudioCodeCredentialOptions: Options for configuring the VisualStudioCodeCredential.

VisualStudioCredential: Enables authentication to Microsoft Entra ID using data from Visual Studio 2017 or later. See https://learn.microsoft.com/dotnet/azure/configure-visual-studio for more information on how to configure Visual Studio for Azure development.

VisualStudioCredentialOptions: Options for configuring the VisualStudioCredential.

WorkloadIdentityCredential: WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Kubernetes and other hosts supporting workload identity. Refer to Microsoft Entra Workload ID for more information.

WorkloadIdentityCredentialOptions: Options used to configure the WorkloadIdentityCredential.

Structs

DeviceCodeInfo: Details of the device code to present to a user to allow them to authenticate through the device code authentication flow.

TokenCacheData: Details related to a UnsafeTokenCacheOptions cache delegate.

Table of Contents

Namespace Azure.Identity

Classes

Structs