You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: includes/iot-hub-howto-connect-service-iothub-entra-java.md
+23-8Lines changed: 23 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,7 +13,9 @@ ms.date: 11/06/2024
13
13
14
14
A backend app that uses Microsoft Entra must successfully authenticate and obtain a security token credential before connecting to IoT Hub. This token is passed to a IoT Hub connection method. For general information about setting up and using Microsoft Entra for IoT Hub, see [Control access to IoT Hub by using Microsoft Entra ID](/azure/iot-hub/authenticate-authorize-azure-ad).
15
15
16
-
For an overview of Java SDK authentication, see [Getting started with user authentication on Azure](https://learn.microsoft.com/en-us/azure/developer/java/sdk/authentication/azure-hosted-apps).
16
+
For an overview of Java SDK authentication, see [Getting started with user authentication on Azure](/azure/developer/java/sdk/authentication/azure-hosted-apps).
17
+
18
+
For simplicity, this section focuses on describing authentication using client secret.
17
19
18
20
##### Configure Microsoft Entra app
19
21
@@ -29,13 +31,13 @@ For more information about setting up a Microsoft Entra app, see [Quickstart: Re
29
31
30
32
##### Authenticate using DefaultAzureCredential
31
33
32
-
The easiest way to use Microsoft Entra to authenticate a backend application is to use [DefaultAzureCredential](/azure/developer/java/sdk/authentication/credential-chains#defaultazurecredential-overview), but it's recommended to use a different method in a production environment including a specific `TokenCredential` or pared-down `ChainedTokenCredential`. For simplicity, this section describes authentication using `DefaultAzureCredential` and Client secret.
34
+
The easiest way to use Microsoft Entra to authenticate a backend application is to use [DefaultAzureCredential](/azure/developer/java/sdk/authentication/credential-chains#defaultazurecredential-overview), but it's recommended to use a different method in a production environment including a specific `TokenCredential` or pared-down `ChainedTokenCredential`.
33
35
For more information about the pros and cons of using `DefaultAzureCredential`, see
[DefaultAzureCredential](/java/api/com.azure.identity.defaultazurecredential) supports different authentication mechanisms and determines the appropriate credential type based on the environment it's executing in. It attempts to use multiple credential types in an order until it finds a working credential.
37
39
38
-
You can authenticate Microsoft Entra app credentials using [DefaultAzureCredentialBuilder](/java/api/com.azure.identity.defaultazurecredentialbuilder). Save connection parameters such as client secret tenantID, clientID, and client secret values as environmental varaibles. Once the `TokenCredential` is created, pass it to [ServiceClient](https://learn.microsoft.com/en-us/java/api/com.azure.core.annotation.serviceclient) or other builder as the 'credential' parameter.
40
+
You can authenticate Microsoft Entra app credentials using [DefaultAzureCredentialBuilder](/java/api/com.azure.identity.defaultazurecredentialbuilder). Save connection parameters such as client secret tenantID, clientID, and client secret values as environmental varaibles. Once the `TokenCredential` is created, pass it to [ServiceClient](/java/api/com.azure.core.annotation.serviceclient) or other builder as the 'credential' parameter.
39
41
40
42
In this example, `DefaultAzureCredentialBuilder` will attempt to authenticate a connection from the list described in [DefaultAzureCredential](/java/api/com.azure.identity.defaultazurecredential). The result of a successful Microsoft Entra authentication is a security token credential that is passed to a constructor.
41
43
@@ -45,7 +47,7 @@ TokenCredential defaultAzureCredential = new DefaultAzureCredentialBuilder().bui
45
47
46
48
##### Authenticate using ClientSecretCredentialBuilder
47
49
48
-
You can use [ClientSecretCredentialBuilder](/java/api/com.azure.identity.clientsecretcredentialbuilder) to create a credential using client secret information. If successful, this method returns a [TokenCredential](/java/api/com.azure.core.credential.tokencredential).
50
+
You can use [ClientSecretCredentialBuilder](/java/api/com.azure.identity.clientsecretcredentialbuilder) to create a credential using client secret information. If successful, this method returns a [TokenCredential](/java/api/com.azure.core.credential.tokencredential) that can be passed to [ServiceClient](/java/api/com.azure.core.annotation.serviceclient) or other builder as the 'credential' parameter.
49
51
50
52
In this example, Microsoft Entra app registration client secret, client ID, and tenant ID values have been added to environment variables. These environment variables are used by `ClientSecretCredentialBuilder` to build the credential.
51
53
@@ -62,10 +64,23 @@ TokenCredential credential =
62
64
.build();
63
65
```
64
66
65
-
##### Authenticate using InteractiveBrowserCredential
67
+
##### Other authentication classes
68
+
69
+
The Java SDK also includes these classes that authenticate a backend app with Microsoft Entra:
66
70
67
-
Use [InteractiveBrowserCredential](https://learn.microsoft.com/en-us/java/api/com.azure.identity.interactivebrowsercredential) to authenticate a user sign-in using a web browser.
For working samples of Microsoft Entra service authentication, see [Role based authentication sample](github.com/Azure/azure-iot-service-sdk-java/tree/main/service/iot-service-samples/role-based-authorization-sample).
86
+
For working samples of Microsoft Entra service authentication, see [Role based authentication sample](https://github.com/Azure/azure-iot-service-sdk-java/tree/main/service/iot-service-samples/role-based-authorization-sample).
0 commit comments