Reference
AzSessions.AzSession
— Functionsession = AzSession([; kwargs...])
Create an Azure session for authentication using a specific authentication protocol. The available protocols and their kwargs
are as follows.
Authorization code flow
session = AzSession(;
protocol = _manifest["protocol"] | AzDeviceCodeFlowCredentials,
client_id = AzSessions._manifest["client_id"],
redirect_uri = "http://localhost:44300/reply",
scope = "openid+offline_access+https://storage.azure.com/user_impersonation",
scope_auth = "openid+offline_access+https://management.azure.com/user_impersonation+https://storage.azure.com/user_impersonation",
tenant = AzSessions._manifest["tenant"],
lazy = false,
clearcache = false)
Device code flow
session = AzSession(;
protocol = AzDeviceCodeCredentials
client_id = AzSessions._manifest["client_id"],
scope = "openid+offline_access+https://management.azure.com/user_impersonation",
scope_auth = "openid+offline_access+https://management.azure.com/user_impersonation+https://storage.azure.com/user_impersonation",
tenant = AzSessions._manifest["tenant"],
clearcache = false)
Client Credentials
session = AzSession(;
protocol = AzClientCredentials,
tenant=AzSessions._manifest["tenant"],
client_id=AzSessions._manifest["client_id"],
client_secret=AzSessions._manifest["client_secret"],
resource="https://management.azure.com/",
clearcache = false)
VM Credentials
session = AzSession(;
protocol = AzVMCredentials,
resource = "https://management.azure.com/",
clearcache = false)
New audience
Create a session from an existing auth code flow session or device code flow session, but with a new scope. This means that we can get a session with a new audience without requiring re-authentication. Note that the new scope must be in session.scope_auth
.
session = AzSession(;
protocol=AzAuthCodeFlowCredentials,
scope_auth="openid+offline_access+https://management.azure.com/user_impersonation+https://storage.azure.com/user_impersonation",
scope="openid+offline_access+https://management.azure.com/user_impersonation")
t = token(session) # token for `https://management.azure.com` audience
session = AzSession(session; scope="openid+offline_access+https://storage.azure.com/user_impersonation")
t = token(session) # token for `https://storage.azure.com` audience without needing to re-authenticate
Notes
- If
lazy=false
, then authenticate at the time of construction. Otherwise, wait until the first use of the session before authenticating. - If
clearcache=false
, then check the session-cache for an existing token rather than re-authenticating. The cache is stored in a JSON file (~/.azsessions/sessions.json
). - The default protocol can be set in the manifest (see the
AzSessions.write_manifest
method for more information).
AzSessions.token
— Functiontoken(session[; offset=Second(rand(300:600))])
Return the OAuth2 token associate with session
. The offset
ensures that the token is valid for at least offset
time. The default offset is randomized between 5 and 15 minutes. We randomize the offset to avoid calling the Azure authentication end-point at the same time from many VMs operating in parallel.
AzSessions.scrub!
— Functionscrub!(session)
Remove sensitive information from session
(e.g. token, client secret)
AzSessions.write_manifest
— FunctionAzSessions.write_manifest(;client_id="", client_secret="", tenant="", protocol="")
Write an AzSessions manifest file (~/.azsessions/manifest.json). The manifest file contains account specific credentials.
Notes
client secret
The client can be configured such that the client_secret
is not required for the authorization-code-flow and device-code-flow. In this scenario, one may choose to omit setting the client_secret
in the manifest. For example:
AzSessions.write_manifest(;client_id="myclientid", tenant="mytenant")
protocol
The protocol is one of "AzAuthCodeFlowCredentials", "AzDeviceCodeFlowCredentials", "AzClientCredentials" and "AzVMCredentials". If the default protocol=""
is chosen for the manifest, then AzSession()
will default to AzDeviceCodeFlowCredentials
. The protocol in the manifest can always be over-ridden using the protocol
argument to AzSession
.