- Added the read only property
ClientId
toAuthenticationRecord
. - Added the property
AllowUnencryptedCache
to the option classesClientCertificateCredentialOptions
,ClientSecretCredentialOptions
,DeviceCodeCredentialOptions
,InteractiveBrowserCredentialOptions
andSharedTokenCacheCredentialOptions
which when set to true allows the credential to fall back to storing tokens in an unencrypted file if no OS level user encryption is available whenEnablePersistentCache
is set to true. - Added the property
AuthenticationRecord
to the option classSharedTokenCacheCredentialOptions
to support silent authentication for accounts previously authenticated with an interactive credential. - Added option class
UsernamePasswordCredentialOptions
which supports the optionsEnablePersistentCache
andAllowUnencryptedCache
.
- Rename type
KnownAuthorityHosts
toAzureAuthorityHosts
- Rename property
AzureChinaCloud
toAzureChina
- Rename property
AzureGermanCloud
toAzureGermany
- Rename property
AzureUSGovernment
toAzureGovernment
- Rename property
AzureCloud
toAzurePublicCloud
- Rename property
- Added options classes
ClientCertificateCredentialOptions
andClientSecretCredentialOptions
which support the following new optionEnablePersistentCache
configures these credentials to use a persistent cache shared between credentials which set this option. By default the cache is per credential and in memory only.
- Makes
AzureCliCredential
,VisualStudioCredential
andVisualStudioCodeCredential
public to allow direct usage. - Added
Authenticate
methods toUsernamePasswordCredential
- Fix
SharedTokenCacheCredential
account filter to be case-insensitive (Issue #10816) - Update
VisualStudioCodeCredential
to properly throwCredentialUnavailableException
when re-authentication is needed. (Issue #11595)
- First preview of new API for authenticating users with
DeviceCodeCredential
andInteractiveBrowserCredential
- Added method
Authenticate
which pro-actively interacts with the user to authenticate if necessary and returns a serializableAuthenticationRecord
- Added Options classes
DeviceCodeCredentialOptions
andInteractiveBrowserCredentialOptions
which support the following new optionsAuthenticationRecord
enables initializing a credential with anAuthenticationRecord
returned from a prior call toAuthenticate
DisableAutomaticAuthentication
disables automatic user interaction causing the credential to throw anAuthenticationRequiredException
when interactive authentication is necessary.EnablePersistentCache
configures these credentials to use a persistent cache shared between credentials which set this option. By default the cache is per credential and in memory only.
- Added method
- Updates
DefaultAzureCredential
to enable authenticating through Visual Studio - Updates
DefaultAzureCredential
to enable authentication through Visual Studio Code
- Updating
DefaultAzureCredential
to enable authenticating through the Azure CLI ClientCertificateCredential
now supports being constructed with a path to an unencrypted certificate (in either PFX or PEM format)EnvironmentCredential
now supports reading a certificate path fromAZURE_CLIENT_CERTIFICATE_PATH
- Fix an issue where
EnvironmentCredential
did not behave correctly whenAZURE_USERNAME
andAZURE_PASSWORD
where set - Added
KnownAuthorityHosts
class to aid in sovereign cloud configuration.
- Fixed
UsernamePasswordCredential
constructor parameter mishandling - Updated
ManagedIdentityCredential
endpoint discovery to avoid throwing - Fixed
ManagedIdentityCredential
to raiseCredentialUnavailableException
on 400 return from the service where no identity has been assigned - Updated error messaging from
DefaultAzureCredential
to more easily root cause failures
- Update
SharedTokenCacheCredential
to filter accounts by tenant id- Added
SharedTokenCacheCredentialOptions
class with propertiesTenantId
andUsername
- Added constructor overload to
SharedTokenCacheCredential
which acceptsSharedTokenCacheCredentialOptions
- Added property
SharedTokenCacheTenantId
toDefaultAzureCredentialOptions
- Added
- Support for personal account authentication in
DefaultAzureCredential
,InteractiveBrowserCredential
, andSharedTokenCacheCredential
- Added
InteractiveBrowserTenantId
toDefaultAzureCredentialOptions
- Fixed issue with
ManagedIdentityCredential
authentication with user assigned identities
- First stable release of Azure.Identity package.
- Rename
AzureCredentialOptions
->TokenCredentialOptions
- Renamed property
VerificationUrl
->VerificationUri
and changed type fromstring
toUri
- Renamed property
- Updated
ClientSecretCredential
class- Removed property
ClientId
- Removed property
ClientSecret
- Removed property
TenantId
- Removed property
- Updated
ClientCertificateCredential
class- Removed property
ClientId
- Removed property
ClientCertificate
- Removed property
TenantId
- Removed property
- Updated
DefaultAzureCredential
class to derive directly fromTokenCredential
rather thanChainedTokenCredential
- Updated
DefaultAzureCredentialOptions
class- Renamed property
PreferredAccountUsername
->SharedTokenCacheUsername
- Renamed property
IncludeEnvironmentCredential
->ExcludeEnvironmentCredential
- Renamed property
IncludeManagedIdentityCredential
->ExcludeManagedIdentityCredential
- Renamed property
IncludeSharedTokenCacheCredential
->ExcludeSharedTokenCacheCredential
- Renamed property
IncludeInteractiveBrowserCredential
->ExcludeInteractiveBrowserCredential
- Renamed property
- Updated
DeviceCodeInfo
class- Removed property
Interval
- Renamed property
VerificationUrl
->VerificationUri
and changed type fromstring
toUri
- Removed property
- Updated
InteractiveBrowserCredential
class- Reordered constructor parameters
tenantId
andclientId
to be consistent with other credential types
- Reordered constructor parameters
- Updated
SharedTokenCacheCredential
class- Updated constructor to take
TokenCredentialOptions
- Removed
clientId
constructor parameter
- Updated constructor to take
- Removed class
SharedTokenCacheCredentialOptions
- Updated exception model across the Azure.Identity library.
TokenCredential
implementations in the Azure.Identity library now throw exceptions rather than returningdefault
(AccessToken
) when no token is obtained- Added the
CredentialUnavailableExcpetion
exception type to distinguish cases when failure to obtain anAccessToken
was expected
- Adopted Azure.Core 1.0.0
- Update
ManagedIdentityCredential
IMDS availability check to handle immediate network failures - Added a
DefaultAzureCredential
constructor overload to enable interactive credential types by default
- Adopted Azure.Core 1.0.0-preview.9
- Added
DefaultAzureCredentialOptions
for configuring theDefaultAzureCredential
authentication flow - Added
InteractiveBrowserCredential
to theDefaultAzureCredential
authentication flow, but excluded by default
- Updated
InteractiveBrowserCredential
andDeviceCodeCredential
to optionally accept a tenantId to support non-multitenant applications
- Modified GetToken abstraction to accept
TokenRequest
structure rather thanstring[]
for forwards compatibility
- Adopted Azure.Core 1.0.0-preview.8
- Added
SharedTokenCacheCredential
to support Single Sign On with developer tooling - Updated
DefaultAzureCredential
authentication flow to include theSharedTokenCacheCredential
- Adopted Azure.Core 1.0.0-preview.7
- Adopted Microsoft.Identity.Client 4.1.0
- User Principal Authentication
- Added
DeviceCodeCredential
class - Added
InteractiveBrowserCredential
class - Added
UsernamePasswordCredential
class
- Added
- Support for Azure SDK ASP .NET Core integration
- Added identity client distributed tracing support
- Fix to ManagedIdentityCredential to properly parse expires_on from response
Version 1.0.0-preview.1 is the first preview of our efforts to create a user-friendly authentication API for Azure SDK client libraries. For more information about preview releases of other Azure SDK libraries, please visit https://aka.ms/azure-sdk-preview1-net.
- Azure Service Authentication
- Added
DefaultAzureCredential
class - Added
ChainedTokenCredential
class
- Added
- Service Principal Authentication
- Added
ClientSecretCredential
class - Added
ClientCertificateCredential
class
- Added
- Managed Identity Authentication
- Added
ManagedIdentityCredential
class
- Added
See the documentation for more details. User authentication will be added in an upcoming preview release.