Package com.azure.identity

Class DeviceCodeCredentialBuilder

java.lang.Object
com.azure.identity.CredentialBuilderBase<T>
com.azure.identity.AadCredentialBuilderBase<DeviceCodeCredentialBuilder>
com.azure.identity.DeviceCodeCredentialBuilder
All Implemented Interfaces:
com.azure.core.client.traits.HttpTrait<DeviceCodeCredentialBuilder>
public class DeviceCodeCredentialBuilder extends AadCredentialBuilderBase<DeviceCodeCredentialBuilder>
Fluent credential builder for instantiating a DeviceCodeCredential.

Device code authentication is a type of authentication flow offered by Microsoft Entra ID that allows users to sign in to applications on devices that don't have a web browser or a keyboard. This authentication method is particularly useful for devices such as smart TVs, gaming consoles, and Internet of Things (IoT) devices that may not have the capability to enter a username and password. With device code authentication, the user is presented with a device code on the device that needs to be authenticated. The user then navigates to a web browser on a separate device and enters the code on the Microsoft sign-in page. After the user enters the code, Microsoft Entra ID verifies it and prompts the user to sign in with their credentials, such as a username and password or a multi-factor authentication (MFA) method. Device code authentication can be initiated using various Microsoft Entra-supported protocols, such as OAuth 2.0 and OpenID Connect, and it can be used with a wide range of Microsoft Entra-integrated applications. The DeviceCodeCredential interactively authenticates a user and acquires a token on devices with limited UI. It works by prompting the user to visit a login URL on a browser-enabled machine when the application attempts to authenticate. The user then enters the device code mentioned in the instructions along with their login credentials. Upon successful authentication, the application that requested authentication gets authenticated successfully on the device it's running on. For more information refer to the conceptual knowledge and configuration details.

These steps will let the application authenticate, but it still won't have permission to log you into Active Directory, or access resources on your behalf. To address this issue, navigate to API Permissions, and enable Microsoft Graph and the resources you want to access, such as Azure Service Management, Key Vault, and so on. You also need to be the admin of your tenant to grant consent to your application when you log in for the first time. If you can't configure the device code flow option on your Active Directory, then it may require your app to be multi- tenant. To make your app multi-tenant, navigate to the Authentication panel, then select Accounts in any organizational directory. Then, select yes for Treat application as Public Client.

Sample: Construct DeviceCodeCredential

The following code sample demonstrates the creation of a DeviceCodeCredential, using the DeviceCodeCredentialBuilder to configure it. By default, the credential prints the device code challenge on the command line, to override that behaviours a challengeConsumer can be optionally specified on the DeviceCodeCredentialBuilder. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

 TokenCredential deviceCodeCredential = new DeviceCodeCredentialBuilder()
     .build();
See Also:

  • Constructor Details

    • DeviceCodeCredentialBuilder

      public DeviceCodeCredentialBuilder()

  • Method Details

    • challengeConsumer

      public DeviceCodeCredentialBuilder challengeConsumer(Consumer<DeviceCodeInfo> challengeConsumer)
      Sets the consumer to meet the device code challenge. If not specified a default consumer is used which prints the device code info message to stdout.
      Parameters:
      challengeConsumer - A method allowing the user to meet the device code challenge.
      Returns:
      the InteractiveBrowserCredentialBuilder itself

    • tokenCachePersistenceOptions

      public DeviceCodeCredentialBuilder tokenCachePersistenceOptions(TokenCachePersistenceOptions tokenCachePersistenceOptions)
      Configures the persistent shared token cache options and enables the persistent token cache which is disabled by default. If configured, the credential will store tokens in a cache persisted to the machine, protected to the current user, which can be shared by other credentials and processes.
      Parameters:
      tokenCachePersistenceOptions - the token cache configuration options
      Returns:
      An updated instance of this builder with the token cache options configured.

    • authenticationRecord

      public DeviceCodeCredentialBuilder authenticationRecord(AuthenticationRecord authenticationRecord)
      Sets the AuthenticationRecord captured from a previous authentication.
      Parameters:
      authenticationRecord - the authentication record to be configured.
      Returns:
      An updated instance of this builder with the configured authentication record.

    • disableAutomaticAuthentication

      public DeviceCodeCredentialBuilder disableAutomaticAuthentication()
      Disables the automatic authentication and prevents the DeviceCodeCredential from automatically prompting the user. If automatic authentication is disabled a AuthenticationRequiredException will be thrown from DeviceCodeCredential.getToken(TokenRequestContext) in the case that user interaction is necessary. The application is responsible for handling this exception, and calling DeviceCodeCredential.authenticate() or DeviceCodeCredential.authenticate(TokenRequestContext) to authenticate the user interactively.
      Returns:
      An updated instance of this builder with automatic authentication disabled.

    • additionallyAllowedTenants

      public DeviceCodeCredentialBuilder additionallyAllowedTenants(String... additionallyAllowedTenants)
      For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant on which the application is installed. If no value is specified for TenantId this option will have no effect, and the credential will acquire tokens for any requested tenant.
      Overrides:
      additionallyAllowedTenants in class AadCredentialBuilderBase<DeviceCodeCredentialBuilder>
      Parameters:
      additionallyAllowedTenants - the additionally allowed tenants.
      Returns:
      An updated instance of this builder with the additional tenants configured.

    • additionallyAllowedTenants

      public DeviceCodeCredentialBuilder additionallyAllowedTenants(List<String> additionallyAllowedTenants)
      For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant on which the application is installed. If no value is specified for TenantId this option will have no effect, and the credential will acquire tokens for any requested tenant.
      Overrides:
      additionallyAllowedTenants in class AadCredentialBuilderBase<DeviceCodeCredentialBuilder>
      Parameters:
      additionallyAllowedTenants - the additionally allowed tenants.
      Returns:
      An updated instance of this builder with the additional tenants configured.

    • build

      public DeviceCodeCredential build()
      Creates a new DeviceCodeCredential with the current configurations.
      Returns:
      a DeviceCodeCredential with the current configurations.