ManagedIdentityCredential Class

Authenticates with an Azure managed identity in any hosting environment which supports managed identities.

This credential defaults to using a system-assigned identity. To configure a user-assigned identity, use one of the keyword arguments. See Microsoft Entra ID documentation for more information about configuring managed identity for applications.

Inheritance
builtins.object
ManagedIdentityCredential

Constructor

ManagedIdentityCredential(*, client_id: str | None = None, identity_config: Mapping[str, str] | None = None, **kwargs: Any)

Keyword-Only Parameters

Name Description
client_id
str

a user-assigned identity's client ID or, when using Pod Identity, the client ID of a Microsoft Entra app registration. This argument is supported in all hosting environments.

identity_config

a mapping {parameter_name: value} specifying a user-assigned identity by its object or resource ID, for example {"object_id": "..."}. Check the documentation for your hosting environment to learn what values it expects.

Examples

Create a ManagedIdentityCredential.


   from azure.identity import ManagedIdentityCredential

   credential = ManagedIdentityCredential()

   # Can also specify a client ID of a user-assigned managed identity
   credential = ManagedIdentityCredential(
       client_id="<client_id>",
   )

Methods

close

Close the credential's transport session.

get_token

Request an access token for scopes.

This method is called automatically by Azure SDK clients.

get_token_info

Request an access token for scopes.

This is an alternative to get_token to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients.

close

Close the credential's transport session.

close() -> None

get_token

Request an access token for scopes.

This method is called automatically by Azure SDK clients.

get_token(*scopes: str, claims: str | None = None, tenant_id: str | None = None, **kwargs: Any) -> AccessToken

Parameters

Name Description
scopes
Required
str

desired scope for the access token. This credential allows only one scope per request. For more information about scopes, see https://zcusa.951200.xyz/entra/identity-platform/scopes-oidc.

Keyword-Only Parameters

Name Description
claims
str

not used by this credential; any value provided will be ignored.

tenant_id
str

not used by this credential; any value provided will be ignored.

Returns

Type Description

An access token with the desired scopes.

Exceptions

Type Description

managed identity isn't available in the hosting environment

get_token_info

Request an access token for scopes.

This is an alternative to get_token to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients.

get_token_info(*scopes: str, options: TokenRequestOptions | None = None) -> AccessTokenInfo

Parameters

Name Description
scopes
Required
str

desired scope for the access token. This credential allows only one scope per request. For more information about scopes, see https://zcusa.951200.xyz/entra/identity-platform/scopes-oidc.

Keyword-Only Parameters

Name Description
options

A dictionary of options for the token request. Unknown options will be ignored. Optional.

Returns

Type Description
<xref:AccessTokenInfo>

An AccessTokenInfo instance containing information about the token.

Exceptions

Type Description

managed identity isn't available in the hosting environment.