ManagedIdentityCredential.GetToken()
now returns an error when configured for a user assigned identity in Azure Cloud Shell (which doesn't support such identities)
- Improved the diagnosability of the
DefaultAzureCredential
by logging failures by credentials when at least one credential succeeded at initialization. - Improved the diagnosability of the
DefaultAzureCredential
andChainedTokenCredential
aggregating all the errors that might have occurred on the credential chain duringGetToken
calls into a single message provided via logs and errors if the chain is finally unable to retrieve a token.
- Replaced
AuthenticationFailedError.RawResponse()
with a field having the same name - Unexported
CredentialUnavailableError
- Instances of
ChainedTokenCredential
will now skip looping through the list of source credentials and re-use the first successful credential on subsequent calls toGetToken
.- If
ChainedTokenCredentialOptions.RetrySources
is true,ChainedTokenCredential
will continue to try all of the originally provided credentials each time theGetToken
method is called. ChainedTokenCredential.successfulCredential
will contain a reference to the last successful credential.DefaultAzureCredenial
will also re-use the first successful credential on subsequent calls toGetToken
.DefaultAzureCredential.chain.successfulCredential
will also contain a reference to the last successful credential.
- If
ManagedIdentityCredential
no longer probes IMDS before requesting a token from it. Also, an error response from IMDS no longer disables a credential instance. Following an error, a credential instance will continue to send requests to IMDS as necessary.- Adopted MSAL for user and service principal authentication
- Updated
azcore
requirement to 0.21.0
- Raised minimum go version to 1.16
- Removed
NewAuthenticationPolicy()
from credentials. Clients should instead use azcore'sruntime.NewBearerTokenPolicy()
to construct a bearer token authorization policy. - The
AuthorityHost
field in credential options structs is now a custom type,AuthorityHost
, with underlying typestring
NewChainedTokenCredential
has a new signature to accommodate a placeholder options struct:// before cred, err := NewChainedTokenCredential(credA, credB) // after cred, err := NewChainedTokenCredential([]azcore.TokenCredential{credA, credB}, nil)
- Removed
ExcludeAzureCLICredential
,ExcludeEnvironmentCredential
, andExcludeMSICredential
fromDefaultAzureCredentialOptions
NewClientCertificateCredential
requires a[]*x509.Certificate
andcrypto.PrivateKey
instead of a path to a certificate file. AddedParseCertificates
to simplify getting these in common cases:// before cred, err := NewClientCertificateCredential("tenant", "client-id", "/cert.pem", nil) // after certData, err := os.ReadFile("/cert.pem") certs, key, err := ParseCertificates(certData, password) cred, err := NewClientCertificateCredential(tenantID, clientID, certs, key, nil)
- Removed
InteractiveBrowserCredentialOptions.ClientSecret
and.Port
- Removed
AADAuthenticationFailedError
- Removed
id
parameter ofNewManagedIdentityCredential()
. User assigned identities are now specified byManagedIdentityCredentialOptions.ID
:// before cred, err := NewManagedIdentityCredential("client-id", nil) // or, for a resource ID opts := &ManagedIdentityCredentialOptions{ID: ResourceID} cred, err := NewManagedIdentityCredential("/subscriptions/...", opts) // after clientID := ClientID("7cf7db0d-...") opts := &ManagedIdentityCredentialOptions{ID: clientID} // or, for a resource ID resID: ResourceID("/subscriptions/...") opts := &ManagedIdentityCredentialOptions{ID: resID} cred, err := NewManagedIdentityCredential(opts)
DeviceCodeCredentialOptions.UserPrompt
has a new type:func(context.Context, DeviceCodeMessage) error
- Credential options structs now embed
azcore.ClientOptions
. In addition to changing literal initialization syntax, this change renamesHTTPClient
fields toTransport
. - Renamed
LogCredential
toEventCredential
AzureCLICredential
no longer reads the environment variableAZURE_CLI_PATH
NewManagedIdentityCredential
no longer reads environment variablesAZURE_CLIENT_ID
andAZURE_RESOURCE_ID
. UseManagedIdentityCredentialOptions.ID
instead.- Unexported
AuthenticationFailedError
andCredentialUnavailableError
structs. In their place are two interfaces having the same names.
AzureCLICredential.GetToken
no longer mutates itsopts.Scopes
- Added connection configuration options to
DefaultAzureCredentialOptions
AuthenticationFailedError.RawResponse()
returns the HTTP response motivating the error, if available
NewDefaultAzureCredential()
returns*DefaultAzureCredential
instead of*ChainedTokenCredential
- Added
TenantID
field toDefaultAzureCredentialOptions
andAzureCLICredentialOptions
- Unexported
AzureCLICredentialOptions.TokenProvider
and its type,AzureCLITokenProvider
ManagedIdentityCredential.GetToken
returnsCredentialUnavailableError
when IMDS has no assigned identity, signalingDefaultAzureCredential
to try other credentials
- Update based on
azcore
refactor #15383
ManagedIdentityCredential.GetToken
no longer mutates itsopts.Scopes
- Bumps version of
azcore
tov0.18.1
- Adding support for Service Fabric environment in
ManagedIdentityCredential
- Adding an option for using a resource ID instead of client ID in
ManagedIdentityCredential
- Add LICENSE.txt and bump version information
- Add support for authenticating in Azure Stack environments
- Enable user assigned identities for the IMDS scenario in
ManagedIdentityCredential
- Add scope to resource conversion in
GetToken()
onManagedIdentityCredential
- Updating documentation
- Adding port option to
InteractiveBrowserCredential
- Add
redirectURI
parameter back to authentication code flow
- Updating query parameter in
ManagedIdentityCredential
and updating datetime string for parsing managed identity access tokens.
- Remove
RedirectURL
parameter from auth code flow to align with the MSAL implementation which relies on the native client redirect URL.
- Flattening credential options
- Adding Azure Arc support in
ManagedIdentityCredential
- Typo fixes
- Ensure authority hosts are only HTTPs
- Adding options structs for credentials
- Update
DeviceCodeCredential
callback
- Add
AuthorizationCodeCredential
- Add
InteractiveBrowserCredential
- Refactor
azidentity
on top ofazcore
refactor - Updated policies to conform to
policy.Policy
interface changes. - Updated non-retriable errors to conform to
azcore.NonRetriableError
. - Fixed calls to
Request.SetBody()
to include content type. - Switched endpoints to string types and removed extra parsing code.
- Add
AzureCLICredential
toDefaultAzureCredential
chain
- Initial Release. Azure Identity library that provides Azure Active Directory token authentication support for the SDK.