Crate azure_identity
source ·Expand description
Azure Identity crate for the unofficial Microsoft Azure SDK for Rust. This crate is part of a collection of crates: for more information please refer to https://github.com/azure/azure-sdk-for-rust. This crate provides mechanisms for several ways to authenticate against Azure
For example, to authenticate using the recommended DefaultAzureCredential
, you can do the following:
use azure_core::{auth::TokenCredential, Url};
use azure_identity::{DefaultAzureCredential};
use std::env;
use std::error::Error;
#[tokio::main]
async fn main() -> Result<(), Box<dyn Error>> {
let credential = DefaultAzureCredential::default();
let response = credential
.get_token(&["https://management.azure.com/.default"])
.await?;
let subscription_id = env::var("AZURE_SUBSCRIPTION_ID")?;
let url = Url::parse(&format!(
"https://management.azure.com/subscriptions/{}/providers/Microsoft.Storage/storageAccounts?api-version=2019-06-01",
subscription_id))?;
let response = reqwest::Client::new()
.get(url)
.header("Authorization", format!("Bearer {}", response.token.secret()))
.send()
.await?
.text()
.await?;
println!("{:?}", response);
Ok(())
}
The supported authentication flows are:
This crate also includes utilities for handling refresh tokens and accessing token credentials from many different sources.
Modules
- Authorize using the authorization code flow
- Authorize using the OAuth 2.0 client credentials flow
- Utilities for aiding in development
- Authorize using the device authorization grant flow
- Authorize using the OAuth 2.0 client credentials flow with federated credentials.
- Refresh token utilities
- A list of tenant IDs
Structs
- Enables authentication to Azure Active Directory using Azure CLI to obtain an access token.
- Provides options to configure how the Identity library makes authentication requests to Azure Active Directory.
- Enables authentication to Azure Active Directory using a client certificate that was generated for an App Registration.
- Enables authentication to Azure Active Directory using a client secret that was generated for an App Registration.
- Provides a default
TokenCredential
authentication flow for applications that will be deployed to Azure. - Provides a mechanism of selectively disabling credentials used for a
DefaultAzureCredential
instance - Enables authentication with Workflows Identity if either
AZURE_FEDERATED_TOKEN
orAZURE_FEDERATED_TOKEN_FILE
is set, otherwise enables authentication to Azure Active Directory using client secret, or a username and password. - Attempts authentication using a managed identity that has been assigned to the deployment environment.
- Provides options to configure how the Identity library makes authentication requests to Azure Active Directory.
- Enables authentication to Azure Active Directory using a client secret that was generated for an App Registration.
Enums
- Types of
TokenCredential
supported byDefaultAzureCredential