ChainedTokenCredential Class
A sequence of credentials that is itself a credential.
Its get_token method calls get_token on each credential in the sequence, in order, returning the first
valid token received. For more information, see
https://aka.ms/azsdk/python/identity/credential-chains#chainedtokencredential-overview.
- Inheritance
-
azure.identity.aio._internal.AsyncContextManagerChainedTokenCredential
Constructor
ChainedTokenCredential(*credentials: AsyncTokenCredential | AsyncSupportsTokenInfo)Parameters
| Name | Description |
|---|---|
|
credentials
Required
|
<xref:azure.core.credentials.AsyncTokenCredential>
credential instances to form the chain |
Examples
Create a ChainedTokenCredential.
from azure.identity.aio import ChainedTokenCredential, EnvironmentCredential, AzureCliCredential
credential_chain = (
# Try EnvironmentCredential first
EnvironmentCredential(),
# Fallback to Azure CLI if EnvironmentCredential fails
AzureCliCredential(),
)
credential = ChainedTokenCredential(*credential_chain)
Methods
| close |
Close the transport sessions of all credentials in the chain. |
| get_token |
Asynchronously request a token from each credential, in order, returning the first token received. If no credential provides a token, raises ClientAuthenticationError with an error message from each credential. This method is called automatically by Azure SDK clients. |
| get_token_info |
Request a token from each chained credential, in order, returning the first token received. If no credential provides a token, raises ClientAuthenticationError with an error message from each credential. This is an alternative to get_token to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients. |
close
Close the transport sessions of all credentials in the chain.
async close() -> Noneget_token
Asynchronously request a token from each credential, in order, returning the first token received.
If no credential provides a token, raises ClientAuthenticationError with an error message from each credential.
This method is called automatically by Azure SDK clients.
async get_token(*scopes: str, claims: str | None = None, tenant_id: str | None = None, enable_cae: bool = False, **kwargs: Any) -> AccessTokenParameters
| Name | Description |
|---|---|
|
scopes
Required
|
desired scopes for the access token. This method requires at least one scope. For more information about scopes, see https://learn.microsoft.com/entra/identity-platform/scopes-oidc. |
Keyword-Only Parameters
| Name | Description |
|---|---|
|
claims
|
additional claims required in the token, such as those returned in a resource provider's claims challenge following an authorization failure. |
|
tenant_id
|
optional tenant to include in the token request. |
|
enable_cae
|
indicates whether to enable Continuous Access Evaluation (CAE) for the requested token. Defaults to False. |
Returns
| Type | Description |
|---|---|
|
An access token with the desired scopes. |
Exceptions
| Type | Description |
|---|---|
|
no credential in the chain provided a token |
get_token_info
Request a token from each chained credential, in order, returning the first token received.
If no credential provides a token, raises ClientAuthenticationError with an error message from each credential.
This is an alternative to get_token to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients.
async get_token_info(*scopes: str, options: TokenRequestOptions | None = None) -> AccessTokenInfoParameters
| Name | Description |
|---|---|
|
scopes
Required
|
desired scopes for the access token. This method requires at least one scope. For more information about scopes, see https://learn.microsoft.com/entra/identity-platform/scopes-oidc. |
Keyword-Only Parameters
| Name | Description |
|---|---|
|
options
|
A dictionary of options for the token request. Unknown options will be ignored. Optional. |
Returns
| Type | Description |
|---|---|
|
<xref:AccessTokenInfo>
|
An AccessTokenInfo instance containing information about the token. |
Exceptions
| Type | Description |
|---|---|
|
no credential in the chain provided a token. |
Azure SDK for Python