Package com.azure.identity

Class AadCredentialBuilderBase<T extends AadCredentialBuilderBase<T>>

java.lang.Object
com.azure.identity.CredentialBuilderBase<T>
com.azure.identity.AadCredentialBuilderBase<T>
Type Parameters:
T - the type of the credential builder
All Implemented Interfaces:
com.azure.core.client.traits.HttpTrait<T>
Direct Known Subclasses:
AuthorizationCodeCredentialBuilder, ClientAssertionCredentialBuilder, ClientCertificateCredentialBuilder, ClientSecretCredentialBuilder, DeviceCodeCredentialBuilder, InteractiveBrowserCredentialBuilder, OnBehalfOfCredentialBuilder, SharedTokenCacheCredentialBuilder, UsernamePasswordCredentialBuilder, WorkloadIdentityCredentialBuilder
public abstract class AadCredentialBuilderBase<T extends AadCredentialBuilderBase<T>> extends CredentialBuilderBase<T>

The base class for credential builders that allow specifying a client ID, tenant ID, authority host, and additionally allowed tenants for Microsoft Entra ID.

  • Constructor Details

    • AadCredentialBuilderBase

      public AadCredentialBuilderBase()

  • Method Details

    • authorityHost

      public T authorityHost(String authorityHost)
      Specifies the Microsoft Entra endpoint to acquire tokens.
      Parameters:
      authorityHost - the Microsoft Entra endpoint
      Returns:
      An updated instance of this builder with the authority host set as specified.

    • clientId

      public T clientId(String clientId)
      Sets the client ID of the application.
      Parameters:
      clientId - the client ID of the application.
      Returns:
      An updated instance of this builder with the client id set as specified.

    • tenantId

      public T tenantId(String tenantId)
      Sets the tenant ID of the application.
      Parameters:
      tenantId - the tenant ID of the application.
      Returns:
      An updated instance of this builder with the tenant id set as specified.

    • executorService

      public T executorService(ExecutorService executorService)
      Specifies the ExecutorService to be used to execute the authentication requests. Developer is responsible for maintaining the lifecycle of the ExecutorService.

      If this is not configured, the common fork join pool will be used which is also shared with other application tasks. If the common pool is heavily used for other tasks, authentication requests might starve and setting up this executor service should be considered.

      The executor service and can be safely shutdown if the TokenCredential is no longer being used by the Azure SDK clients and should be shutdown before the application exits.

      Parameters:
      executorService - the executor service to use for executing authentication requests.
      Returns:
      An updated instance of this builder with the executor service set as specified.

    • additionallyAllowedTenants

      public T additionallyAllowedTenants(String... additionallyAllowedTenants)
      For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant on which the application is installed.
      Parameters:
      additionallyAllowedTenants - the additionally allowed tenants.
      Returns:
      An updated instance of this builder with the additional tenants configured.

    • additionallyAllowedTenants

      public T additionallyAllowedTenants(List<String> additionallyAllowedTenants)
      For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant on which the application is installed.
      Parameters:
      additionallyAllowedTenants - the additionally allowed tenants.
      Returns:
      An updated instance of this builder with the additional tenants configured.

    • disableInstanceDiscovery

      public T disableInstanceDiscovery()
      Disables the setting which determines whether or not instance discovery is performed when attempting to authenticate. This will completely disable both instance discovery and authority validation. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority. By utilizing this API, the validation of the authority is disabled. As a result, it is crucial to ensure that the configured authority host is valid and trustworthy.
      Returns:
      An updated instance of this builder with instance discovery disabled.

    • enableUnsafeSupportLogging

      public T enableUnsafeSupportLogging()
      Enables additional support logging for public and confidential client applications. This enables PII logging in MSAL4J as described here.

      This operation will log PII including tokens. It should only be used when directed by support.

      Returns:
      An updated instance of this builder with additional support logging enabled.