Crate azure_identity

source · []
Expand description

Azure Identity crate for the unofficial Microsoft Azure SDK for Rust. This crate is part of a collection of crates: for more information please refer to https://github.com/azure/azure-sdk-for-rust. This crate provides mechanisms for several ways to authenticate against Azure

For example, to authenticate using the recommended DefaultAzureCredential, you can do the following:

use azure_identity::{DefaultAzureCredential, TokenCredential};
use url::Url;

use std::env;
use std::error::Error;

#[tokio::main]
async fn main() -> Result<(), Box<dyn Error>> {
    let credential = DefaultAzureCredential::default();
    let response = credential
        .get_token("https://management.azure.com")
        .await?;

    let subscription_id = env::var("AZURE_SUBSCRIPTION_ID")?;
    let url = Url::parse(&format!(
        "https://management.azure.com/subscriptions/{}/providers/Microsoft.Storage/storageAccounts?api-version=2019-06-01",
        subscription_id))?;
    let response = reqwest::Client::new()
        .get(url)
        .header("Authorization", format!("Bearer {}", response.token.secret()))
        .send()
        .await?
        .text()
        .await?;

    println!("{:?}", response);
    Ok(())
}

The supported authentication flows are:

This crate also includes utilities for handling refresh tokens and accessing token credentials from many different sources.

Modules

authority_hosts

A list of known Azure authority hosts

authorization_code_flow

Authorize using the authorization code flow

client_credentials_flow

Authorize using the OAuth 2.0 client credentials flow

development

Utilities for aiding in development

device_code_flow

Authorize using the device authorization grant flow

refresh_token

Refresh token utilities

tenant_ids

A list of tenant IDs

Structs

AutoRefreshingTokenCredential

Wraps a TokenCredential and handles token refresh on token expiry

AzureCliCredential

Enables authentication to Azure Active Directory using Azure CLI to obtain an access token.

ClientSecretCredential

Enables authentication to Azure Active Directory using a client secret that was generated for an App Registration.

DefaultAzureCredential

Provides a default TokenCredential authentication flow for applications that will be deployed to Azure.

DefaultAzureCredentialBuilder

Provides a mechanism of selectively disabling credentials used for a DefaultAzureCredential instance

EnvironmentCredential

Enables authentication to Azure Active Directory using client secret, or a username and password.

ImdsManagedIdentityCredential

Attempts authentication using a managed identity that has been assigned to the deployment environment.

TokenCredentialOptions

Provides options to configure how the Identity library makes authentication requests to Azure Active Directory.

Enums

AzureCliCredentialError
ClientSecretCredentialError
DefaultAzureCredentialEnum

Types of TokenCredential supported by DefaultAzureCredential

DefaultAzureCredentialError
EnvironmentCredentialError
Error

Errors specific to identity services

ManagedIdentityCredentialError

Traits

TokenCredential

Represents a credential capable of providing an OAuth token. Same as azure_core::auth::TokenCredential, except a more specific error is returned.