Class ClientAssertionCredential
- All Implemented Interfaces:
com.azure.core.credential.TokenCredential
The ClientAssertionCredential acquires a token via client assertion and service principal authentication. This authentication method provides a secure and scalable way for client applications to access Azure resources without the need for users to provide their credentials. It is often used in scenarios where a client application needs to access Azure resources on behalf of a user, such as in a multi-tier application architecture. In this authentication method, the client application creates a JSON Web Token (JWT) that includes information about the service principal (such as its client ID and tenant ID) and signs it using a client secret. The client then sends this token to Azure Active Directory (Azure AD) as proof of its identity. Azure AD verifies the token signature and checks that the service principal has the necessary permissions to access the requested Azure resource. If the token is valid and the service principal is authorized, Azure AD issues an access token that the client application can use to access the requested resource. The ClientAssertionCredential acquires an access token with a client client assertion for a service principal/registered AAD application. The tenantId, clientId and clientAssertion of the service principal are required for this credential to acquire an access token. It can be used both in Azure hosted and local development environments for authentication.
As a pre-requisite, a service principal is required to use this authentication mechanism. If you don't have a service principal, refer to create a service principal with Azure CLI.
Sample: Construct a simple ClientAssertionCredential
The following code sample demonstrates the creation of a ClientAssertionCredential
,
using the ClientAssertionCredentialBuilder
to configure it. The tenantId
,
clientId
and certificate
parameters are required to create
ClientAssertionCredential
. Once this credential is created, it may be passed into the
builder of many of the Azure SDK for Java client builders as the 'credential' parameter.
TokenCredential clientAssertionCredential = new ClientAssertionCredentialBuilder() .tenantId(tenantId) .clientId(clientId) .clientAssertion(() -> "<Client-Assertion>") .build();
Sample: Construct a ClientAssertionCredential behind a proxy
The following code sample demonstrates the creation of a ClientAssertionCredential
,
using the ClientAssertionCredentialBuilder
to configure it. The tenantId
,
clientId
and clientAssertion
parameters are required to create
ClientAssertionCredential
. THe proxyOptions
can be optionally configured to
target a proxy. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java
client builders as the 'credential' parameter.
TokenCredential assertionCredential = new ClientAssertionCredentialBuilder() .tenantId(tenantId) .clientId(clientId) .clientAssertion(() -> "<Client-Assertion>") .proxyOptions(new ProxyOptions(Type.HTTP, new InetSocketAddress("10.21.32.43", 5465))) .build();
-
Method Summary
Modifier and TypeMethodDescriptionMono<com.azure.core.credential.AccessToken>
getToken
(com.azure.core.credential.TokenRequestContext request) com.azure.core.credential.AccessToken
getTokenSync
(com.azure.core.credential.TokenRequestContext request)
-
Method Details
-
getToken
public Mono<com.azure.core.credential.AccessToken> getToken(com.azure.core.credential.TokenRequestContext request) - Specified by:
getToken
in interfacecom.azure.core.credential.TokenCredential
-
getTokenSync
public com.azure.core.credential.AccessToken getTokenSync(com.azure.core.credential.TokenRequestContext request) - Specified by:
getTokenSync
in interfacecom.azure.core.credential.TokenCredential
-