-
Notifications
You must be signed in to change notification settings - Fork 2.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
User authentication samples (#11343)
- Loading branch information
Showing
4 changed files
with
120 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,4 @@ | ||
| recursive-include samples *.py | ||
| recursive-include tests *.py | ||
| include *.md | ||
| include azure/__init__.py | ||
| include azure/__init__.py |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| --- | ||
| page_type: sample | ||
| languages: | ||
| - python | ||
| products: | ||
| - azure | ||
| - azure-identity | ||
| urlFragment: identity-samples | ||
| --- | ||
|
|
||
| # Azure Identity Library Python Samples | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| You must have an [Azure subscription](https://azure.microsoft.com/free) and an | ||
| [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/) to run | ||
| these samples. You can create a Key Vault in the | ||
| [Azure Portal](https://portal.azure.com/#create/Microsoft.KeyVault) or with the | ||
| [Azure CLI](https://docs.microsoft.com/en-us/azure/key-vault/secrets/quick-create-cli). | ||
|
|
||
| Azure Key Vault is used only to demonstrate authentication. Azure Identity has | ||
| the same API for all compatible client libraries. | ||
|
|
||
| ## Setup | ||
|
|
||
| To run these samples, first install the Azure Identity and Key Vault Secrets | ||
| client libraries: | ||
|
|
||
| ```commandline | ||
| pip install azure-identity azure-keyvault-secrets | ||
| ``` | ||
|
|
||
| ## Contents | ||
| | File | Description | | ||
| |-------------|-------------| | ||
| | control_interactive_prompts.py | demonstrates controlling when interactive credentials prompt for user interaction | | ||
| | user_authentication.py | demonstrates user authentication API for applications | |
38 changes: 38 additions & 0 deletions
38
sdk/identity/azure-identity/samples/control_interactive_prompts.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| # ------------------------------------ | ||
| # Copyright (c) Microsoft Corporation. | ||
| # Licensed under the MIT License. | ||
| # ------------------------------------ | ||
| """Demonstrates controlling the timing of interactive authentication using InteractiveBrowserCredential. | ||
| DeviceCodeCredential supports the same API. | ||
| """ | ||
|
|
||
| import os | ||
| import sys | ||
| from azure.identity import AuthenticationRequiredError, InteractiveBrowserCredential | ||
| from azure.keyvault.secrets import SecretClient | ||
|
|
||
|
|
||
| # This sample uses Key Vault only for demonstration. Any client accepting azure-identity credentials will work the same. | ||
| VAULT_URL = os.environ.get("VAULT_URL") | ||
| if not VAULT_URL: | ||
| print("This sample expects environment variable 'VAULT_URL' to be set with the URL of a Key Vault.") | ||
| sys.exit(1) | ||
|
|
||
|
|
||
| # If it's important for your application to prompt for authentication only at certain times, | ||
| # create the credential with disable_automatic_authentication=True. This configures the credential to raise | ||
| # when interactive authentication is required, instead of immediately beginning that authentication. | ||
| credential = InteractiveBrowserCredential(disable_automatic_authentication=True) | ||
| client = SecretClient(VAULT_URL, credential) | ||
|
|
||
| try: | ||
| secret_names = [s.name for s in client.list_properties_of_secrets()] | ||
| except AuthenticationRequiredError as ex: | ||
| # Interactive authentication is necessary to authorize the client's request. The exception carries the | ||
| # requested authentication scopes. If you pass these to 'authenticate', it will cache an access token | ||
| # for those scopes. | ||
| credential.authenticate(scopes=ex.scopes) | ||
|
|
||
| # the client operation should now succeed | ||
| secret_names = [s.name for s in client.list_properties_of_secrets()] |
43 changes: 43 additions & 0 deletions
43
sdk/identity/azure-identity/samples/user_authentication.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| # ------------------------------------ | ||
| # Copyright (c) Microsoft Corporation. | ||
| # Licensed under the MIT License. | ||
| # ------------------------------------ | ||
| """Demonstrates user authentication using InteractiveBrowserCredential. DeviceCodeCredential supports the same API.""" | ||
|
|
||
| import os | ||
| import sys | ||
| from azure.identity import AuthenticationRecord, InteractiveBrowserCredential | ||
| from azure.keyvault.secrets import SecretClient | ||
|
|
||
|
|
||
| # This sample uses Key Vault only for demonstration. Any client accepting azure-identity credentials will work the same. | ||
| VAULT_URL = os.environ.get("VAULT_URL") | ||
| if not VAULT_URL: | ||
| print("This sample expects environment variable 'VAULT_URL' to be set with the URL of a Key Vault.") | ||
| sys.exit(1) | ||
|
|
||
|
|
||
| # Persistent caching is optional. By default, interactive credentials cache in memory only. | ||
| credential = InteractiveBrowserCredential(enable_persistent_cache=True) | ||
|
|
||
| # The 'authenticate' method begins interactive authentication. Call it whenever it's convenient | ||
| # for your application to authenticate a user. It returns a record of the authentication. | ||
| record = credential.authenticate() | ||
|
|
||
| # The record contains no authentication secrets. You can serialize it to JSON for storage. | ||
| record_json = record.serialize() | ||
|
|
||
| # An authenticated credential is ready for use with a client. This request should succeed | ||
| # without prompting for authentication again. | ||
| client = SecretClient(VAULT_URL, credential) | ||
| secret_names = [s.name for s in client.list_properties_of_secrets()] | ||
|
|
||
| # With persistent caching enabled, an authentication record stored by your application enables | ||
| # credentials to access data from past authentications. If the cache contains sufficient data, | ||
| # this eliminates the need for your application to prompt for authentication every time it runs. | ||
| deserialized_record = AuthenticationRecord.deserialize(record_json) | ||
| new_credential = InteractiveBrowserCredential(enable_persistent_cache=True, authentication_record=deserialized_record) | ||
|
|
||
| # This request should also succeed without prompting for authentication. | ||
| client = SecretClient(VAULT_URL, new_credential) | ||
| secret_names = [s.name for s in client.list_properties_of_secrets()] |