Package com.azure.identity

Class InteractiveBrowserCredential

java.lang.Object

com.azure.identity.InteractiveBrowserCredential

All Implemented Interfaces:

com.azure.core.credential.TokenCredential

public class InteractiveBrowserCredential
extends Object
implements com.azure.core.credential.TokenCredential

Interactive browser authentication is a type of authentication flow offered by Microsoft Entra ID that enables users to sign in to applications and services using a web browser. With interactive browser authentication, the user is directed to a sign-in webpage and is prompted to enter their credentials. After the user successfully authenticates, Microsoft Entra ID issues a security token that the application can use to authorize the user's access to its resources. For more information refer to the interactive browser authentication documentation.

Required configuration:

To use InteractiveBrowserCredential, you need to register an application in Microsoft Entra ID with permissions to log in on behalf of a user. Follow the steps below to configure your registered application.

1. Go to Microsoft Entra ID in Azure portal and find your app registration.
2. Navigate to the Authentication section.
3. Under Suggested Redirected URIs, check the URI that ends with /common/oauth2/nativeclient.
4. Under Authentication->Advanced settings, enable "Allow public client flows."

These steps will let the application authenticate, but it still won't have permission to log you into Active Directory, or access resources on your behalf. To address this issue, navigate to API Permissions, and enable Microsoft Graph and the resources you want to access, such as Azure Service Management, Key Vault, and so on. You also need to be the admin of your tenant to grant consent to your application when you log in for the first time. In InteractiveBrowserCredentialBuilder.redirectUrl(String), a redirect URL can be specified. It configures the Redirect URL where STS will callback the application with the security code. It is required if a custom client id is specified via InteractiveBrowserCredentialBuilder.clientId(String) and must match the redirect URL specified during the application registration. You can add the redirect URL to the Redirect URIs subsection under the Authentication section of your registered Microsoft Entra application.

Sample: Construct InteractiveBrowserCredential

The following code sample demonstrates the creation of a InteractiveBrowserCredential, using the InteractiveBrowserCredentialBuilder to configure it. By default, the credential targets a localhost redirect URL, to override that behaviour a InteractiveBrowserCredentialBuilder.redirectUrl(String) can be optionally specified. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

 TokenCredential interactiveBrowserCredential = new InteractiveBrowserCredentialBuilder().redirectUrl(
     "http://localhost:8765").build();
 

See Also:

• com.azure.identity
• InteractiveBrowserCredentialBuilder

Method Summary

Modifier and Type	Method	Description
Mono<AuthenticationRecord>	authenticate()	Interactively authenticates a user via the default browser.
Mono<AuthenticationRecord>	authenticate(com.azure.core.credential.TokenRequestContext request)	Interactively authenticates a user via the default browser.
Mono<com.azure.core.credential.AccessToken>	getToken(com.azure.core.credential.TokenRequestContext request)
com.azure.core.credential.AccessToken	getTokenSync(com.azure.core.credential.TokenRequestContext request)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

getToken

public Mono<com.azure.core.credential.AccessToken> getToken(com.azure.core.credential.TokenRequestContext request)

Specified by:

getToken in interface com.azure.core.credential.TokenCredential

getTokenSync

public com.azure.core.credential.AccessToken getTokenSync(com.azure.core.credential.TokenRequestContext request)

Specified by:

getTokenSync in interface com.azure.core.credential.TokenCredential

authenticate

public Mono<AuthenticationRecord> authenticate(com.azure.core.credential.TokenRequestContext request)

Interactively authenticates a user via the default browser. This method will always generate a challenge to the user.

Parameters:

request - The details of the authentication request.

Returns:

The AuthenticationRecord which can be used to silently authenticate the account on future execution if persistent caching was configured via InteractiveBrowserCredentialBuilder.tokenCachePersistenceOptions(TokenCachePersistenceOptions) when credential was instantiated.

authenticate

public Mono<AuthenticationRecord> authenticate()

Interactively authenticates a user via the default browser. This method will always generate a challenge to the user.

Returns:

The AuthenticationRecord which can be used to silently authenticate the account on future execution if persistent caching was enabled via InteractiveBrowserCredentialBuilder.tokenCachePersistenceOptions(TokenCachePersistenceOptions) when credential was instantiated.