Package com.azure.identity

Class OnBehalfOfCredentialBuilder

java.lang.Object
com.azure.identity.CredentialBuilderBase<T>
com.azure.identity.AadCredentialBuilderBase<OnBehalfOfCredentialBuilder>
com.azure.identity.OnBehalfOfCredentialBuilder
All Implemented Interfaces:
com.azure.core.client.traits.HttpTrait<OnBehalfOfCredentialBuilder>
public class OnBehalfOfCredentialBuilder extends AadCredentialBuilderBase<OnBehalfOfCredentialBuilder>
Fluent credential builder for instantiating a OnBehalfOfCredential.

On Behalf of authentication in Azure is a way for a user or application to authenticate to a service or resource using credentials from another identity provider. This type of authentication is typically used when a user or application wants to access a resource in Azure, but their credentials are managed by a different identity provider, such as an on-premises Active Directory or a third-party identity provider. To use "On Behalf of" authentication in Azure, the user must first authenticate to the identity provider using their credentials. The identity provider then issues a security token that contains information about the user and their permissions. This security token is then passed to Azure, which uses it to authenticate the user or application and grant them access to the requested resource. The OnBehalfOfCredential acquires a token with a client secret/certificate and user assertion for an AAD application on behalf of a user principal.

The following code sample demonstrates the creation of a OnBehalfOfCredential, using the OnBehalfOfCredentialBuilder to configure it. The tenantId, clientId and clientSecret parameters are required to create OnBehalfOfCredential. The userAssertion can be optionally specified on the OnBehalfOfCredentialBuilder. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

 TokenCredential onBehalfOfCredential = new OnBehalfOfCredentialBuilder()
     .clientId("<app-client-ID>")
     .clientSecret("<app-Client-Secret>")
     .userAssertion("<user-assertion>")
     .build();
See Also:

  • Constructor Details

    • OnBehalfOfCredentialBuilder

      public OnBehalfOfCredentialBuilder()

  • Method Details

    • clientSecret

      public OnBehalfOfCredentialBuilder clientSecret(String clientSecret)
      Sets the client secret for the authentication.
      Parameters:
      clientSecret - the secret value of the AAD application.
      Returns:
      An updated instance of this builder.

    • tokenCachePersistenceOptions

      public OnBehalfOfCredentialBuilder tokenCachePersistenceOptions(TokenCachePersistenceOptions tokenCachePersistenceOptions)
      Configures the persistent shared token cache options and enables the persistent token cache which is disabled by default. If configured, the credential will store tokens in a cache persisted to the machine, protected to the current user, which can be shared by other credentials and processes.
      Parameters:
      tokenCachePersistenceOptions - the token cache configuration options
      Returns:
      An updated instance of this builder with the token cache options configured.

    • pemCertificate

      public OnBehalfOfCredentialBuilder pemCertificate(String pemCertificatePath)
      Sets the path of the PEM certificate for authenticating to AAD.
      Parameters:
      pemCertificatePath - the PEM file containing the certificate
      Returns:
      An updated instance of this builder.

    • pfxCertificate

      public OnBehalfOfCredentialBuilder pfxCertificate(String pfxCertificatePath)
      Sets the path and password of the PFX certificate for authenticating to AAD.
      Parameters:
      pfxCertificatePath - the password protected PFX file containing the certificate
      Returns:
      An updated instance of this builder.

    • clientCertificatePassword

      public OnBehalfOfCredentialBuilder clientCertificatePassword(String clientCertificatePassword)
      Sets the password of the client certificate for authenticating to AAD.
      Parameters:
      clientCertificatePassword - the password protecting the certificate
      Returns:
      An updated instance of this builder.

    • sendCertificateChain

      public OnBehalfOfCredentialBuilder sendCertificateChain(boolean sendCertificateChain)
      Specifies if the x5c claim (public key of the certificate) should be sent as part of the authentication request and enable subject name / issuer based authentication. The default value is false.
      Parameters:
      sendCertificateChain - the flag to indicate if certificate chain should be sent as part of authentication request.
      Returns:
      An updated instance of this builder.

    • userAssertion

      public OnBehalfOfCredentialBuilder userAssertion(String userAssertion)
      Configure the User Assertion Scope to be used for OnBehalfOf Authentication request.
      Parameters:
      userAssertion - the user assertion access token to be used for On behalf Of authentication flow
      Returns:
      An updated instance of this builder with the user assertion scope configured.

    • build

      public OnBehalfOfCredential build()
      Creates a new OnBehalfOfCredential with the current configurations.
      Returns:
      a OnBehalfOfCredential with the current configurations.
      Throws:
      IllegalArgumentException - if eiter both the client secret and certificate are configured or none of them are configured.