diff --git a/sdk/identity/Azure.Identity/README.md b/sdk/identity/Azure.Identity/README.md index edb3edc9242f6..e221f19c0c59f 100644 --- a/sdk/identity/Azure.Identity/README.md +++ b/sdk/identity/Azure.Identity/README.md @@ -77,11 +77,7 @@ See [Credential Classes](#credential-classes) for a complete listing of availabl ### DefaultAzureCredential -The `DefaultAzureCredential` is appropriate for most scenarios where the application is intended to ultimately be run in Azure. This is because the `DefaultAzureCredential` combines credentials commonly used to authenticate when deployed, with credentials used to authenticate in a development environment. - -> Note: `DefaultAzureCredential` is intended to simplify getting started with the SDK by handling common scenarios with reasonable default behaviors. Developers who want more control or whose scenario isn't served by the default settings should use other credential types. - -The `DefaultAzureCredential` attempts to authenticate via the following mechanisms, in this order, stopping when one succeeds: +The `DefaultAzureCredential` simplifies authentication while developing applications that deploy to Azure by combining credentials used in Azure hosting environments and credentials used in local development. In production, it's better to use a specific credential type so authentication is more predictable and easier to debug. `DefaultAzureCredential` attempts to authenticate via the following mechanisms in this order, stopping when one succeeds: ![DefaultAzureCredential authentication flow][default_azure_credential_authflow_image] diff --git a/sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredential.cs b/sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredential.cs index 5a30b98f63a4a..1c2ffb928f98a 100644 --- a/sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredential.cs +++ b/sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredential.cs @@ -12,8 +12,13 @@ namespace Azure.Identity { /// - /// Provides a default authentication flow for applications that will be deployed to Azure. The following credential - /// types, if enabled, will be tried, in order: + /// simplifies authentication while developing applications that deploy to Azure by + /// combining credentials used in Azure hosting environments and credentials used in local development. In + /// production, it's better to use a specific credential type so authentication is more predictable and easier + /// to debug. + /// + /// attempts to authenticate with each of these credential types, in the following order, + /// stopping when one provides a token: /// /// /// diff --git a/sdk/identity/Azure.Identity/src/Credentials/DeviceCodeCredential.cs b/sdk/identity/Azure.Identity/src/Credentials/DeviceCodeCredential.cs index 2203ccedd83c5..54641f202a7f4 100644 --- a/sdk/identity/Azure.Identity/src/Credentials/DeviceCodeCredential.cs +++ b/sdk/identity/Azure.Identity/src/Credentials/DeviceCodeCredential.cs @@ -52,7 +52,7 @@ public DeviceCodeCredential(DeviceCodeCredentialOptions options) /// Creates a new DeviceCodeCredential with the specified options, which will authenticate users with the specified application. /// /// The callback to be executed to display the device code to the user - /// The client id of the application to which the users will authenticate + /// The client ID of the application to which the users will authenticate. It's recommended that developers register their applications and assign appropriate roles. For more information, visit . If not specified, users will authenticate to an Azure development application, which isn't recommended for production scenarios. /// The client options for the newly created DeviceCodeCredential [EditorBrowsable(EditorBrowsableState.Never)] public DeviceCodeCredential(Func deviceCodeCallback, string clientId, TokenCredentialOptions options = default) @@ -65,7 +65,7 @@ public DeviceCodeCredential(Func device /// /// The callback to be executed to display the device code to the user /// The tenant id of the application to which users will authenticate. This can be null for multi-tenanted applications. - /// The client id of the application to which the users will authenticate + /// The client id of the application to which the users will authenticate. It is recommended that developers register their applications and assign appropriate roles. For more information, visit . If not specified, users will authenticate to an Azure development application, which is not recommended for production scenarios. /// The client options for the newly created DeviceCodeCredential [EditorBrowsable(EditorBrowsableState.Never)] public DeviceCodeCredential(Func deviceCodeCallback, string tenantId, string clientId, TokenCredentialOptions options = default) diff --git a/sdk/identity/Azure.Identity/src/Credentials/DeviceCodeCredentialOptions.cs b/sdk/identity/Azure.Identity/src/Credentials/DeviceCodeCredentialOptions.cs index 0063eae24fd57..e23024f791d69 100644 --- a/sdk/identity/Azure.Identity/src/Credentials/DeviceCodeCredentialOptions.cs +++ b/sdk/identity/Azure.Identity/src/Credentials/DeviceCodeCredentialOptions.cs @@ -39,6 +39,8 @@ public string TenantId /// /// The client ID of the application used to authenticate the user. If not specified the user will be authenticated with an Azure development application. + /// It is recommended that developers register their applications and assign appropriate roles. For more information, visit . + /// If not specified, users will authenticate to an Azure development application, which is not recommended for production scenarios. /// public string ClientId { get; set; } = Constants.DeveloperSignOnClientId; diff --git a/sdk/identity/Azure.Identity/src/Credentials/InteractiveBrowserCredential.cs b/sdk/identity/Azure.Identity/src/Credentials/InteractiveBrowserCredential.cs index 8101b15c75a64..c9bd1faa717f3 100644 --- a/sdk/identity/Azure.Identity/src/Credentials/InteractiveBrowserCredential.cs +++ b/sdk/identity/Azure.Identity/src/Credentials/InteractiveBrowserCredential.cs @@ -57,7 +57,7 @@ public InteractiveBrowserCredential(InteractiveBrowserCredentialOptions options) /// /// Creates a new with the specified options, which will authenticate users with the specified application. /// - /// The client id of the application to which the users will authenticate + /// The client id of the application to which the users will authenticate. It is recommended that developers register their applications and assign appropriate roles. For more information, visit . If not specified, users will authenticate to an Azure development application, which is not recommended for production scenarios. [EditorBrowsable(EditorBrowsableState.Never)] public InteractiveBrowserCredential(string clientId) : this(null, clientId, null, null) @@ -67,7 +67,7 @@ public InteractiveBrowserCredential(string clientId) /// Creates a new with the specified options, which will authenticate users with the specified application. /// /// The tenant id of the application and the users to authenticate. Can be null in the case of multi-tenant applications. - /// The client id of the application to which the users will authenticate + /// The client id of the application to which the users will authenticate. It is recommended that developers register their applications and assign appropriate roles. For more information, visit . If not specified, users will authenticate to an Azure development application, which is not recommended for production scenarios. /// TODO: need to link to info on how the application has to be created to authenticate users, for multiple applications /// The client options for the newly created . [EditorBrowsable(EditorBrowsableState.Never)] diff --git a/sdk/identity/Azure.Identity/src/Credentials/InteractiveBrowserCredentialOptions.cs b/sdk/identity/Azure.Identity/src/Credentials/InteractiveBrowserCredentialOptions.cs index 70f2ebe6b150b..6fee96ac67f54 100644 --- a/sdk/identity/Azure.Identity/src/Credentials/InteractiveBrowserCredentialOptions.cs +++ b/sdk/identity/Azure.Identity/src/Credentials/InteractiveBrowserCredentialOptions.cs @@ -38,7 +38,8 @@ public string TenantId public IList AdditionallyAllowedTenants { get; internal set; } = new List(); /// - /// The client ID of the application used to authenticate the user. If not specified the user will be authenticated with an Azure development application. + /// The client ID of the application used to authenticate the user. It is recommended that developers register their applications and assign appropriate roles. For more information, visit . + /// If not specified, users will authenticate to an Azure development application, which is not recommended for production scenarios. /// public string ClientId { get; set; } = Constants.DeveloperSignOnClientId;