|
The Azure Identity library provides Azure Active Directory token authentication support across the Azure SDK. It provides a set of TokenCredential
implementations which can be used to construct Azure SDK clients which support AAD token authentication. This library follows the Azure SDK Design Guidelines for C++.
Source code | API reference documentation | Azure Active Directory documentation
The easiest way to acquire the C++ SDK is leveraging vcpkg package manager. See the corresponding Azure SDK for C++ readme section.
To install Azure Identity package via vcpkg:
Then, use in your CMake file:
A credential is a class which contains or can obtain the data needed for a service client to authenticate requests. Service clients across Azure SDK accept credentials when they are constructed, and service clients use those credentials to authenticate requests to the service.
The Azure Identity library focuses on OAuth authentication with Azure Active directory, and it offers a variety of credential classes capable of acquiring an AAD token to authenticate service requests. All of the credential classes in this library are implementations of the TokenCredential
abstract class in azure-core, and any of them can be used by to construct service clients capable of authenticating with a TokenCredential
.
credential class
usage
configuration </thead> <tbody>
ClientSecretCredential
authenticates a service principal using a secret
Service principal authentication
ClientCertificateCredential
authenticates a service principal using a certificate
Service principal authentication </tbody>
EnvironmentCredential
can be configured with environment variables. Each type of authentication requires values for specific variables:
variable name
value </thead> <tbody>
AZURE_CLIENT_ID
id of an Azure Active Directory application
AZURE_TENANT_ID
id of the application's Azure Active Directory tenant
AZURE_CLIENT_SECRET
one of the application's client secrets </tbody>
variable name
value </thead> <tbody>
AZURE_CLIENT_ID
id of an Azure Active Directory application
AZURE_TENANT_ID
id of the application's Azure Active Directory tenant
AZURE_CLIENT_CERTIFICATE_PATH
path to a PEM-encoded certificate file including private key (without password protection) </tbody>
Configuration is attempted in the above order. For example, if values for a client secret and certificate are both present, the client secret will be used.
The Managed identity authentication is supported via the ManagedIdentityCredential
for the following Azure Services:
ChainedTokenCredential
allows users to customize the credentials considered when authenticating.
An example below demonstrates using ChainedTokenCredential
which will attempt to authenticate using EnvironmentCredential
, and fall back to authenticate using ManagedIdentityCredential
.
Credentials raise exceptions either when they fail to authenticate or cannot execute authentication. When credentials fail to authenticate, the AuthenticationException
is thrown and it has the what()
functions returning the description why authentication failed.
For details on contributing to this repository, see the contributing guide.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit the Contributor License Agreement.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Many people all over the world have helped make this project better. You'll want to check out:
Security issues and bugs should be reported privately, via email, to the Microsoft Security Response Center (MSRC) secur. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Further information, including the MSRC PGP key, can be found in the e@mi croso ft.c omSecurity TechCenter.