Package com.azure.identity

Class OnBehalfOfCredential

java.lang.Object
com.azure.identity.OnBehalfOfCredential
All Implemented Interfaces:
com.azure.core.credential.TokenCredential
public class OnBehalfOfCredential extends Object implements com.azure.core.credential.TokenCredential

On Behalf of authentication in Azure is a way for a user or application to authenticate to a service or resource using credentials from another identity provider. This type of authentication is typically used when a user or application wants to access a resource in Azure, but their credentials are managed by a different identity provider, such as an on-premises Active Directory or a third-party identity provider. To use "On Behalf of" authentication in Azure, the user must first authenticate to the identity provider using their credentials. The identity provider then issues a security token that contains information about the user and their permissions. This security token is then passed to Azure, which uses it to authenticate the user or application and grant them access to the requested resource. The OnBehalfOfCredential acquires a token with a client secret/certificate and user assertion for a Microsoft Entra application on behalf of a user principal.

The following code sample demonstrates the creation of a OnBehalfOfCredential, using the OnBehalfOfCredentialBuilder to configure it. The tenantId, clientId and clientSecret parameters are required to create OnBehalfOfCredential. The userAssertion can be optionally specified on the OnBehalfOfCredentialBuilder. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

 TokenCredential onBehalfOfCredential = new OnBehalfOfCredentialBuilder()
     .clientId("<app-client-ID>")
     .clientSecret("<app-Client-Secret>")
     .tenantId("<app-tenant-ID>")
     .userAssertion("<user-assertion>")
     .build();
See Also:

  • Method Summary

    Modifier and Type
    Method
    Description
    Mono<com.azure.core.credential.AccessToken>
    getToken(com.azure.core.credential.TokenRequestContext request)
    Asynchronously get a token for a given resource/audience.
    com.azure.core.credential.AccessToken
    getTokenSync(com.azure.core.credential.TokenRequestContext request)
    Synchronously get a token for a given resource/audience.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • getToken

      public Mono<com.azure.core.credential.AccessToken> getToken(com.azure.core.credential.TokenRequestContext request)
      Description copied from interface: com.azure.core.credential.TokenCredential
      Asynchronously get a token for a given resource/audience. This method is called automatically by Azure SDK client libraries. You may call this method directly, but you must also handle token caching and token refreshing.
      Specified by:
      getToken in interface com.azure.core.credential.TokenCredential
      Parameters:
      request - the details of the token request
      Returns:
      a Publisher that emits a single access token

    • getTokenSync

      public com.azure.core.credential.AccessToken getTokenSync(com.azure.core.credential.TokenRequestContext request)
      Description copied from interface: com.azure.core.credential.TokenCredential
      Synchronously get a token for a given resource/audience. This method is called automatically by Azure SDK client libraries. You may call this method directly, but you must also handle token caching and token refreshing.
      Specified by:
      getTokenSync in interface com.azure.core.credential.TokenCredential
      Parameters:
      request - the details of the token request
      Returns:
      The Access Token