DeviceCodeCredentialOptions interface

Defines options for the InteractiveBrowserCredential class for Node.js.

Extends

Properties

clientId

Client ID of the Microsoft Entra application that users will sign into. It is recommended that developers register their applications and assign appropriate roles. For more information, visit https://aka.ms/identity/AppRegistrationAndRoleAssignment. If not specified, users will authenticate to an Azure development application, which is not recommended for production scenarios.

tenantId

The Microsoft Entra tenant (directory) ID.

userPromptCallback

A callback function that will be invoked to show DeviceCodeInfo to the user. If left unassigned, we will automatically log the device code information and the authentication instructions in the console.

Inherited Properties

additionallyAllowedTenants

For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.

additionalPolicies

Additional policies to include in the HTTP pipeline.

allowInsecureConnection

Set to true if the request is sent over HTTP instead of HTTPS

authenticationRecord

Result of a previous authentication that can be used to retrieve the cached credentials of each individual account. This is necessary to provide in case the application wants to work with more than one account per Client ID and Tenant ID pair.

This record can be retrieved by calling to the credential's authenticate() method, as follows:

const authenticationRecord = await credential.authenticate();
authorityHost

The authority host to use for authentication requests. Possible values are available through AzureAuthorityHosts. The default is "https://login.microsoftonline.com".

disableAutomaticAuthentication

Makes getToken throw if a manual authentication is necessary. Developers will need to call to authenticate() to control when to manually authenticate.

disableInstanceDiscovery

The field determines whether instance discovery is performed when attempting to authenticate. Setting this to true will completely disable both instance discovery and authority validation. As a result, it's crucial to ensure that the configured authority host is valid and trustworthy. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.

httpClient

The HttpClient that will be used to send HTTP requests.

loggingOptions

Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.

proxyOptions

Options to configure a proxy for outgoing requests.

redirectOptions

Options for how redirect responses are handled.

retryOptions

Options that control how to retry failed requests.

telemetryOptions

Options for setting common telemetry and tracing info to outgoing requests.

tlsOptions

Options for configuring TLS authentication

tokenCachePersistenceOptions

Options to provide to the persistence layer (if one is available) when storing credentials.

You must first register a persistence provider plugin. See the @azure/identity-cache-persistence package on NPM.

Example:

import { useIdentityPlugin, DeviceCodeCredential } from "@azure/identity";

useIdentityPlugin(cachePersistencePlugin);
const credential = new DeviceCodeCredential({
  tokenCachePersistenceOptions: {
    enabled: true,
  },
});
userAgentOptions

Options for adding user agent details to outgoing requests.

Property Details

clientId

Client ID of the Microsoft Entra application that users will sign into. It is recommended that developers register their applications and assign appropriate roles. For more information, visit https://aka.ms/identity/AppRegistrationAndRoleAssignment. If not specified, users will authenticate to an Azure development application, which is not recommended for production scenarios.

clientId?: string

Property Value

string

tenantId

The Microsoft Entra tenant (directory) ID.

tenantId?: string

Property Value

string

userPromptCallback

A callback function that will be invoked to show DeviceCodeInfo to the user. If left unassigned, we will automatically log the device code information and the authentication instructions in the console.

userPromptCallback?: DeviceCodePromptCallback

Property Value

Inherited Property Details

additionallyAllowedTenants

For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.

additionallyAllowedTenants?: string[]

Property Value

string[]

Inherited From InteractiveCredentialOptions.additionallyAllowedTenants

additionalPolicies

Additional policies to include in the HTTP pipeline.

additionalPolicies?: AdditionalPolicyConfig[]

Property Value

Inherited From InteractiveCredentialOptions.additionalPolicies

allowInsecureConnection

Set to true if the request is sent over HTTP instead of HTTPS

allowInsecureConnection?: boolean

Property Value

boolean

Inherited From InteractiveCredentialOptions.allowInsecureConnection

authenticationRecord

Result of a previous authentication that can be used to retrieve the cached credentials of each individual account. This is necessary to provide in case the application wants to work with more than one account per Client ID and Tenant ID pair.

This record can be retrieved by calling to the credential's authenticate() method, as follows:

const authenticationRecord = await credential.authenticate();
authenticationRecord?: AuthenticationRecord

Property Value

Inherited From InteractiveCredentialOptions.authenticationRecord

authorityHost

The authority host to use for authentication requests. Possible values are available through AzureAuthorityHosts. The default is "https://login.microsoftonline.com".

authorityHost?: string

Property Value

string

Inherited From InteractiveCredentialOptions.authorityHost

disableAutomaticAuthentication

Makes getToken throw if a manual authentication is necessary. Developers will need to call to authenticate() to control when to manually authenticate.

disableAutomaticAuthentication?: boolean

Property Value

boolean

Inherited From InteractiveCredentialOptions.disableAutomaticAuthentication

disableInstanceDiscovery

The field determines whether instance discovery is performed when attempting to authenticate. Setting this to true will completely disable both instance discovery and authority validation. As a result, it's crucial to ensure that the configured authority host is valid and trustworthy. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.

disableInstanceDiscovery?: boolean

Property Value

boolean

Inherited From InteractiveCredentialOptions.disableInstanceDiscovery

httpClient

The HttpClient that will be used to send HTTP requests.

httpClient?: HttpClient

Property Value

Inherited From InteractiveCredentialOptions.httpClient

loggingOptions

Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.

loggingOptions?: LogPolicyOptions & { allowLoggingAccountIdentifiers?: boolean, enableUnsafeSupportLogging?: boolean }

Property Value

LogPolicyOptions & { allowLoggingAccountIdentifiers?: boolean, enableUnsafeSupportLogging?: boolean }

Inherited From InteractiveCredentialOptions.loggingOptions

proxyOptions

Options to configure a proxy for outgoing requests.

proxyOptions?: ProxySettings

Property Value

Inherited From InteractiveCredentialOptions.proxyOptions

redirectOptions

Options for how redirect responses are handled.

redirectOptions?: RedirectPolicyOptions

Property Value

Inherited From InteractiveCredentialOptions.redirectOptions

retryOptions

Options that control how to retry failed requests.

retryOptions?: PipelineRetryOptions

Property Value

Inherited From InteractiveCredentialOptions.retryOptions

telemetryOptions

Options for setting common telemetry and tracing info to outgoing requests.

telemetryOptions?: TelemetryOptions

Property Value

Inherited From InteractiveCredentialOptions.telemetryOptions

tlsOptions

Options for configuring TLS authentication

tlsOptions?: TlsSettings

Property Value

Inherited From InteractiveCredentialOptions.tlsOptions

tokenCachePersistenceOptions

Options to provide to the persistence layer (if one is available) when storing credentials.

You must first register a persistence provider plugin. See the @azure/identity-cache-persistence package on NPM.

Example:

import { useIdentityPlugin, DeviceCodeCredential } from "@azure/identity";

useIdentityPlugin(cachePersistencePlugin);
const credential = new DeviceCodeCredential({
  tokenCachePersistenceOptions: {
    enabled: true,
  },
});
tokenCachePersistenceOptions?: TokenCachePersistenceOptions

Property Value

Inherited From CredentialPersistenceOptions.tokenCachePersistenceOptions

userAgentOptions

Options for adding user agent details to outgoing requests.

userAgentOptions?: UserAgentPolicyOptions

Property Value

Inherited From InteractiveCredentialOptions.userAgentOptions