Skip to content

Commit

Permalink
Update DefaultAzureCredential, InteractiveBrowserCredential, and Devi…
Browse files Browse the repository at this point in the history
…ceCodeCredential docs (#45009)
  • Loading branch information
christothes authored Jul 19, 2024
1 parent f77b824 commit 3774094
Show file tree
Hide file tree
Showing 6 changed files with 16 additions and 12 deletions.
6 changes: 1 addition & 5 deletions sdk/identity/Azure.Identity/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -77,11 +77,7 @@ See [Credential Classes](#credential-classes) for a complete listing of availabl

### DefaultAzureCredential

The `DefaultAzureCredential` is appropriate for most scenarios where the application is intended to ultimately be run in Azure. This is because the `DefaultAzureCredential` combines credentials commonly used to authenticate when deployed, with credentials used to authenticate in a development environment.

> Note: `DefaultAzureCredential` is intended to simplify getting started with the SDK by handling common scenarios with reasonable default behaviors. Developers who want more control or whose scenario isn't served by the default settings should use other credential types.
The `DefaultAzureCredential` attempts to authenticate via the following mechanisms, in this order, stopping when one succeeds:
The `DefaultAzureCredential` simplifies authentication while developing applications that deploy to Azure by combining credentials used in Azure hosting environments and credentials used in local development. In production, it's better to use a specific credential type so authentication is more predictable and easier to debug. `DefaultAzureCredential` attempts to authenticate via the following mechanisms in this order, stopping when one succeeds:

![DefaultAzureCredential authentication flow][default_azure_credential_authflow_image]

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,13 @@
namespace Azure.Identity
{
/// <summary>
/// Provides a default <see cref="TokenCredential"/> authentication flow for applications that will be deployed to Azure. The following credential
/// types, if enabled, will be tried, in order:
/// <see cref="DefaultAzureCredential"/> simplifies authentication while developing applications that deploy to Azure by
/// combining credentials used in Azure hosting environments and credentials used in local development. In
/// production, it's better to use a specific credential type so authentication is more predictable and easier
/// to debug.
///
/// <see cref="DefaultAzureCredential"/> attempts to authenticate with each of these credential types, in the following order,
/// stopping when one provides a token:
/// <list type="bullet">
/// <item><description><see cref="EnvironmentCredential"/></description></item>
/// <item><description><see cref="WorkloadIdentityCredential"/></description></item>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ public DeviceCodeCredential(DeviceCodeCredentialOptions options)
/// Creates a new DeviceCodeCredential with the specified options, which will authenticate users with the specified application.
/// </summary>
/// <param name="deviceCodeCallback">The callback to be executed to display the device code to the user</param>
/// <param name="clientId">The client id of the application to which the users will authenticate</param>
/// <param name="clientId">The client ID of the application to which the users will authenticate. It's recommended that developers register their applications and assign appropriate roles. For more information, visit <see href="https://aka.ms/azsdk/identity/AppRegistrationAndRoleAssignment"/>. If not specified, users will authenticate to an Azure development application, which isn't recommended for production scenarios.</param>
/// <param name="options">The client options for the newly created DeviceCodeCredential</param>
[EditorBrowsable(EditorBrowsableState.Never)]
public DeviceCodeCredential(Func<DeviceCodeInfo, CancellationToken, Task> deviceCodeCallback, string clientId, TokenCredentialOptions options = default)
Expand All @@ -65,7 +65,7 @@ public DeviceCodeCredential(Func<DeviceCodeInfo, CancellationToken, Task> device
/// </summary>
/// <param name="deviceCodeCallback">The callback to be executed to display the device code to the user</param>
/// <param name="tenantId">The tenant id of the application to which users will authenticate. This can be null for multi-tenanted applications.</param>
/// <param name="clientId">The client id of the application to which the users will authenticate</param>
/// <param name="clientId">The client id of the application to which the users will authenticate. It is recommended that developers register their applications and assign appropriate roles. For more information, visit <see href="https://aka.ms/azsdk/identity/AppRegistrationAndRoleAssignment"/>. If not specified, users will authenticate to an Azure development application, which is not recommended for production scenarios.</param>
/// <param name="options">The client options for the newly created DeviceCodeCredential</param>
[EditorBrowsable(EditorBrowsableState.Never)]
public DeviceCodeCredential(Func<DeviceCodeInfo, CancellationToken, Task> deviceCodeCallback, string tenantId, string clientId, TokenCredentialOptions options = default)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ public string TenantId

/// <summary>
/// The client ID of the application used to authenticate the user. If not specified the user will be authenticated with an Azure development application.
/// It is recommended that developers register their applications and assign appropriate roles. For more information, visit <see href="https://aka.ms/azsdk/identity/AppRegistrationAndRoleAssignment"/>.
/// If not specified, users will authenticate to an Azure development application, which is not recommended for production scenarios.
/// </summary>
public string ClientId { get; set; } = Constants.DeveloperSignOnClientId;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ public InteractiveBrowserCredential(InteractiveBrowserCredentialOptions options)
/// <summary>
/// Creates a new <see cref="InteractiveBrowserCredential"/> with the specified options, which will authenticate users with the specified application.
/// </summary>
/// <param name="clientId">The client id of the application to which the users will authenticate</param>
/// <param name="clientId">The client id of the application to which the users will authenticate. It is recommended that developers register their applications and assign appropriate roles. For more information, visit <see href="https://aka.ms/azsdk/identity/AppRegistrationAndRoleAssignment"/>. If not specified, users will authenticate to an Azure development application, which is not recommended for production scenarios.</param>
[EditorBrowsable(EditorBrowsableState.Never)]
public InteractiveBrowserCredential(string clientId)
: this(null, clientId, null, null)
Expand All @@ -67,7 +67,7 @@ public InteractiveBrowserCredential(string clientId)
/// Creates a new <see cref="InteractiveBrowserCredential"/> with the specified options, which will authenticate users with the specified application.
/// </summary>
/// <param name="tenantId">The tenant id of the application and the users to authenticate. Can be null in the case of multi-tenant applications.</param>
/// <param name="clientId">The client id of the application to which the users will authenticate</param>
/// <param name="clientId">The client id of the application to which the users will authenticate. It is recommended that developers register their applications and assign appropriate roles. For more information, visit <see href="https://aka.ms/azsdk/identity/AppRegistrationAndRoleAssignment"/>. If not specified, users will authenticate to an Azure development application, which is not recommended for production scenarios.</param>
/// TODO: need to link to info on how the application has to be created to authenticate users, for multiple applications
/// <param name="options">The client options for the newly created <see cref="InteractiveBrowserCredential"/>.</param>
[EditorBrowsable(EditorBrowsableState.Never)]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,8 @@ public string TenantId
public IList<string> AdditionallyAllowedTenants { get; internal set; } = new List<string>();

/// <summary>
/// The client ID of the application used to authenticate the user. If not specified the user will be authenticated with an Azure development application.
/// The client ID of the application used to authenticate the user. It is recommended that developers register their applications and assign appropriate roles. For more information, visit <see href="https://aka.ms/azsdk/identity/AppRegistrationAndRoleAssignment"/>.
/// If not specified, users will authenticate to an Azure development application, which is not recommended for production scenarios.
/// </summary>
public string ClientId { get; set; } = Constants.DeveloperSignOnClientId;

Expand Down

0 comments on commit 3774094

Please sign in to comment.