AzureCliCredential Class
Authenticates by requesting a token from the Azure CLI.
This requires previously logging in to Azure via "az login", and will use the CLI's currently logged in identity.
Constructor
AzureCliCredential(*, tenant_id: str = '', subscription: str | None = None, additionally_allowed_tenants: List[str] | None = None, process_timeout: int = 10)Keyword-Only Parameters
| Name | Description |
|---|---|
|
tenant_id
|
Optional tenant to include in the token request. |
|
subscription
|
The name or ID of a subscription. Set this to acquire tokens for an account other than the Azure CLI's current account. Default value: None
|
|
additionally_allowed_tenants
|
Specifies tenants in addition to the specified "tenant_id" for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application can access. Default value: None
|
|
process_timeout
|
Seconds to wait for the Azure CLI process to respond. Defaults to 10 seconds. Default value: 10
|
Examples
Create an AzureCliCredential.
from azure.identity.aio import AzureCliCredential
credential = AzureCliCredential()
Methods
| close |
Calling this method is unnecessary |
| get_token |
Request an access token for scopes. This method is called automatically by Azure SDK clients. Applications calling this method directly must also handle token caching because this credential doesn't cache the tokens it acquires. |
| get_token_info |
Request an access token for scopes. This is an alternative to get_token to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients. Applications calling this method directly must also handle token caching because this credential doesn't cache the tokens it acquires. |
close
Calling this method is unnecessary
async close() -> Noneget_token
Request an access token for scopes.
This method is called automatically by Azure SDK clients. Applications calling this method directly must also handle token caching because this credential doesn't cache the tokens it acquires.
async get_token(*scopes: str, claims: str | None = None, tenant_id: str | None = None, **kwargs: Any) -> AccessTokenParameters
| Name | Description |
|---|---|
|
scopes
Required
|
desired scope for the access token. This credential allows only one scope per request. For more information about scopes, see https://free.blessedness.top/entra/identity-platform/scopes-oidc. |
Keyword-Only Parameters
| Name | Description |
|---|---|
|
claims
|
additional claims required in the token. This credential does not support claims challenges. Default value: None
|
|
tenant_id
|
optional tenant to include in the token request. Default value: None
|
Returns
| Type | Description |
|---|---|
|
An access token with the desired scopes. |
Exceptions
| Type | Description |
|---|---|
|
the credential was either unable to invoke the Azure CLI or a claims challenge was provided. |
|
|
the credential invoked the Azure CLI but didn't receive an access token. |
get_token_info
Request an access token for scopes.
This is an alternative to get_token to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients. Applications calling this method directly must also handle token caching because this credential doesn't cache the tokens it acquires.
async get_token_info(*scopes: str, options: TokenRequestOptions | None = None) -> AccessTokenInfoParameters
| Name | Description |
|---|---|
|
scopes
Required
|
desired scopes for the access token. This credential allows only one scope per request. For more information about scopes, see https://free.blessedness.top/entra/identity-platform/scopes-oidc. |
Keyword-Only Parameters
| Name | Description |
|---|---|
|
options
|
A dictionary of options for the token request. Unknown options will be ignored. Optional. Default value: None
|
Returns
| Type | Description |
|---|---|
|
An AccessTokenInfo instance containing information about the token. |
Exceptions
| Type | Description |
|---|---|
|
the credential was either unable to invoke the Azure CLI or a claims challenge was provided. |
|
|
the credential invoked the Azure CLI but didn't receive an access token. |
