Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
OnBehalfOfCredential class
- Package:
- @azure/identity
Enables authentication to Microsoft Entra ID using the On Behalf Of flow.
Constructors
| OnBehalfOfCredential(OnBehalfOfCredentialAssertionOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions) | Creates an instance of the OnBehalfOfCredential with the details
needed to authenticate against Microsoft Entra ID with a client Example using the |
| OnBehalfOfCredential(OnBehalfOfCredentialCertificateOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions) | Creates an instance of the OnBehalfOfCredential with the details needed to authenticate against Microsoft Entra ID with path to a PEM certificate, and an user assertion. Example using the |
| OnBehalfOfCredential(OnBehalfOfCredentialSecretOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions) | Creates an instance of the OnBehalfOfCredential with the details needed to authenticate against Microsoft Entra ID with a client secret and an user assertion. Example using the |
Methods
| getToken(string | string[], GetTokenOptions) | Authenticates with Microsoft Entra ID and returns an access token if successful. If authentication fails, a CredentialUnavailableError will be thrown with the details of the failure. |
Constructor Details
OnBehalfOfCredential(OnBehalfOfCredentialAssertionOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions)
Creates an instance of the OnBehalfOfCredential with the details
needed to authenticate against Microsoft Entra ID with a client getAssertion
and an user assertion.
Example using the KeyClient from @azure/keyvault-keys:
import { OnBehalfOfCredential } from "@azure/identity";
import { KeyClient } from "@azure/keyvault-keys";
const tokenCredential = new OnBehalfOfCredential({
tenantId: "tenant-id",
clientId: "client-id",
getAssertion: () => {
return Promise.resolve("my-jwt");
},
userAssertionToken: "access-token",
});
const client = new KeyClient("vault-url", tokenCredential);
await client.getKey("key-name");
new OnBehalfOfCredential(options: OnBehalfOfCredentialAssertionOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions)Parameters
- options
-
OnBehalfOfCredentialAssertionOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions
Optional parameters, generally common across credentials.
OnBehalfOfCredential(OnBehalfOfCredentialCertificateOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions)
Creates an instance of the OnBehalfOfCredential with the details needed to authenticate against Microsoft Entra ID with path to a PEM certificate, and an user assertion.
Example using the KeyClient from @azure/keyvault-keys:
import { OnBehalfOfCredential } from "@azure/identity";
import { KeyClient } from "@azure/keyvault-keys";
const tokenCredential = new OnBehalfOfCredential({
tenantId: "tenant-id",
clientId: "client-id",
certificatePath: "/path/to/certificate.pem",
userAssertionToken: "access-token",
});
const client = new KeyClient("vault-url", tokenCredential);
await client.getKey("key-name");
new OnBehalfOfCredential(options: OnBehalfOfCredentialCertificateOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions)Parameters
- options
-
OnBehalfOfCredentialCertificateOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions
Optional parameters, generally common across credentials.
OnBehalfOfCredential(OnBehalfOfCredentialSecretOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions)
Creates an instance of the OnBehalfOfCredential with the details needed to authenticate against Microsoft Entra ID with a client secret and an user assertion.
Example using the KeyClient from @azure/keyvault-keys:
import { OnBehalfOfCredential } from "@azure/identity";
import { KeyClient } from "@azure/keyvault-keys";
const tokenCredential = new OnBehalfOfCredential({
tenantId: "tenant-id",
clientId: "client-id",
clientSecret: "client-secret",
userAssertionToken: "access-token",
});
const client = new KeyClient("vault-url", tokenCredential);
await client.getKey("key-name");
new OnBehalfOfCredential(options: OnBehalfOfCredentialSecretOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions)Parameters
- options
-
OnBehalfOfCredentialSecretOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions
Optional parameters, generally common across credentials.
Method Details
getToken(string | string[], GetTokenOptions)
Authenticates with Microsoft Entra ID and returns an access token if successful. If authentication fails, a CredentialUnavailableError will be thrown with the details of the failure.
function getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>Parameters
- scopes
-
string | string[]
The list of scopes for which the token will have access.
- options
- GetTokenOptions
The options used to configure the underlying network requests.
Returns
Promise<AccessToken>