Class ManagedIdentityCredential

java.lang.Object
com.azure.identity.ManagedIdentityCredential
All Implemented Interfaces:
com.azure.core.credential.TokenCredential

public final class ManagedIdentityCredential extends Object implements com.azure.core.credential.TokenCredential

Azure Managed Identity is a feature in Microsoft Entra ID that provides a way for applications running on Azure to authenticate themselves with Azure resources without needing to manage or store any secrets like passwords or keys. The ManagedIdentityCredential authenticates the configured managed identity (system or user assigned) of an Azure resource. So, if the application is running inside an Azure resource that supports Managed Identity through IDENTITY/MSI, IMDS endpoints, or both, then this credential will get your application authenticated, and offers a great secretless authentication experience. For more information refer to the managed identity authentication documentation.

The Managed Identity credential supports managed identity authentication for the following Azure Services:

  1. Azure App Service
  2. Azure Arc
  3. Azure Cloud Shell
  4. Azure Functions
  5. Azure Kubernetes Service
  6. Azure Service Fabric
  7. Azure Virtual Machines
  8. Azure Virtual Machines Scale Sets

Sample: Construct a simple ManagedIdentityCredential

The following code sample demonstrates the creation of a ManagedIdentityCredential, using the ManagedIdentityCredentialBuilder to configure it. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

 TokenCredential managedIdentityCredential = new ManagedIdentityCredentialBuilder()
     .build();
 

Sample: Construct a User Assigned ManagedIdentityCredential

User-Assigned Managed Identity (UAMI) in Azure is a feature that allows you to create an identity in Microsoft Entra ID that is associated with one or more Azure resources. This identity can then be used to authenticate and authorize access to various Azure services and resources. The following code sample demonstrates the creation of a ManagedIdentityCredential to target a user assigned managed identity, using the ManagedIdentityCredentialBuilder to configure it. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

 TokenCredential managedIdentityCredentialUserAssigned = new ManagedIdentityCredentialBuilder()
     .clientId(clientId) // specify client id of user-assigned managed identity.
     .build();
 
See Also:
  • Method Summary

    Modifier and Type
    Method
    Description
    Gets the client ID of user assigned or system assigned identity.
    Mono<com.azure.core.credential.AccessToken>
    getToken(com.azure.core.credential.TokenRequestContext request)
    Asynchronously get a token for a given resource/audience.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface com.azure.core.credential.TokenCredential

    getTokenSync
  • Method Details

    • getClientId

      public String getClientId()
      Gets the client ID of user assigned or system assigned identity.
      Returns:
      the client ID of user assigned or system assigned identity.
    • getToken

      public Mono<com.azure.core.credential.AccessToken> getToken(com.azure.core.credential.TokenRequestContext request)
      Description copied from interface: com.azure.core.credential.TokenCredential
      Asynchronously get a token for a given resource/audience. This method is called automatically by Azure SDK client libraries. You may call this method directly, but you must also handle token caching and token refreshing.
      Specified by:
      getToken in interface com.azure.core.credential.TokenCredential
      Parameters:
      request - the details of the token request
      Returns:
      a Publisher that emits a single access token