OnBehalfOfCredentialBuilder Class
- java.
lang. Object - com.
azure. identity. CredentialBuilderBase<T> - com.
azure. identity. AadCredentialBuilderBase<T> - com.
azure. identity. OnBehalfOfCredentialBuilder
- com.
- com.
- com.
public class OnBehalfOfCredentialBuilder
extends AadCredentialBuilderBase<OnBehalfOfCredentialBuilder>
Fluent credential builder for instantiating a OnBehalfOfCredential.
On Behalf of authentication in Azure is a way for a user or application to authenticate to a service or resource using credentials from another identity provider. This type of authentication is typically used when a user or application wants to access a resource in Azure, but their credentials are managed by a different identity provider, such as an on-premises Active Directory or a third-party identity provider. To use "On Behalf of" authentication in Azure, the user must first authenticate to the identity provider using their credentials. The identity provider then issues a security token that contains information about the user and their permissions. This security token is then passed to Azure, which uses it to authenticate the user or application and grant them access to the requested resource. The OnBehalfOfCredential acquires a token with a client secret/certificate and user assertion for a Microsoft Entra application on behalf of a user principal.
The following code sample demonstrates the creation of a OnBehalfOfCredential, using the OnBehalfOfCredentialBuilder to configure it. The tenantId
, clientId
and clientSecret
parameters are required to create OnBehalfOfCredential. The userAssertion
can be optionally specified on the OnBehalfOfCredentialBuilder. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.
TokenCredential onBehalfOfCredential = new OnBehalfOfCredentialBuilder().clientId("<app-client-ID>")
.clientSecret("<app-Client-Secret>")
.tenantId("<app-tenant-ID>")
.userAssertion("<user-assertion>")
.build();
Constructor Summary
Constructor | Description |
---|---|
OnBehalfOfCredentialBuilder() |
Constructs an instance of On |
Method Summary
Modifier and Type | Method and Description |
---|---|
On |
build()
Creates a new OnBehalfOfCredential with the current configurations. |
On |
clientAssertion(Supplier<String> clientAssertionSupplier)
Sets the supplier containing the logic to supply the client assertion when invoked. |
On |
clientCertificatePassword(String clientCertificatePassword)
Sets the password of the client certificate for authenticating to Microsoft Entra ID. |
On |
clientSecret(String clientSecret)
Sets the client secret for the authentication. |
On |
pemCertificate(String pemCertificatePath)
Sets the path of the PEM certificate for authenticating to Microsoft Entra ID. |
On |
pfxCertificate(String pfxCertificatePath)
Sets the path and password of the PFX certificate for authenticating to Microsoft Entra ID. |
On |
sendCertificateChain(boolean sendCertificateChain)
Specifies if the x5c claim (public key of the certificate) should be sent as part of the authentication request and enable subject name / issuer based authentication. |
On |
tokenCachePersistenceOptions(TokenCachePersistenceOptions tokenCachePersistenceOptions)
Configures the persistent shared token cache options and enables the persistent token cache which is disabled by default. |
On |
userAssertion(String userAssertion)
Configure the User Assertion Scope to be used for On |
Methods inherited from AadCredentialBuilderBase
Methods inherited from CredentialBuilderBase
Methods inherited from java.lang.Object
Constructor Details
OnBehalfOfCredentialBuilder
public OnBehalfOfCredentialBuilder()
Constructs an instance of OnBehalfOfCredentialBuilder.
Method Details
build
public OnBehalfOfCredential build()
Creates a new OnBehalfOfCredential with the current configurations.
Returns:
clientAssertion
public OnBehalfOfCredentialBuilder clientAssertion(Supplier
Sets the supplier containing the logic to supply the client assertion when invoked.
Parameters:
Returns:
clientCertificatePassword
public OnBehalfOfCredentialBuilder clientCertificatePassword(String clientCertificatePassword)
Sets the password of the client certificate for authenticating to Microsoft Entra ID.
Parameters:
Returns:
clientSecret
public OnBehalfOfCredentialBuilder clientSecret(String clientSecret)
Sets the client secret for the authentication.
Parameters:
Returns:
pemCertificate
public OnBehalfOfCredentialBuilder pemCertificate(String pemCertificatePath)
Sets the path of the PEM certificate for authenticating to Microsoft Entra ID.
Parameters:
Returns:
pfxCertificate
public OnBehalfOfCredentialBuilder pfxCertificate(String pfxCertificatePath)
Sets the path and password of the PFX certificate for authenticating to Microsoft Entra ID.
Parameters:
Returns:
sendCertificateChain
public OnBehalfOfCredentialBuilder sendCertificateChain(boolean sendCertificateChain)
Specifies if the x5c claim (public key of the certificate) should be sent as part of the authentication request and enable subject name / issuer based authentication. The default value is false.
Parameters:
Returns:
tokenCachePersistenceOptions
public OnBehalfOfCredentialBuilder tokenCachePersistenceOptions(TokenCachePersistenceOptions tokenCachePersistenceOptions)
Configures the persistent shared token cache options and enables the persistent token cache which is disabled by default. If configured, the credential will store tokens in a cache persisted to the machine, protected to the current user, which can be shared by other credentials and processes.
Parameters:
Returns:
userAssertion
public OnBehalfOfCredentialBuilder userAssertion(String userAssertion)
Configure the User Assertion Scope to be used for OnBehalfOf Authentication request.
Parameters:
Returns: