DeviceCodeCredential class

Enables authentication to Microsoft Entra ID using a device code that the user can enter into https://microsoft.com/devicelogin.

Constructors

DeviceCodeCredential(DeviceCodeCredentialOptions)

Creates an instance of DeviceCodeCredential with the details needed to initiate the device code authorization flow with Microsoft Entra ID.

A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin

Developers can configure how this message is shown by passing a custom userPromptCallback:

import { DeviceCodeCredential } from "@azure/identity";

const credential = new DeviceCodeCredential({
  tenantId: process.env.AZURE_TENANT_ID,
  clientId: process.env.AZURE_CLIENT_ID,
  userPromptCallback: (info) => {
    console.log("CUSTOMIZED PROMPT CALLBACK", info.message);
  },
});

Methods

authenticate(string | string[], GetTokenOptions)

Authenticates with Microsoft Entra ID and returns an access token if successful. If authentication fails, a CredentialUnavailableError will be thrown with the details of the failure.

If the token can't be retrieved silently, this method will always generate a challenge for the user.

getToken(string | string[], GetTokenOptions)

Authenticates with Microsoft Entra ID and returns an access token if successful. If authentication fails, a CredentialUnavailableError will be thrown with the details of the failure.

If the user provided the option disableAutomaticAuthentication, once the token can't be retrieved silently, this method won't attempt to request user interaction to retrieve the token.

Constructor Details

DeviceCodeCredential(DeviceCodeCredentialOptions)

Creates an instance of DeviceCodeCredential with the details needed to initiate the device code authorization flow with Microsoft Entra ID.

A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin

Developers can configure how this message is shown by passing a custom userPromptCallback:

import { DeviceCodeCredential } from "@azure/identity";

const credential = new DeviceCodeCredential({
  tenantId: process.env.AZURE_TENANT_ID,
  clientId: process.env.AZURE_CLIENT_ID,
  userPromptCallback: (info) => {
    console.log("CUSTOMIZED PROMPT CALLBACK", info.message);
  },
});
new DeviceCodeCredential(options?: DeviceCodeCredentialOptions)

Parameters

options
DeviceCodeCredentialOptions

Options for configuring the client which makes the authentication requests.

Method Details

authenticate(string | string[], GetTokenOptions)

Authenticates with Microsoft Entra ID and returns an access token if successful. If authentication fails, a CredentialUnavailableError will be thrown with the details of the failure.

If the token can't be retrieved silently, this method will always generate a challenge for the user.

function authenticate(scopes: string | string[], options?: GetTokenOptions): Promise<undefined | AuthenticationRecord>

Parameters

scopes

string | string[]

The list of scopes for which the token will have access.

options
GetTokenOptions

The options used to configure any requests this TokenCredential implementation might make.

Returns

Promise<undefined | AuthenticationRecord>

getToken(string | string[], GetTokenOptions)

Authenticates with Microsoft Entra ID and returns an access token if successful. If authentication fails, a CredentialUnavailableError will be thrown with the details of the failure.

If the user provided the option disableAutomaticAuthentication, once the token can't be retrieved silently, this method won't attempt to request user interaction to retrieve the token.

function getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>

Parameters

scopes

string | string[]

The list of scopes for which the token will have access.

options
GetTokenOptions

The options used to configure any requests this TokenCredential implementation might make.

Returns

Promise<AccessToken>