Package com.azure.identity

Class ManagedIdentityCredential

java.lang.Object

com.azure.identity.ManagedIdentityCredential

All Implemented Interfaces:

com.azure.core.credential.TokenCredential

public final class ManagedIdentityCredential
extends Object
implements com.azure.core.credential.TokenCredential

Azure Managed Identity is a feature in Microsoft Entra ID that provides a way for applications running on Azure to authenticate themselves with Azure resources without needing to manage or store any secrets like passwords or keys. The ManagedIdentityCredential authenticates the configured managed identity (system or user assigned) of an Azure resource. So, if the application is running inside an Azure resource that supports Managed Identity through IDENTITY/MSI, IMDS endpoints, or both, then this credential will get your application authenticated, and offers a great secretless authentication experience. For more information refer to the managed identity authentication documentation.

The Managed Identity credential supports managed identity authentication for the following Azure Services:

1. Azure App Service
2. Azure Arc
3. Azure Cloud Shell
4. Azure Functions
5. Azure Kubernetes Service
6. Azure Service Fabric
7. Azure Virtual Machines
8. Azure Virtual Machines Scale Sets

Sample: Construct a simple ManagedIdentityCredential

The following code sample demonstrates the creation of a ManagedIdentityCredential, using the ManagedIdentityCredentialBuilder to configure it. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

 TokenCredential managedIdentityCredential = new ManagedIdentityCredentialBuilder()
     .build();
 

Sample: Construct a User Assigned ManagedIdentityCredential

User-Assigned Managed Identity (UAMI) in Azure is a feature that allows you to create an identity in Microsoft Entra ID that is associated with one or more Azure resources. This identity can then be used to authenticate and authorize access to various Azure services and resources. The following code sample demonstrates the creation of a ManagedIdentityCredential to target a user assigned managed identity, using the ManagedIdentityCredentialBuilder to configure it. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

 TokenCredential managedIdentityCredentialUserAssigned = new ManagedIdentityCredentialBuilder()
     .clientId(clientId) // specify client id of user-assigned managed identity.
     .build();
 

See Also:

• com.azure.identity
• ManagedIdentityCredentialBuilder

Method Summary

Modifier and Type	Method	Description
String	getClientId()	Gets the client ID of user assigned or system assigned identity.
Mono<com.azure.core.credential.AccessToken>	getToken(com.azure.core.credential.TokenRequestContext request)	Asynchronously get a token for a given resource/audience.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.azure.core.credential.TokenCredential

getTokenSync

Method Details

getClientId

public String getClientId()

Gets the client ID of user assigned or system assigned identity.

Returns:

the client ID of user assigned or system assigned identity.

getToken

public Mono<com.azure.core.credential.AccessToken> getToken(com.azure.core.credential.TokenRequestContext request)

Description copied from interface: com.azure.core.credential.TokenCredential

Asynchronously get a token for a given resource/audience. This method is called automatically by Azure SDK client libraries. You may call this method directly, but you must also handle token caching and token refreshing.

Specified by:

getToken in interface com.azure.core.credential.TokenCredential

Parameters:

request - the details of the token request

Returns:

a Publisher that emits a single access token