AuthorizationCodeCredential Class
Authenticates by redeeming an authorization code previously obtained from Microsoft Entra ID.
See Microsoft Entra ID documentation for more information about the authentication flow.
- Inheritance
-
azure.identity.aio._internal.AsyncContextManagerAuthorizationCodeCredentialazure.identity.aio._internal.get_token_mixin.GetTokenMixinAuthorizationCodeCredential
Constructor
AuthorizationCodeCredential(tenant_id: str, client_id: str, authorization_code: str, redirect_uri: str, *, client_secret: str | None = None, **kwargs: Any)
Parameters
Name | Description |
---|---|
tenant_id
Required
|
ID of the application's Microsoft Entra tenant. Also called its "directory" ID. |
client_id
Required
|
The application's client ID |
authorization_code
Required
|
The authorization code from the user's log-in |
redirect_uri
Required
|
The application's redirect URI. Must match the URI used to request the authorization code. |
Keyword-Only Parameters
Name | Description |
---|---|
authority
|
Authority of a Microsoft Entra endpoint, for example "login.microsoftonline.com", the authority for Azure Public Cloud (which is the default). AzureAuthorityHosts defines authorities for other clouds. |
client_secret
|
One of the application's client secrets. Required only for web apps and web APIs. |
additionally_allowed_tenants
|
Specifies tenants in addition to the specified "tenant_id" for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application can access. |
Examples
Create an AuthorizationCodeCredential.
from azure.identity.aio import AuthorizationCodeCredential
credential = AuthorizationCodeCredential(
tenant_id="<tenant_id>",
client_id="<client_id>",
authorization_code="<auth_code>",
redirect_uri="<redirect_uri>",
)
Methods
close |
Close the credential's transport session. |
get_token |
Request an access token for scopes. This method is called automatically by Azure SDK clients. The first time this method is called, the credential will redeem its authorization code. On subsequent calls the credential will return a cached access token or redeem a refresh token, if it acquired a refresh token upon redeeming the authorization code. |
get_token_info |
Request an access token for scopes. This is an alternative to get_token to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients. The first time this method is called, the credential will redeem its authorization code. On subsequent calls the credential will return a cached access token or redeem a refresh token, if it acquired a refresh token upon redeeming the authorization code. |
close
Close the credential's transport session.
async close() -> None
get_token
Request an access token for scopes.
This method is called automatically by Azure SDK clients.
The first time this method is called, the credential will redeem its authorization code. On subsequent calls the credential will return a cached access token or redeem a refresh token, if it acquired a refresh token upon redeeming the authorization code.
async get_token(*scopes: str, claims: str | None = None, tenant_id: str | None = None, **kwargs: Any) -> AccessToken
Parameters
Name | Description |
---|---|
scopes
Required
|
desired scopes for the access token. This method requires at least one scope. For more information about scopes, see https://learn.microsoft.com/entra/identity-platform/scopes-oidc. |
Keyword-Only Parameters
Name | Description |
---|---|
claims
|
additional claims required in the token, such as those returned in a resource provider's claims challenge following an authorization failure. |
tenant_id
|
optional tenant to include in the token request. |
Returns
Type | Description |
---|---|
An access token with the desired scopes. |
Exceptions
Type | Description |
---|---|
authentication failed. The error's |
get_token_info
Request an access token for scopes.
This is an alternative to get_token to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients.
The first time this method is called, the credential will redeem its authorization code. On subsequent calls the credential will return a cached access token or redeem a refresh token, if it acquired a refresh token upon redeeming the authorization code.
async get_token_info(*scopes: str, options: TokenRequestOptions | None = None) -> AccessTokenInfo
Parameters
Name | Description |
---|---|
scopes
Required
|
desired scopes for the access token. This method requires at least one scope. For more information about scopes, see https://learn.microsoft.com/entra/identity-platform/scopes-oidc. |
Keyword-Only Parameters
Name | Description |
---|---|
options
|
A dictionary of options for the token request. Unknown options will be ignored. Optional. |
Returns
Type | Description |
---|---|
<xref:AccessTokenInfo>
|
An AccessTokenInfo instance containing information about the token. |
Exceptions
Type | Description |
---|---|
authentication failed. The error's |
Azure SDK for Python