Share via

ManagedIdentityCredential Class

Authenticates with an Azure managed identity in any hosting environment which supports managed identities.

This credential defaults to using a system-assigned identity. To configure a user-assigned identity, use one of the keyword arguments. See Microsoft Entra ID documentation for more information about configuring managed identity for applications.

Constructor

ManagedIdentityCredential(*, client_id: str | None = None, identity_config: Mapping[str, str] | None = None, **kwargs: Any)

Keyword-Only Parameters

Name Description
client_id
str

a user-assigned identity's client ID or, when using Pod Identity, the client ID of a Microsoft Entra app registration. This argument is supported in all hosting environments.

Default value: None
identity_config
Mapping[str, str]

a mapping {parameter_name: value} specifying a user-assigned identity by its object or resource ID, for example {"object_id": "..."}. Check the documentation for your hosting environment to learn what values it expects.

Default value: None

Examples

Create a ManagedIdentityCredential.

 from azure.identity import ManagedIdentityCredential credential = ManagedIdentityCredential() # Can also specify a client ID of a user-assigned managed identity credential = ManagedIdentityCredential( client_id="<client_id>", )

Methods

close

Close the credential's transport session.
get_token

Request an access token for scopes.

This method is called automatically by Azure SDK clients.
get_token_info

Request an access token for scopes.

This is an alternative to get_token to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients.

close

Close the credential's transport session.

close() -> None

get_token

Request an access token for scopes.

This method is called automatically by Azure SDK clients.

get_token(*scopes: str, claims: str | None = None, tenant_id: str | None = None, **kwargs: Any) -> AccessToken

Parameters

Name Description
scopes
Required
str

desired scope for the access token. This credential allows only one scope per request. For more information about scopes, see https://learn.microsoft.com/entra/identity-platform/scopes-oidc.

Keyword-Only Parameters

Name Description
claims
str

not used by this credential; any value provided will be ignored.

Default value: None
tenant_id
str

not used by this credential; any value provided will be ignored.

Default value: None

Returns

Type Description
AccessToken

An access token with the desired scopes.

Exceptions

Type Description
CredentialUnavailableError

managed identity isn't available in the hosting environment

get_token_info

Request an access token for scopes.

This is an alternative to get_token to enable certain scenarios that require additional properties on the token. This method is called automatically by Azure SDK clients.

get_token_info(*scopes: str, options: TokenRequestOptions | None = None) -> AccessTokenInfo

Parameters

Name Description
scopes
Required
str

desired scope for the access token. This credential allows only one scope per request. For more information about scopes, see https://learn.microsoft.com/entra/identity-platform/scopes-oidc.

Keyword-Only Parameters

Name Description
options
TokenRequestOptions

A dictionary of options for the token request. Unknown options will be ignored. Optional.

Default value: None

Returns

Type Description
AccessTokenInfo

An AccessTokenInfo instance containing information about the token.

Exceptions

Type Description
CredentialUnavailableError

managed identity isn't available in the hosting environment.