Package com.azure.identity

Class OnBehalfOfCredential

java.lang.Object

com.azure.identity.OnBehalfOfCredential

All Implemented Interfaces:

com.azure.core.credential.TokenCredential

public class OnBehalfOfCredential
extends Object
implements com.azure.core.credential.TokenCredential

On Behalf of authentication in Azure is a way for a user or application to authenticate to a service or resource using credentials from another identity provider. This type of authentication is typically used when a user or application wants to access a resource in Azure, but their credentials are managed by a different identity provider, such as an on-premises Active Directory or a third-party identity provider. To use "On Behalf of" authentication in Azure, the user must first authenticate to the identity provider using their credentials. The identity provider then issues a security token that contains information about the user and their permissions. This security token is then passed to Azure, which uses it to authenticate the user or application and grant them access to the requested resource. The OnBehalfOfCredential acquires a token with a client secret/certificate and user assertion for a Microsoft Entra application on behalf of a user principal.

The following code sample demonstrates the creation of a OnBehalfOfCredential, using the OnBehalfOfCredentialBuilder to configure it. The tenantId, clientId and clientSecret parameters are required to create OnBehalfOfCredential. The userAssertion can be optionally specified on the OnBehalfOfCredentialBuilder. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

 TokenCredential onBehalfOfCredential = new OnBehalfOfCredentialBuilder()
     .clientId("<app-client-ID>")
     .clientSecret("<app-Client-Secret>")
     .tenantId("<app-tenant-ID>")
     .userAssertion("<user-assertion>")
     .build();
 

See Also:

• com.azure.identity
• OnBehalfOfCredentialBuilder

Method Summary

Modifier and Type	Method	Description
Mono<com.azure.core.credential.AccessToken>	getToken(com.azure.core.credential.TokenRequestContext request)
com.azure.core.credential.AccessToken	getTokenSync(com.azure.core.credential.TokenRequestContext request)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

getToken

public Mono<com.azure.core.credential.AccessToken> getToken(com.azure.core.credential.TokenRequestContext request)

Specified by:

getToken in interface com.azure.core.credential.TokenCredential

getTokenSync

public com.azure.core.credential.AccessToken getTokenSync(com.azure.core.credential.TokenRequestContext request)

Specified by:

getTokenSync in interface com.azure.core.credential.TokenCredential