Skip to content

Authentication

ClientSecretAuth

Enables authentication to Azure Active Directory using a client secret that was generated for an App Registration.

Parameters:

Name Type Description Default
tenant_id str

The Azure Active Directory tenant (directory) Id of the service principal.

required
client_id str

The client (application) ID of the service principal

required
client_secret str

A client secret that was generated for the App Registration used to authenticate the client.

required
Source code in src/sdk/python/rtdip_sdk/authentication/azure.py
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
class ClientSecretAuth:
    """
    Enables authentication to Azure Active Directory using a client secret that was generated for an App Registration.

    Args:
        tenant_id: The Azure Active Directory tenant (directory) Id of the service principal.
        client_id: The client (application) ID of the service principal
        client_secret: A client secret that was generated for the App Registration used to authenticate the client.
    """

    def __init__(self, tenant_id: str, client_id: str, client_secret: str) -> None:
        self.tenant_id = tenant_id
        self.client_id = client_id
        self.client_secret = client_secret

    def authenticate(self) -> ClientSecretCredential:
        """
        Authenticates as a service principal using a client secret.

        Returns:
            ClientSecretCredential: Authenticates as a service principal using a client secret.
        """
        try:
            access_token = ClientSecretCredential(
                self.tenant_id, self.client_id, self.client_secret
            )
            return access_token
        except Exception as e:
            logging.exception("error returning client secret credential")
            raise e

authenticate()

Authenticates as a service principal using a client secret.

Returns:

Name Type Description
ClientSecretCredential ClientSecretCredential

Authenticates as a service principal using a client secret.

Source code in src/sdk/python/rtdip_sdk/authentication/azure.py
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
def authenticate(self) -> ClientSecretCredential:
    """
    Authenticates as a service principal using a client secret.

    Returns:
        ClientSecretCredential: Authenticates as a service principal using a client secret.
    """
    try:
        access_token = ClientSecretCredential(
            self.tenant_id, self.client_id, self.client_secret
        )
        return access_token
    except Exception as e:
        logging.exception("error returning client secret credential")
        raise e

CertificateAuth

Enables authentication to Azure Active Directory using a certificate that was generated for an App Registration.

The certificate must have an RSA private key, because this credential signs assertions using RS256

Parameters:

Name Type Description Default
tenant_id str

The Azure Active Directory tenant (directory) Id of the service principal.

required
client_id str

The client (application) ID of the service principal

required
certificate_path str

Optional path to a certificate file in PEM or PKCS12 format, including the private key. If not provided, certificate_data is required.

None
certificate_data bytes

Optional bytes of a certificate in PEM or PKCS12 format, including the private key

None
password Union[str, bytes]

Optional certificate password. If a unicode string, it will be encoded as UTF-8. If the certificate requires a different encoding, pass appropriately encoded bytes instead.

None
Source code in src/sdk/python/rtdip_sdk/authentication/azure.py
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
class CertificateAuth:
    """
    Enables authentication to Azure Active Directory using a certificate that was generated for an App Registration.

    The certificate must have an RSA private key, because this credential signs assertions using RS256

    Args:
        tenant_id: The Azure Active Directory tenant (directory) Id of the service principal.
        client_id: The client (application) ID of the service principal
        certificate_path: Optional path to a certificate file in PEM or PKCS12 format, including the private key. If not provided, certificate_data is required.
        certificate_data: Optional bytes of a certificate in PEM or PKCS12 format, including the private key
        password: Optional certificate password. If a unicode string, it will be encoded as UTF-8. If the certificate requires a different encoding, pass appropriately encoded bytes instead.
    """

    def __init__(
        self,
        tenant_id: str,
        client_id: str,
        certificate_path: str = None,
        certificate_data: bytes = None,
        password: Union[str, bytes] = None,
    ) -> None:
        self.tenant_id = tenant_id
        self.client_id = client_id
        self.certificate_path = certificate_path
        self.certificate_data = certificate_data
        self.password = password

    def authenticate(self) -> CertificateCredential:
        """
        Authenticates as a service principal using a certificate.

        Returns:
            CertificateCredential: Authenticates as a service principal using a certificate.
        """
        try:
            access_token = CertificateCredential(
                self.tenant_id,
                self.client_id,
                self.certificate_path,
                certificate_data=self.certificate_data,
                password=self.password,
            )
            return access_token
        except Exception as e:
            logging.exception("error returning certificate credential")
            raise e

authenticate()

Authenticates as a service principal using a certificate.

Returns:

Name Type Description
CertificateCredential CertificateCredential

Authenticates as a service principal using a certificate.

Source code in src/sdk/python/rtdip_sdk/authentication/azure.py
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
def authenticate(self) -> CertificateCredential:
    """
    Authenticates as a service principal using a certificate.

    Returns:
        CertificateCredential: Authenticates as a service principal using a certificate.
    """
    try:
        access_token = CertificateCredential(
            self.tenant_id,
            self.client_id,
            self.certificate_path,
            certificate_data=self.certificate_data,
            password=self.password,
        )
        return access_token
    except Exception as e:
        logging.exception("error returning certificate credential")
        raise e

DefaultAuth

A default credential capable of handling most Azure SDK authentication scenarios.

The identity it uses depends on the environment. When an access token is needed, it requests one using these identities in turn, stopping when one provides a token:

1) A service principal configured by environment variables.

2) An Azure managed identity.

3) On Windows only: a user who has signed in with a Microsoft application, such as Visual Studio. If multiple identities are in the cache, then the value of the environment variable AZURE_USERNAME is used to select which identity to use.

4) The user currently signed in to Visual Studio Code.

5) The identity currently logged in to the Azure CLI.

6) The identity currently logged in to Azure PowerShell.

Parameters:

Name Type Description Default
exclude_cli_credential Optional

Whether to exclude the Azure CLI from the credential. Defaults to False.

False
exclude_environment_credential Optional

Whether to exclude a service principal configured by environment variables from the credential. Defaults to True.

True
exclude_managed_identity_credential Optional

Whether to exclude managed identity from the credential. Defaults to True

True
exclude_powershell_credential Optional

Whether to exclude Azure PowerShell. Defaults to False.

False
exclude_visual_studio_code_credential Optional

Whether to exclude stored credential from VS Code. Defaults to False

False
exclude_shared_token_cache_credential Optional

Whether to exclude the shared token cache. Defaults to False.

False
exclude_interactive_browser_credential Optional

Whether to exclude interactive browser authentication (see InteractiveBrowserCredential). Defaults to False

False
logging_enable Optional

Turn on or off logging. Defaults to False.

False
Source code in src/sdk/python/rtdip_sdk/authentication/azure.py
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
class DefaultAuth:
    """
    A default credential capable of handling most Azure SDK authentication scenarios.

    The identity it uses depends on the environment. When an access token is needed, it requests one using these identities in turn, stopping when one provides a token:

    1) A service principal configured by environment variables.

    2) An Azure managed identity.

    3) On Windows only: a user who has signed in with a Microsoft application, such as Visual Studio. If multiple identities are in the cache, then the value of the environment variable AZURE_USERNAME is used to select which identity to use.

    4) The user currently signed in to Visual Studio Code.

    5) The identity currently logged in to the Azure CLI.

    6) The identity currently logged in to Azure PowerShell.

    Args:
        exclude_cli_credential (Optional): Whether to exclude the Azure CLI from the credential. Defaults to False.
        exclude_environment_credential (Optional): Whether to exclude a service principal configured by environment variables from the credential. Defaults to True.
        exclude_managed_identity_credential (Optional): Whether to exclude managed identity from the credential. Defaults to True
        exclude_powershell_credential (Optional): Whether to exclude Azure PowerShell. Defaults to False.
        exclude_visual_studio_code_credential (Optional): Whether to exclude stored credential from VS Code. Defaults to False
        exclude_shared_token_cache_credential (Optional): Whether to exclude the shared token cache. Defaults to False.
        exclude_interactive_browser_credential (Optional): Whether to exclude interactive browser authentication (see InteractiveBrowserCredential). Defaults to False
        logging_enable (Optional): Turn on or off logging. Defaults to False.
    """

    def __init__(
        self,
        exclude_cli_credential=False,
        exclude_environment_credential=True,
        exclude_managed_identity_credential=True,
        exclude_powershell_credential=False,
        exclude_visual_studio_code_credential=False,
        exclude_shared_token_cache_credential=False,
        exclude_interactive_browser_credential=False,
        logging_enable=False,
    ) -> None:
        self.exclude_cli_credential = exclude_cli_credential
        self.exclude_environment_credential = exclude_environment_credential
        self.exclude_managed_identity_credential = exclude_managed_identity_credential
        self.exclude_powershell_credential = exclude_powershell_credential
        self.exclude_visual_studio_code_credential = (
            exclude_visual_studio_code_credential
        )
        self.exclude_shared_token_cache_credential = (
            exclude_shared_token_cache_credential
        )
        self.exclude_interactive_browser_credential = (
            exclude_interactive_browser_credential
        )
        self.logging_enable = logging_enable

    def authenticate(self) -> DefaultAzureCredential:
        """
        A default credential capable of handling most Azure SDK authentication scenarios.

        Returns:
            DefaultAzureCredential: A default credential capable of handling most Azure SDK authentication scenarios.
        """
        try:
            access_token = DefaultAzureCredential(
                exclude_cli_credential=self.exclude_cli_credential,
                exclude_environment_credential=self.exclude_environment_credential,
                exclude_managed_identity_credential=self.exclude_managed_identity_credential,
                exclude_powershell_credential=self.exclude_powershell_credential,
                exclude_visual_studio_code_credential=self.exclude_visual_studio_code_credential,
                exclude_shared_token_cache_credential=self.exclude_shared_token_cache_credential,
                exclude_interactive_browser_credential=self.exclude_interactive_browser_credential,
                logging_enable=self.logging_enable,
            )
            return access_token
        except Exception as e:
            logging.exception("error returning default azure credential")
            raise e

authenticate()

A default credential capable of handling most Azure SDK authentication scenarios.

Returns:

Name Type Description
DefaultAzureCredential DefaultAzureCredential

A default credential capable of handling most Azure SDK authentication scenarios.

Source code in src/sdk/python/rtdip_sdk/authentication/azure.py
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
def authenticate(self) -> DefaultAzureCredential:
    """
    A default credential capable of handling most Azure SDK authentication scenarios.

    Returns:
        DefaultAzureCredential: A default credential capable of handling most Azure SDK authentication scenarios.
    """
    try:
        access_token = DefaultAzureCredential(
            exclude_cli_credential=self.exclude_cli_credential,
            exclude_environment_credential=self.exclude_environment_credential,
            exclude_managed_identity_credential=self.exclude_managed_identity_credential,
            exclude_powershell_credential=self.exclude_powershell_credential,
            exclude_visual_studio_code_credential=self.exclude_visual_studio_code_credential,
            exclude_shared_token_cache_credential=self.exclude_shared_token_cache_credential,
            exclude_interactive_browser_credential=self.exclude_interactive_browser_credential,
            logging_enable=self.logging_enable,
        )
        return access_token
    except Exception as e:
        logging.exception("error returning default azure credential")
        raise e