ManagedIdentityCredential Class
Authenticates with an Azure managed identity in any hosting environment which supports managed identities.
This credential defaults to using a system-assigned identity. To configure a user-assigned identity, use one of the keyword arguments. See Microsoft Entra ID documentation for more information about configuring managed identity for applications.
- Inheritance
-
builtins.objectManagedIdentityCredential
Constructor
ManagedIdentityCredential(*, client_id: str | None = None, identity_config: Mapping[str, str] | None = None, **kwargs: Any)
Keyword-Only Parameters
Name | Description |
---|---|
client_id
|
a user-assigned identity's client ID or, when using Pod Identity, the client ID of a Microsoft Entra app registration. This argument is supported in all hosting environments. |
identity_config
|
a mapping |
Examples
Create a ManagedIdentityCredential.
from azure.identity import ManagedIdentityCredential
credential = ManagedIdentityCredential()
# Can also specify a client ID of a user-assigned managed identity
credential = ManagedIdentityCredential(
client_id="<client_id>",
)
Methods
close |
Close the credential's transport session. |
get_token |
Request an access token for scopes. This method is called automatically by Azure SDK clients. |
get_token_info |
Request an access token for scopes. This is an alternative to get_token to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients. |
close
Close the credential's transport session.
close() -> None
get_token
Request an access token for scopes.
This method is called automatically by Azure SDK clients.
get_token(*scopes: str, claims: str | None = None, tenant_id: str | None = None, **kwargs: Any) -> AccessToken
Parameters
Name | Description |
---|---|
scopes
Required
|
desired scope for the access token. This credential allows only one scope per request. For more information about scopes, see https://zcusa.951200.xyz/entra/identity-platform/scopes-oidc. |
Keyword-Only Parameters
Name | Description |
---|---|
claims
|
not used by this credential; any value provided will be ignored. |
tenant_id
|
not used by this credential; any value provided will be ignored. |
Returns
Type | Description |
---|---|
An access token with the desired scopes. |
Exceptions
Type | Description |
---|---|
managed identity isn't available in the hosting environment |
get_token_info
Request an access token for scopes.
This is an alternative to get_token to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients.
get_token_info(*scopes: str, options: TokenRequestOptions | None = None) -> AccessTokenInfo
Parameters
Name | Description |
---|---|
scopes
Required
|
desired scope for the access token. This credential allows only one scope per request. For more information about scopes, see https://zcusa.951200.xyz/entra/identity-platform/scopes-oidc. |
Keyword-Only Parameters
Name | Description |
---|---|
options
|
A dictionary of options for the token request. Unknown options will be ignored. Optional. |
Returns
Type | Description |
---|---|
<xref:AccessTokenInfo>
|
An AccessTokenInfo instance containing information about the token. |
Exceptions
Type | Description |
---|---|
managed identity isn't available in the hosting environment. |
Azure SDK for Python