Class ClientAssertionCredentialBuilder
- All Implemented Interfaces:
com.azure.core.client.traits.HttpTrait<ClientAssertionCredentialBuilder>
ClientAssertionCredential
.
The ClientAssertionCredential
acquires a token via client assertion and service principal authentication.
This authentication method provides a secure and scalable way for client applications to access Azure resources
without the need for users to provide their credentials. It is often used in scenarios where a client application
needs to access Azure resources on behalf of a user, such as in a multi-tier application architecture.
In this authentication method, the client application creates a JSON Web Token (JWT) that includes information about
the service principal (such as its client ID and tenant ID) and signs it using a client secret. The client then
sends this token to
Azure Active Directory (Azure AD)
as proof of its identity. Azure AD verifies the token signature and checks that the service principal has
the necessary permissions to access the requested Azure resource. If the token is valid and the service principal is
authorized, Azure AD issues an access token that the client application can use to access the requested resource.
The ClientAssertionCredential
acquires an access token with a client client assertion for a
service principal/registered AAD application. The tenantId, clientId and clientAssertion of the service principal
are required for this credential to acquire an access token. It can be used both in Azure hosted and local
development environments for authentication.
Sample: Construct a simple ClientAssertionCredential
The following code sample demonstrates the creation of a ClientAssertionCredential
,
using the ClientAssertionCredentialBuilder
to configure it. The tenantId
,
clientId
and certificate
parameters are required to create
ClientAssertionCredential
. Once this credential is created, it may be passed into the
builder of many of the Azure SDK for Java client builders as the 'credential' parameter.
TokenCredential clientAssertionCredential = new ClientAssertionCredentialBuilder() .tenantId(tenantId) .clientId(clientId) .clientAssertion(() -> "<Client-Assertion>") .build();
Sample: Construct a ClientAssertionCredential behind a proxy
The following code sample demonstrates the creation of a ClientAssertionCredential
,
using the ClientAssertionCredentialBuilder
to configure it. The tenantId
,
clientId
and clientAssertion
parameters are required to create
ClientAssertionCredential
. THe proxyOptions
can be optionally configured to
target a proxy. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java
client builders as the 'credential' parameter.
TokenCredential assertionCredential = new ClientAssertionCredentialBuilder() .tenantId(tenantId) .clientId(clientId) .clientAssertion(() -> "<Client-Assertion>") .proxyOptions(new ProxyOptions(Type.HTTP, new InetSocketAddress("10.21.32.43", 5465))) .build();
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionbuild()
Creates a newClientAssertionCredential
with the current configurations.clientAssertion
(Supplier<String> clientAssertionSupplier) Sets the supplier containing the logic to supply the client assertion when invoked.tokenCachePersistenceOptions
(TokenCachePersistenceOptions tokenCachePersistenceOptions) Configures the persistent shared token cache options and enables the persistent token cache which is disabled by default.Methods inherited from class com.azure.identity.AadCredentialBuilderBase
additionallyAllowedTenants, additionallyAllowedTenants, authorityHost, clientId, disableInstanceDiscovery, executorService, tenantId
Methods inherited from class com.azure.identity.CredentialBuilderBase
addPolicy, clientOptions, configuration, enableAccountIdentifierLogging, httpClient, httpLogOptions, httpPipeline, maxRetry, pipeline, proxyOptions, retryOptions, retryPolicy, retryTimeout
-
Constructor Details
-
ClientAssertionCredentialBuilder
public ClientAssertionCredentialBuilder()
-
-
Method Details
-
clientAssertion
Sets the supplier containing the logic to supply the client assertion when invoked.- Parameters:
clientAssertionSupplier
- the supplier supplying client assertion.- Returns:
- An updated instance of this builder.
-
tokenCachePersistenceOptions
public ClientAssertionCredentialBuilder tokenCachePersistenceOptions(TokenCachePersistenceOptions tokenCachePersistenceOptions) Configures the persistent shared token cache options and enables the persistent token cache which is disabled by default. If configured, the credential will store tokens in a cache persisted to the machine, protected to the current user, which can be shared by other credentials and processes.- Parameters:
tokenCachePersistenceOptions
- the token cache configuration options- Returns:
- An updated instance of this builder with the token cache options configured.
-
build
Creates a newClientAssertionCredential
with the current configurations.- Returns:
- a
ClientAssertionCredential
with the current configurations. - Throws:
IllegalArgumentException
- if either of clientId, tenantId or clientAssertion is not present.
-