Class InteractiveBrowserCredential
- All Implemented Interfaces:
com.azure.core.credential.TokenCredential
Interactive browser authentication is a type of authentication flow offered by Microsoft Entra ID that enables users to sign in to applications and services using a web browser. This authentication method is commonly used for web applications, where users enter their credentials directly into a web page. With interactive browser authentication, the user navigates to a web application and is prompted to enter their username and password credentials. The application then redirects the user to the Microsoft Entra ID sign-in page, where they are prompted to enter their credentials again. After the user successfully authenticates, Microsoft Entra ID issues a security token that the application can use to authorize the user's access to its resources. The InteractiveBrowserCredential interactively authenticates a user and acquires a token with the default system browser and offers a smooth authentication experience by letting a user use their own credentials to authenticate the application. When authenticated, the oauth2 flow notifies the credential of the authentication code through the reply URL. For more information refer to the interactive browser authentication documentation.
Required configuration:
To use InteractiveBrowserCredential, you need to register an application in Microsoft Entra ID with permissions to log in on behalf of a user. Follow the steps below to configure your registered application.
- Go to Microsoft Entra ID in Azure portal and find your app registration.
- Navigate to the Authentication section.
- Under Suggested Redirected URIs, check the URI that ends with /common/oauth2/nativeclient.
- Under Default Client Type, select yes for Treat application as a public client.
These steps will let the application authenticate, but it still won't have permission to log you into
Active Directory, or access resources on your behalf. To address this issue, navigate to API Permissions, and enable
Microsoft Graph and the resources you want to access, such as Azure Service Management, Key Vault, and so on.
You also need to be the admin of your tenant to grant consent to your application when you log in for the first time.
In InteractiveBrowserCredentialBuilder.redirectUrl(String)
, a redirect URL can be specified. It configures
the Redirect URL where STS will callback the application with the security code. It is required if a custom
client id is specified via AadCredentialBuilderBase.clientId(String)
and must match the
redirect URL specified during the application registration. You can add the redirect URL to the Redirect URIs
subsection under the Authentication section of your registered Microsoft Entra application.
Sample: Construct InteractiveBrowserCredential
The following code sample demonstrates the creation of a InteractiveBrowserCredential
,
using the InteractiveBrowserCredentialBuilder
to configure it. By default, the credential
targets a localhost redirect URL, to override that behaviour a
InteractiveBrowserCredentialBuilder.redirectUrl(String)
can be optionally specified. Once this credential is
created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential'
parameter.
TokenCredential interactiveBrowserCredential = new InteractiveBrowserCredentialBuilder() .redirectUrl("http://localhost:8765") .build();
-
Method Summary
Modifier and TypeMethodDescriptionInteractively authenticates a user via the default browser.authenticate
(com.azure.core.credential.TokenRequestContext request) Interactively authenticates a user via the default browser.Mono<com.azure.core.credential.AccessToken>
getToken
(com.azure.core.credential.TokenRequestContext request) com.azure.core.credential.AccessToken
getTokenSync
(com.azure.core.credential.TokenRequestContext request)
-
Method Details
-
getToken
public Mono<com.azure.core.credential.AccessToken> getToken(com.azure.core.credential.TokenRequestContext request) - Specified by:
getToken
in interfacecom.azure.core.credential.TokenCredential
-
getTokenSync
public com.azure.core.credential.AccessToken getTokenSync(com.azure.core.credential.TokenRequestContext request) - Specified by:
getTokenSync
in interfacecom.azure.core.credential.TokenCredential
-
authenticate
public Mono<AuthenticationRecord> authenticate(com.azure.core.credential.TokenRequestContext request) Interactively authenticates a user via the default browser.- Parameters:
request
- The details of the authentication request.- Returns:
- The
AuthenticationRecord
which can be used to silently authenticate the account on future execution if persistent caching was configured viaInteractiveBrowserCredentialBuilder.tokenCachePersistenceOptions(TokenCachePersistenceOptions)
when credential was instantiated.
-
authenticate
Interactively authenticates a user via the default browser.- Returns:
- The
AuthenticationRecord
which can be used to silently authenticate the account on future execution if persistent caching was enabled viaInteractiveBrowserCredentialBuilder.tokenCachePersistenceOptions(TokenCachePersistenceOptions)
when credential was instantiated.
-