Share via

ManagedIdentityCredential Class

  • Reference

Authenticates with an Azure managed identity in any hosting environment which supports managed identities.

This credential defaults to using a system-assigned identity. To configure a user-assigned identity, use one of the keyword arguments. See Microsoft Entra ID documentation for more information about configuring managed identity for applications.

Constructor

ManagedIdentityCredential(*, client_id: str | None = None, identity_config: Mapping[str, str] | None = None, **kwargs: Any)

Keyword-Only Parameters

Name Description
client_id
str

a user-assigned identity's client ID or, when using Pod Identity, the client ID of a Microsoft Entra app registration. This argument is supported in all hosting environments.
identity_config
Mapping[str, str]

a mapping {parameter_name: value} specifying a user-assigned identity by its object or resource ID, for example {"object_id": "..."}. Check the documentation for your hosting environment to learn what values it expects.

Examples

Create a ManagedIdentityCredential.


   from azure.identity import ManagedIdentityCredential

   credential = ManagedIdentityCredential()

   # Can also specify a client ID of a user-assigned managed identity
   credential = ManagedIdentityCredential(
       client_id="<client_id>",
   )

Methods

close

Close the credential's transport session.
get_token

Request an access token for scopes.

This method is called automatically by Azure SDK clients.
get_token_info

Request an access token for scopes.

This is an alternative to get_token to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients.

close

Close the credential's transport session.

close() -> None

get_token

Request an access token for scopes.

This method is called automatically by Azure SDK clients.

get_token(*scopes: str, claims: str | None = None, tenant_id: str | None = None, **kwargs: Any) -> AccessToken

Parameters

Name Description
scopes
Required
str

desired scope for the access token. This credential allows only one scope per request. For more information about scopes, see https://learn.microsoft.com/entra/identity-platform/scopes-oidc.

Keyword-Only Parameters

Name Description
claims
str

not used by this credential; any value provided will be ignored.
tenant_id
str

not used by this credential; any value provided will be ignored.

Returns

Type Description
AccessToken

An access token with the desired scopes.

Exceptions

Type Description
CredentialUnavailableError

managed identity isn't available in the hosting environment

get_token_info

Request an access token for scopes.

This is an alternative to get_token to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients.

get_token_info(*scopes: str, options: TokenRequestOptions | None = None) -> AccessTokenInfo

Parameters

Name Description
scopes
Required
str

desired scope for the access token. This credential allows only one scope per request. For more information about scopes, see https://learn.microsoft.com/entra/identity-platform/scopes-oidc.

Keyword-Only Parameters

Name Description
options
TokenRequestOptions

A dictionary of options for the token request. Unknown options will be ignored. Optional.

Returns

Type Description
AccessTokenInfo

An AccessTokenInfo instance containing information about the token.

Exceptions

Type Description
CredentialUnavailableError

managed identity isn't available in the hosting environment.