Skip to content

Commit

Permalink
[Identity] Added AzureDeveloperCli Credential to DefaultAzureCredenti…
Browse files Browse the repository at this point in the history
…al (#24826)

Fixes #24733

### Packages impacted by this PR
@azure/identity

### Issues associated with this PR


### Describe the problem that is addressed by this PR
- Added AzureDeveloperCli Credential to DefaultAzureCredential

### Checklists
- [x] Added impacted package name to the issue description
- [ ] Added a changelog (if necessary)

---------

Co-authored-by: Scott Addie <10702007+scottaddie@users.noreply.github.com>
  • Loading branch information
KarishmaGhiya and scottaddie authored Feb 10, 2023
1 parent cf4ab7a commit 04ad89a
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 7 deletions.
11 changes: 10 additions & 1 deletion sdk/identity/identity/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,14 @@ For advanced authentication workflows in the browser, we have a section where we

While we recommend using managed identity or service principal authentication in your production application, it is typical for a developer to use their own account for authenticating calls to Azure services when debugging and executing code locally. There are several developer tools which can be used to perform this authentication in your development environment.

#### Authenticate via the Azure Developer CLI

Developers coding outside of an IDE can also use the [Azure Developer CLI][azure_developer_cli] to authenticate. Applications using the `DefaultAzureCredential` or the `AzureDeveloperCliCredential` can then use this account to authenticate calls in their application when running locally.

To authenticate with the [Azure Developer CLI][azure_developer_cli], users can run the command `azd login`. For users running on a system with a default web browser, the Azure Developer CLI will launch the browser to authenticate the user.

For systems without a default web browser, the `azd login --use-device-code` command will use the device code authentication flow.

#### Authenticate via the Azure CLI

Applications using the `AzureCliCredential`, whether directly or via the `DefaultAzureCredential`, can use the Azure CLI account to authenticate calls in the application when running locally.
Expand Down Expand Up @@ -124,6 +132,7 @@ If used from Node.js, the `DefaultAzureCredential` will attempt to authenticate

1. **Environment** - The `DefaultAzureCredential` will read account information specified via [environment variables](#environment-variables) and use it to authenticate.
1. **Managed Identity** - If the application is deployed to an Azure host with Managed Identity enabled, the `DefaultAzureCredential` will authenticate with that account.
1. **Azure Developer CLI** - If the developer has authenticated an account via the Azure Developer CLI `azd login` command, the `DefaultAzureCredential` will authenticate with that account.
1. **Azure CLI** - If the developer has authenticated an account via the Azure CLI `az login` command, the `DefaultAzureCredential` will authenticate with that account.
1. **Azure PowerShell** - If the developer has authenticated using the Azure PowerShell module `Connect-AzAccount` command, the `DefaultAzureCredential` will authenticate with that account.

Expand Down Expand Up @@ -250,6 +259,7 @@ Not all credentials require this configuration. Credentials that authenticate th

| Credential | Usage | Example | Reference |
| ----------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------- |
| `AzureDeveloperCliCredential` | Authenticate in a development environment with the enabled user or service principal in Azure Developer CLI. | | [Azure Developer CLI Reference](https://learn.microsoft.com/azure/developer/azure-developer-cli/reference) |
| [`AzureCliCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/azureclicredential?view=azure-node-latest) | Authenticate in a development environment with the Azure CLI. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-with-azure-cli) | [Azure CLI authentication](https://learn.microsoft.com/cli/azure/authenticate-azure-cli) |
| [`AzurePowerShellCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/azurepowershellcredential?view=azure-node-latest) | Authenticate in a development environment using Azure PowerShell. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-with-azure-powershell) | [Azure PowerShell authentication](https://learn.microsoft.com/powershell/azure/authenticate-azureps) |
| [`VisualStudioCodeCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/visualstudiocodecredential?view=azure-node-latest) | Authenticates as the user signed in to the Visual Studio Code Azure Account extension.| | [VS Code Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account)
Expand Down Expand Up @@ -379,5 +389,4 @@ If you'd like to contribute to this library, please read the [contributing guide
[azureclilogindevicecode_image]: https://raw.githubusercontent.com/Azure/azure-sdk-for-js/main/sdk/identity/identity/images/AzureCliLoginDeviceCode.png
[azurepowershelllogin_image]: https://raw.githubusercontent.com/Azure/azure-sdk-for-js/main/sdk/identity/identity/images/AzurePowerShellLogin.png
[defaultauthflow_image]: https://raw.githubusercontent.com/Azure/azure-sdk-for-js/main/sdk/identity/identity/images/mermaidjs/DefaultAzureCredentialAuthFlow.svg

![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-js%2Fsdk%2Fidentity%2Fidentity%2FREADME.png)
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,11 @@
%% STEPS TO GENERATE IMAGE
%% =======================
%% 1. Install mermaid CLI (see https://github.com/mermaid-js/mermaid-cli/blob/master/README.md)
%% v8.14.0 is known good for our process. npm install -g @mermaid-js/mermaid-cli@8.14.0
%% 2. Run command: mmdc -i DefaultAzureCredentialAuthFlow.md -o DefaultAzureCredentialAuthFlow.svg
flowchart LR;
A(Environment):::deployed ==> B(Managed Identity):::deployed ==> D(Azure CLI):::developer ==> E(Azure PowerShell):::developer;
A(Environment):::deployed ==> B(Managed Identity):::deployed ==> C(Azure Developer CLI):::developer ==> D(Azure CLI):::developer ==> E(Azure PowerShell):::developer;
subgraph CREDENTIAL TYPES;
direction LR;
Expand All @@ -20,8 +21,8 @@ flowchart LR;
classDef developer fill:#F5AF6F, stroke:#EB7C39;
%% Add API ref links to credential type boxes
click A "https://docs.microsoft.com/javascript/api/@azure/identity/environmentcredential?view=azure-node-latest" _blank;
click B "https://docs.microsoft.com/javascript/api/@azure/identity/managedidentitycredential?view=azure-node-latest" _blank;
click D "https://docs.microsoft.com/javascript/api/@azure/identity/azureclicredential?view=azure-node-latest" _blank;
click E "https://docs.microsoft.com/javascript/api/@azure/identity/azurepowershellcredential?view=azure-node-latest" _blank;
click A "https://learn.microsoft.com/javascript/api/@azure/identity/environmentcredential?view=azure-node-latest" _blank;
click B "https://learn.microsoft.com/javascript/api/@azure/identity/managedidentitycredential?view=azure-node-latest" _blank;
click D "https://learn.microsoft.com/javascript/api/@azure/identity/azureclicredential?view=azure-node-latest" _blank;
click E "https://learn.microsoft.com/javascript/api/@azure/identity/azurepowershellcredential?view=azure-node-latest" _blank;
```
Loading

0 comments on commit 04ad89a

Please sign in to comment.