Reference

AzSessions.AzSession — Function

session = AzSession([; kwargs...])

Create an Azure session for authentication using a specific authentication protocal. The available protocals and their kwargs are as follows.

Authorization code flow

session = AzSession(;
    protocal = AzAuthCodeFlowCredentials, # default, so can be ommitted.
    client_id = AzSessions._manifest["client_id"],
    redirect_uri = "http://localhost:44300/reply",
    scope = "openid+offline_access+https://storage.azure.com/user_impersonation",
    scope_auth = "openid+offline_access+https://management.azure.com/user_impersonation+https://storage.azure.com/user_impersonation",
    tenant = AzSessions._manifest["tenant"],
    lazy = false,
    clearcache = false)

Device code flow

session = AzSession(;
    protocal = AzDeviceCodeCredentials,  # default, so can be ommitted.
    client_id = AzSessions._manifest["client_id"],
    scope = "openid+offline_access+https://management.azure.com/user_impersonation",
    scope_auth = "openid+offline_access+https://management.azure.com/user_impersonation+https://storage.azure.com/user_impersonation",
    tenant = AzSessions._manifest["tenant"],
    clearcache = false)

Client Credentials

session = AzSession(;
    protocal = AzClientCredentials,
    tenant="chevron.onmicrosoft.com",
    client_id=AzSessions._manifest["client_id"],
    client_secret=AzSessions._manifest["client_secret"],
    resource="https://management.azure.com/",
    clearcache = false)

VM Credentials

session = AzSession(;
    protocal = AzVMCredentials,
    resource = "https://management.azure.com/",
    clearcache = false)

New audience

Create a session from an existing auth code flow session or device code flow session, but with a new scope. This means that we can get a session with a new audience without requiring re-authentication. Note that the new scope must be in session.scope_auth.

session = AzSession(;
    protocal=AzAuthCodeFlowCredentials,
    scope_auth="openid+offline_access+https://management.azure.com/user_impersonation+https://storage.azure.com/user_impersonation",
    scope="openid+offline_access+https://management.azure.com/user_impersonation")

t = token(session) # token for `https://management.azure.com` audience
session = AzSession(session; scope="openid+offline_access+https://storage.azure.com/user_impersonation")
t = token(session) # token for `https://storage.azure.com` audience without needing to re-authenticate

Notes

If lazy=false, then authenticate at the time of construction. Otherwise, wait until the first use of the session before authenticating.
If clearcache=false, then check the session-cache for an existing token rather than re-authenticating. The cache is stored in a JSON file (~/.azsessions/sessions.json).

source

AzSessions.token — Function

token(session)

Return the OAuth2 token associate with session.

source

AzSessions.scrub! — Function

scrub!(session)

Remove sensitive information from session (e.g. token, client secret)

source

AzSessions.write_manifest — Function

AzSessions.write_manifest(;client_id="", client_secret="", tenant="")

Write an AzSessions manifest file (~/.azsessions/manifest.json). The manifest file contains account specific credentials.

Note that the client can be configured such that the client_secret is not required for the authorization-code-flow and device-code-flow. In this scenario, one may choose to omit setting the client_secret in the manifest. For example:

AzSessions.write_manifest(;client_id="myclientid", tenant="mytenant")

source