Merge pull request #295206 from DENKEN02MSFT/ADTFreshnessTop40_Row29

ADT Freshness - row 29

Author: prmerger-automator[bot]

articles/digital-twins/how-to-authenticate-client.md

@@ -5,7 +5,7 @@ titleSuffix: Azure Digital Twins
 description: Learn how to write authentication code in a client application
 author: baanders
 ms.author: baanders # Microsoft employees only
-ms.date: 03/01/2023
+ms.date: 02/24/2025
 ms.topic: how-to
 ms.service: azure-digital-twins
 
@@ -17,17 +17,17 @@ ms.service: azure-digital-twins
 
 # Write client app authentication code
 
-After you [set up an Azure Digital Twins instance and authentication](how-to-set-up-instance-portal.md), you can create a client application that you'll use to interact with the instance. Once you have set up a starter client project, you'll need to **write code in that client app to authenticate it** against the Azure Digital Twins instance.
+After you [set up an Azure Digital Twins instance and authentication](how-to-set-up-instance-portal.md), you can create a client application that you'll use to interact with the instance. Once you set up a starter client project, you need to **write code in that client app to authenticate it** against the Azure Digital Twins instance.
 
-Azure Digital Twins authenticates using [Microsoft Entra Security Tokens based on OAUTH 2.0](../active-directory/develop/security-tokens.md#json-web-tokens-and-claims). To authenticate your SDK, you'll need to get a bearer token with the right permissions to Azure Digital Twins, and pass it along with your API calls. 
+Azure Digital Twins authenticates using [Microsoft Entra Security Tokens based on OAUTH 2.0](../active-directory/develop/security-tokens.md#json-web-tokens-and-claims). To authenticate your SDK, you need to get a bearer token with the right permissions to Azure Digital Twins, and pass it along with your API calls. 
 
 This article describes how to obtain credentials using the `Azure.Identity` client library. While this article shows code examples in C#, such as what you'd write for the [.NET (C#) SDK](/dotnet/api/overview/azure/digitaltwins.core-readme), you can use a version of `Azure.Identity` regardless of what SDK you're using (for more on the SDKs available for Azure Digital Twins, see [Azure Digital Twins APIs and SDKs](concepts-apis-sdks.md).
 
 ## Prerequisites
 
-First, complete the setup steps in [Set up an instance and authentication](how-to-set-up-instance-portal.md). This setup will ensure you have an Azure Digital Twins instance and your user has access permissions. After that setup, you're ready to write client app code.
+First, complete the setup steps in [Set up an instance and authentication](how-to-set-up-instance-portal.md). This setup ensures that you have an Azure Digital Twins instance and your user has access permissions. After that setup, you're ready to write client app code.
 
-To continue, you'll need a client app project in which you write your code. If you don't already have a client app project set up, create a basic project in your language of choice to use with this tutorial.
+To continue, you need a client app project in which you write your code. If you don't already have a client app project set up, create a basic project in your language of choice to use with this tutorial.
 
 ## Authenticate using Azure.Identity library
 
@@ -40,9 +40,9 @@ To continue, you'll need a client app project in which you write your code. If y
 
 Three common credential-obtaining methods in `Azure.Identity` are:
 
-* [DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet&preserve-view=true) provides a default `TokenCredential` authentication flow for applications that will be deployed to Azure, and is **the recommended choice for local development**. It also can be enabled to try the other two methods recommended in this article; it wraps `ManagedIdentityCredential` and can access `InteractiveBrowserCredential` with a configuration variable.
-* [ManagedIdentityCredential](/dotnet/api/azure.identity.managedidentitycredential?view=azure-dotnet&preserve-view=true) works well in cases where you need [managed identities (MSI)](../active-directory/managed-identities-azure-resources/overview.md), and is a good candidate for working with Azure Functions and deploying to Azure services.
-* [InteractiveBrowserCredential](/dotnet/api/azure.identity.interactivebrowsercredential?view=azure-dotnet&preserve-view=true) is intended for interactive applications, and can be used to create an authenticated SDK client.
+* [DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet&preserve-view=true) provides a default `TokenCredential` authentication flow for applications that are deployed to Azure. This method is **the recommended choice for local development**. It also can be enabled to try the other two methods recommended in this article; it wraps `ManagedIdentityCredential` and can access `InteractiveBrowserCredential` with a configuration variable.
+* [ManagedIdentityCredential](/dotnet/api/azure.identity.managedidentitycredential?view=azure-dotnet&preserve-view=true) works well in cases where you need [managed identities (MSI)](../active-directory/managed-identities-azure-resources/overview.md). This method is a good candidate for working with Azure Functions and deploying to Azure services.
+* [InteractiveBrowserCredential](/dotnet/api/azure.identity.interactivebrowsercredential?view=azure-dotnet&preserve-view=true) is intended for interactive applications. This method can be used to create an authenticated SDK client.
 
 The rest of this article shows how to use these methods with the [.NET (C#) SDK](/dotnet/api/overview/azure/digitaltwins.core-readme).
 
@@ -60,9 +60,9 @@ Next, add code to obtain credentials using one of the methods in `Azure.Identity
 
 ### DefaultAzureCredential method
 
-[DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet&preserve-view=true) provides a default `TokenCredential` authentication flow for applications that will be deployed to Azure, and is **the recommended choice for local development**.
+[DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet&preserve-view=true) provides a default `TokenCredential` authentication flow for applications that are deployed to Azure. This method is **the recommended choice for local development**.
 
-To use the default Azure credentials, you'll need the Azure Digital Twins instance's URL ([instructions to find](how-to-set-up-instance-portal.md#verify-success-and-collect-important-values)).
+To use the default Azure credentials, you need the Azure Digital Twins instance's URL ([instructions to find](how-to-set-up-instance-portal.md#verify-success-and-collect-important-values)).
 
 Here's a code sample to add a `DefaultAzureCredential` to your project:
 
@@ -80,19 +80,19 @@ The [ManagedIdentityCredential](/dotnet/api/azure.identity.managedidentitycreden
 
 This means that you can use `ManagedIdentityCredential` in the same project as `DefaultAzureCredential` or `InteractiveBrowserCredential`, to authenticate a different part of the project.
 
-To use the default Azure credentials, you'll need the Azure Digital Twins instance's URL ([instructions to find](how-to-set-up-instance-portal.md#verify-success-and-collect-important-values)). You may also need an [app registration](./how-to-create-app-registration.md) and the registration's [Application (client) ID](./how-to-create-app-registration.md#collect-client-id-and-tenant-id).
+To use the default Azure credentials, you need the Azure Digital Twins instance's URL ([instructions to find](how-to-set-up-instance-portal.md#verify-success-and-collect-important-values)). You might also need an [app registration](./how-to-create-app-registration.md) and the registration's [Application (client) ID](./how-to-create-app-registration.md#collect-client-id-and-tenant-id).
 
 In an Azure function, you can use the managed identity credentials like this:
 
 :::code language="csharp" source="~/digital-twins-docs-samples/sdks/csharp/authentication.cs" id="ManagedIdentityCredential":::
 
-While creating the credential, leaving the parameter empty as shown above will return the credential for the function app's system-assigned identity, if it has one. To specify a user-assigned identity instead, pass the user-assigned identity's **client ID** into the parameter. 
+When you create the credential without parameters, as shown in the previous example, it returns the credential for the function app's system-assigned identity, if it has one. To specify a user-assigned identity instead, pass the user-assigned identity's **client ID** into the `id` parameter for the constructor. 
 
 ### InteractiveBrowserCredential method
 
-The [InteractiveBrowserCredential](/dotnet/api/azure.identity.interactivebrowsercredential?view=azure-dotnet&preserve-view=true) method is intended for interactive applications and will bring up a web browser for authentication. You can use this method instead of `DefaultAzureCredential` in cases where you require interactive authentication.
+The [InteractiveBrowserCredential](/dotnet/api/azure.identity.interactivebrowsercredential?view=azure-dotnet&preserve-view=true) method is intended for interactive applications and brings up a web browser for authentication. You can use this method instead of `DefaultAzureCredential` in cases where you require interactive authentication.
 
-To use the interactive browser credentials, you'll need an **app registration** that has permissions to the Azure Digital Twins APIs. For steps on how to set up this app registration, see [Create an app registration with Azure Digital Twins access](./how-to-create-app-registration.md). Once the app registration is set up, you'll need...
+To use the interactive browser credentials, you need an **app registration** that has permissions to the Azure Digital Twins APIs. For steps on how to set up this app registration, see [Create an app registration with Azure Digital Twins access](./how-to-create-app-registration.md). Once the app registration is set up, you need the following values:
 * [the app registration's Application (client) ID](./how-to-create-app-registration.md#collect-client-id-and-tenant-id)
 * [the app registration's Directory (tenant) ID](./how-to-create-app-registration.md#collect-client-id-and-tenant-id)
 * [the Azure Digital Twins instance's URL](how-to-set-up-instance-portal.md#verify-success-and-collect-important-values)
@@ -102,11 +102,11 @@ Here's an example of the code to create an authenticated SDK client using `Inter
 :::code language="csharp" source="~/digital-twins-docs-samples/sdks/csharp/authentication.cs" id="InteractiveBrowserCredential":::
 
 >[!NOTE]
-> While you can place the client ID, tenant ID and instance URL directly into the code as shown above, it's a good idea to have your code get these values from a configuration file or environment variable instead.
+> While you can place the client ID, tenant ID and instance URL directly into the code as shown in the previous example, it's a good idea to have your code get these values from a configuration file or environment variable instead.
 
 ## Authenticate Azure Functions
 
-This section contains some of the important configuration choices in the context of authenticating with Azure Functions. First, you'll read about recommended class-level variables and authentication code that will allow the function to access Azure Digital Twins. Then, you'll read about some final configuration steps to complete for your function after its code is published to Azure. 
+This section contains some of the important configuration choices in the context of authenticating with Azure Functions. First, you read about recommended class-level variables and authentication code that allow the function to access Azure Digital Twins. Then, you read about some final configuration steps to complete for your function after its code is published to Azure. 
 
 ### Write application code
 
@@ -118,22 +118,22 @@ When writing the Azure function, consider adding these variables and code to you
 
     Later, after publishing the function, you'll create and set the value of the environment variable for this code to read. For instructions on how to do so, skip ahead to [Configure application settings](#configure-application-settings).
 
-* **A static variable to hold an HttpClient instance.** HttpClient is relatively expensive to create, so you'll probably want to create it once with the authentication code to avoid creating it for every function invocation.
+* **A static variable to hold an HttpClient instance.** HttpClient is relatively expensive to create, so you probably want to create it once with the authentication code to avoid creating it for every function invocation.
 
     :::code language="csharp" source="~/digital-twins-docs-samples/sdks/csharp/adtIngestFunctionSample.cs" id="HTTP_client":::
 
-* **Managed identity credential.** Create a managed identity credential that your function will use to access Azure Digital Twins. 
+* **Managed identity credential.** Create a managed identity credential that your function uses to access Azure Digital Twins. 
 
     :::code language="csharp" source="~/digital-twins-docs-samples/sdks/csharp/adtIngestFunctionSample.cs" id="ManagedIdentityCredential":::
 
-    Leaving the parameter empty as shown above will return the credential for the function app's system-assigned identity, if it has one. To specify a user-assigned identity instead, pass the user-assigned identity's **client ID** into the parameter. 
+    When you create the credential without parameters, as shown in the previous example, it returns the credential for the function app's system-assigned identity, if it has one. To specify a user-assigned identity instead, pass the user-assigned identity's **client ID** into the `id` parameter for the constructor.   
 
-    Later, after publishing the function, you'll make sure the function's identity has permission to access the Azure Digital Twins APIs. For instructions on how to do so, skip ahead to [Assign an access role](#assign-an-access-role).    
+    Later, after publishing the function, you ensure that the function's identity has permission to access the Azure Digital Twins APIs. For instructions on how to do so, skip ahead to [Assign an access role](#assign-an-access-role).    
 
 * **A local variable _DigitalTwinsClient_.** Add the variable inside your function to hold your Azure Digital Twins client instance. _Don't_ make this variable static inside your class.
     :::code language="csharp" source="~/digital-twins-docs-samples/sdks/csharp/adtIngestFunctionSample.cs" id="DigitalTwinsClient":::
 
-* **A null check for _adtInstanceUrl_.** Add the null check and then wrap your function logic in a try/catch block to catch any exceptions.
+* **A null check for _adtInstanceUrl_.** To catch any exceptions, add the null check and then wrap your function logic in a try/catch block.
 
 After these variables are added to a function, your function code might look like the following example.
 
@@ -163,7 +163,7 @@ You can also specify the home tenant in the credential options in your code.
 
 ## Other credential methods
 
-If the highlighted authentication scenarios above don't cover the needs of your app, you can explore other types of authentication offered in the [Microsoft identity platform](../active-directory/develop/v2-overview.md#getting-started). The documentation for this platform covers more authentication scenarios, organized by application type.
+If the highlighted authentication scenarios described in this article don't cover the needs of your app, you can explore other types of authentication offered in the [Microsoft identity platform](../active-directory/develop/v2-overview.md#getting-started). The documentation for this platform covers more authentication scenarios, organized by application type.
 
 ## Next steps