Reference

AzSessions.AzSessionFunction
session = AzSession([; kwargs...])

Create an Azure session for authentication using a specific authentication protocal. The available protocals and their kwargs are as follows.

Authorization code flow

session = AzSession(;
    protocal = _manifest["protocal"] | AzDeviceCodeFlowCredentials, # default, so can be ommitted.
    client_id = AzSessions._manifest["client_id"],
    redirect_uri = "http://localhost:44300/reply",
    scope = "openid+offline_access+https://storage.azure.com/user_impersonation",
    scope_auth = "openid+offline_access+https://management.azure.com/user_impersonation+https://storage.azure.com/user_impersonation",
    tenant = AzSessions._manifest["tenant"],
    lazy = false,
    clearcache = false)

Device code flow

session = AzSession(;
    protocal = AzDeviceCodeCredentials
    client_id = AzSessions._manifest["client_id"],
    scope = "openid+offline_access+https://management.azure.com/user_impersonation",
    scope_auth = "openid+offline_access+https://management.azure.com/user_impersonation+https://storage.azure.com/user_impersonation",
    tenant = AzSessions._manifest["tenant"],
    clearcache = false)

Client Credentials

session = AzSession(;
    protocal = AzClientCredentials,
    tenant="chevron.onmicrosoft.com",
    client_id=AzSessions._manifest["client_id"],
    client_secret=AzSessions._manifest["client_secret"],
    resource="https://management.azure.com/",
    clearcache = false)

VM Credentials

session = AzSession(;
    protocal = AzVMCredentials,
    resource = "https://management.azure.com/",
    clearcache = false)

New audience

Create a session from an existing auth code flow session or device code flow session, but with a new scope. This means that we can get a session with a new audience without requiring re-authentication. Note that the new scope must be in session.scope_auth.

session = AzSession(;
    protocal=AzAuthCodeFlowCredentials,
    scope_auth="openid+offline_access+https://management.azure.com/user_impersonation+https://storage.azure.com/user_impersonation",
    scope="openid+offline_access+https://management.azure.com/user_impersonation")

t = token(session) # token for `https://management.azure.com` audience
session = AzSession(session; scope="openid+offline_access+https://storage.azure.com/user_impersonation")
t = token(session) # token for `https://storage.azure.com` audience without needing to re-authenticate

Notes

  • If lazy=false, then authenticate at the time of construction. Otherwise, wait until the first use of the session before authenticating.
  • If clearcache=false, then check the session-cache for an existing token rather than re-authenticating. The cache is stored in a JSON file (~/.azsessions/sessions.json).
  • The default protocal can be set in the manifest (see the AzSessions.write_manifest method for more information).
source
AzSessions.scrub!Function
scrub!(session)

Remove sensitive information from session (e.g. token, client secret)

source
AzSessions.write_manifestFunction
AzSessions.write_manifest(;client_id="", client_secret="", tenant="", protocal="")

Write an AzSessions manifest file (~/.azsessions/manifest.json). The manifest file contains account specific credentials.

Notes

  • The client can be configured such that the client_secret is not

required for the authorization-code-flow and device-code-flow. In this scenario, one may choose to omit setting the client_secret in the manifest. For example:

AzSessions.write_manifest(;client_id="myclientid", tenant="mytenant")
  • The protocal is one of "AzAuthCodeFlowCredentials", "AzDeviceCodeFlowCredentials", "AzClientCredentials"

and "AzVMCredentials". If the default protocal="" is chosen for the manifest, then AzSession() will default to AzDeviceCodeFlowCredentials. The protocal in the manifest can always be over-ridden using the protocal argument to AzSession.

source