multiAI Summary Pending
azure-identity-ts
Authenticate to Azure services with various credential types.
28,273 stars
bysickn33
Installation
Claude Code / Cursor / Codex
$curl -o ~/.claude/skills/azure-identity-ts/SKILL.md --create-dirs "https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/plugins/antigravity-awesome-skills-claude/skills/azure-identity-ts/SKILL.md"
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/azure-identity-ts/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How azure-identity-ts Compares
| Feature / Agent | azure-identity-ts | Standard Approach |
|---|---|---|
| Platform Support | multi | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Authenticate to Azure services with various credential types.
Which AI agents support this skill?
This skill is compatible with multi.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Azure Identity SDK for TypeScript
Authenticate to Azure services with various credential types.
## Installation
```bash
npm install @azure/identity
```
## Environment Variables
### Service Principal (Secret)
```bash
AZURE_TENANT_ID=<tenant-id>
AZURE_CLIENT_ID=<client-id>
AZURE_CLIENT_SECRET=<client-secret>
```
### Service Principal (Certificate)
```bash
AZURE_TENANT_ID=<tenant-id>
AZURE_CLIENT_ID=<client-id>
AZURE_CLIENT_CERTIFICATE_PATH=/path/to/cert.pem
AZURE_CLIENT_CERTIFICATE_PASSWORD=<optional-password>
```
### Workload Identity (Kubernetes)
```bash
AZURE_TENANT_ID=<tenant-id>
AZURE_CLIENT_ID=<client-id>
AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/tokens/azure-identity
```
## DefaultAzureCredential (Recommended)
```typescript
import { DefaultAzureCredential } from "@azure/identity";
const credential = new DefaultAzureCredential();
// Use with any Azure SDK client
import { BlobServiceClient } from "@azure/storage-blob";
const blobClient = new BlobServiceClient(
"https://<account>.blob.core.windows.net",
credential
);
```
**Credential Chain Order:**
1. EnvironmentCredential
2. WorkloadIdentityCredential
3. ManagedIdentityCredential
4. VisualStudioCodeCredential
5. AzureCliCredential
6. AzurePowerShellCredential
7. AzureDeveloperCliCredential
## Managed Identity
### System-Assigned
```typescript
import { ManagedIdentityCredential } from "@azure/identity";
const credential = new ManagedIdentityCredential();
```
### User-Assigned (by Client ID)
```typescript
const credential = new ManagedIdentityCredential({
clientId: "<user-assigned-client-id>"
});
```
### User-Assigned (by Resource ID)
```typescript
const credential = new ManagedIdentityCredential({
resourceId: "/subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<name>"
});
```
## Service Principal
### Client Secret
```typescript
import { ClientSecretCredential } from "@azure/identity";
const credential = new ClientSecretCredential(
"<tenant-id>",
"<client-id>",
"<client-secret>"
);
```
### Client Certificate
```typescript
import { ClientCertificateCredential } from "@azure/identity";
const credential = new ClientCertificateCredential(
"<tenant-id>",
"<client-id>",
{ certificatePath: "/path/to/cert.pem" }
);
// With password
const credentialWithPwd = new ClientCertificateCredential(
"<tenant-id>",
"<client-id>",
{
certificatePath: "/path/to/cert.pem",
certificatePassword: "<password>"
}
);
```
## Interactive Authentication
### Browser-Based Login
```typescript
import { InteractiveBrowserCredential } from "@azure/identity";
const credential = new InteractiveBrowserCredential({
clientId: "<client-id>",
tenantId: "<tenant-id>",
loginHint: "user@example.com"
});
```
### Device Code Flow
```typescript
import { DeviceCodeCredential } from "@azure/identity";
const credential = new DeviceCodeCredential({
clientId: "<client-id>",
tenantId: "<tenant-id>",
userPromptCallback: (info) => {
console.log(info.message);
// "To sign in, use a web browser to open..."
}
});
```
## Custom Credential Chain
```typescript
import {
ChainedTokenCredential,
ManagedIdentityCredential,
AzureCliCredential
} from "@azure/identity";
// Try managed identity first, fall back to CLI
const credential = new ChainedTokenCredential(
new ManagedIdentityCredential(),
new AzureCliCredential()
);
```
## Developer Credentials
### Azure CLI
```typescript
import { AzureCliCredential } from "@azure/identity";
const credential = new AzureCliCredential();
// Uses: az login
```
### Azure Developer CLI
```typescript
import { AzureDeveloperCliCredential } from "@azure/identity";
const credential = new AzureDeveloperCliCredential();
// Uses: azd auth login
```
### Azure PowerShell
```typescript
import { AzurePowerShellCredential } from "@azure/identity";
const credential = new AzurePowerShellCredential();
// Uses: Connect-AzAccount
```
## Sovereign Clouds
```typescript
import { ClientSecretCredential, AzureAuthorityHosts } from "@azure/identity";
// Azure Government
const credential = new ClientSecretCredential(
"<tenant>", "<client>", "<secret>",
{ authorityHost: AzureAuthorityHosts.AzureGovernment }
);
// Azure China
const credentialChina = new ClientSecretCredential(
"<tenant>", "<client>", "<secret>",
{ authorityHost: AzureAuthorityHosts.AzureChina }
);
```
## Bearer Token Provider
```typescript
import { DefaultAzureCredential, getBearerTokenProvider } from "@azure/identity";
const credential = new DefaultAzureCredential();
// Create a function that returns tokens
const getAccessToken = getBearerTokenProvider(
credential,
"https://cognitiveservices.azure.com/.default"
);
// Use with APIs that need bearer tokens
const token = await getAccessToken();
```
## Key Types
```typescript
import type {
TokenCredential,
AccessToken,
GetTokenOptions
} from "@azure/core-auth";
import {
DefaultAzureCredential,
DefaultAzureCredentialOptions,
ManagedIdentityCredential,
ClientSecretCredential,
ClientCertificateCredential,
InteractiveBrowserCredential,
ChainedTokenCredential,
AzureCliCredential,
AzurePowerShellCredential,
AzureDeveloperCliCredential,
DeviceCodeCredential,
AzureAuthorityHosts
} from "@azure/identity";
```
## Custom Credential Implementation
```typescript
import type { TokenCredential, AccessToken, GetTokenOptions } from "@azure/core-auth";
class CustomCredential implements TokenCredential {
async getToken(
scopes: string | string[],
options?: GetTokenOptions
): Promise<AccessToken | null> {
// Custom token acquisition logic
return {
token: "<access-token>",
expiresOnTimestamp: Date.now() + 3600000
};
}
}
```
## Debugging
```typescript
import { setLogLevel, AzureLogger } from "@azure/logger";
setLogLevel("verbose");
// Custom log handler
AzureLogger.log = (...args) => {
console.log("[Azure]", ...args);
};
```
## Best Practices
1. **Use DefaultAzureCredential** - Works in development (CLI) and production (managed identity)
2. **Never hardcode credentials** - Use environment variables or managed identity
3. **Prefer managed identity** - No secrets to manage in production
4. **Scope credentials appropriately** - Use user-assigned identity for multi-tenant scenarios
5. **Handle token refresh** - Azure SDK handles this automatically
6. **Use ChainedTokenCredential** - For custom fallback scenarios
## When to Use
This skill is applicable to execute the workflow or actions described in the overview.