你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

ClientSecretCredential Class

Authenticates as a service principal using a client secret.

Constructor

ClientSecretCredential(tenant_id: str, client_id: str, client_secret: str, **kwargs: Any)

Parameters

Name Description
tenant_id
Required
str

ID of the service principal's tenant. Also called its 'directory' ID.

client_id
Required
str

The service principal's client ID

client_secret
Required
str

One of the service principal's client secrets

Keyword-Only Parameters

Name Description
authority
str

Authority of a Microsoft Entra endpoint, for example 'login.microsoftonline.com', the authority for Azure Public Cloud (which is the default). AzureAuthorityHosts defines authorities for other clouds.

cache_persistence_options

Configuration for persistent token caching. If unspecified, the credential will cache tokens in memory.

additionally_allowed_tenants

Specifies tenants in addition to the specified "tenant_id" for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application can access.

Examples

Create a ClientSecretCredential.


   from azure.identity.aio import ClientSecretCredential

   credential = ClientSecretCredential(
       tenant_id="<tenant_id>",
       client_id="<client_id>",
       client_secret="<client_secret>",
   )

Methods

close

Close the credential's transport session.

get_token

Request an access token for scopes.

This method is called automatically by Azure SDK clients.

get_token_info

Request an access token for scopes.

This is an alternative to get_token to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients.

close

Close the credential's transport session.

async close() -> None

get_token

Request an access token for scopes.

This method is called automatically by Azure SDK clients.

async get_token(*scopes: str, claims: str | None = None, tenant_id: str | None = None, enable_cae: bool = False, **kwargs: Any) -> AccessToken

Parameters

Name Description
scopes
Required
str

desired scopes for the access token. This method requires at least one scope. For more information about scopes, see https://free.blessedness.top/entra/identity-platform/scopes-oidc.

Keyword-Only Parameters

Name Description
claims
str

additional claims required in the token, such as those returned in a resource provider's claims challenge following an authorization failure.

Default value: None
tenant_id
str

optional tenant to include in the token request.

Default value: None
enable_cae

indicates whether to enable Continuous Access Evaluation (CAE) for the requested token. Defaults to False.

Default value: False

Returns

Type Description

An access token with the desired scopes.

Exceptions

Type Description

the credential is unable to attempt authentication because it lacks required data, state, or platform support

authentication failed. The error's message attribute gives a reason.

get_token_info

Request an access token for scopes.

This is an alternative to get_token to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients.

async get_token_info(*scopes: str, options: TokenRequestOptions | None = None) -> AccessTokenInfo

Parameters

Name Description
scopes
Required
str

desired scopes for the access token. This method requires at least one scope. For more information about scopes, see https://free.blessedness.top/entra/identity-platform/scopes-oidc.

Keyword-Only Parameters

Name Description
options

A dictionary of options for the token request. Unknown options will be ignored. Optional.

Default value: None

Returns

Type Description

An AccessTokenInfo instance containing information about the token.

Exceptions

Type Description

the credential is unable to attempt authentication because it lacks required data, state, or platform support

authentication failed. The error's message attribute gives a reason.