From azure-sdk-typescript
Authenticates to Azure services using @azure/identity library. Covers DefaultAzureCredential, managed identity, service principals, and environment variable configuration for TypeScript/Node.js apps.
How this skill is triggered — by the user, by Claude, or both
Slash command
/azure-sdk-typescript:azure-identity-tsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Authentication library for Azure SDK clients using Microsoft Entra ID.
Authentication library for Azure SDK clients using Microsoft Entra ID.
npm install @azure/identity
# For Visual Studio Code credential support
npm install @azure/identity-vscode
AZURE_TENANT_ID=<tenant-id>
AZURE_CLIENT_ID=<client-id>
AZURE_CLIENT_SECRET=<client-secret>
AZURE_TOKEN_CREDENTIALS=prod # Required only if DefaultAzureCredential is used in production
AZURE_TENANT_ID=<tenant-id>
AZURE_CLIENT_ID=<client-id>
AZURE_CLIENT_CERTIFICATE_PATH=/path/to/cert.pem
AZURE_CLIENT_CERTIFICATE_PASSWORD=<optional-password>
AZURE_TENANT_ID=<tenant-id>
AZURE_CLIENT_ID=<client-id>
AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/tokens/azure-identity
import { DefaultAzureCredential, ManagedIdentityCredential } from "@azure/identity";
// Local dev: DefaultAzureCredential. Production: set AZURE_TOKEN_CREDENTIALS=prod or AZURE_TOKEN_CREDENTIALS=<specific_credential>
const credential = new DefaultAzureCredential({requiredEnvVars: ["AZURE_TOKEN_CREDENTIALS"]});
// Or use a specific credential directly in production:
// See https://learn.microsoft.com/javascript/api/overview/azure/identity-readme?view=azure-node-latest#credential-classes
// const credential = new ManagedIdentityCredential();
// Use with any Azure SDK client
import { BlobServiceClient } from "@azure/storage-blob";
const blobClient = new BlobServiceClient(
"https://<account>.blob.core.windows.net",
credential
);
See DefaultAzureCredential overview for the current credential chain order and defaults.
import { ManagedIdentityCredential } from "@azure/identity";
const credential = new ManagedIdentityCredential();
const credential = new ManagedIdentityCredential({
clientId: "<user-assigned-client-id>"
});
const credential = new ManagedIdentityCredential({
resourceId: "/subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<name>"
});
const credential = new ManagedIdentityCredential({
objectId: "<user-assigned-object-id>"
});
import { ClientSecretCredential } from "@azure/identity";
const credential = new ClientSecretCredential(
"<tenant-id>",
"<client-id>",
"<client-secret>"
);
import { ClientCertificateCredential } from "@azure/identity";
const credential = new ClientCertificateCredential(
"<tenant-id>",
"<client-id>",
{ certificatePath: "/path/to/cert.pem" }
);
// With password
const credentialWithPwd = new ClientCertificateCredential(
"<tenant-id>",
"<client-id>",
{
certificatePath: "/path/to/cert.pem",
certificatePassword: "<password>"
}
);
import { InteractiveBrowserCredential } from "@azure/identity";
const credential = new InteractiveBrowserCredential({
clientId: "<client-id>",
tenantId: "<tenant-id>",
loginHint: "[email protected]"
});
import { DeviceCodeCredential } from "@azure/identity";
const credential = new DeviceCodeCredential({
clientId: "<client-id>",
tenantId: "<tenant-id>",
userPromptCallback: (info) => {
console.log(info.message);
// "To sign in, use a web browser to open..."
}
});
import {
ChainedTokenCredential,
ManagedIdentityCredential,
AzureCliCredential
} from "@azure/identity";
// Try managed identity first, fall back to CLI
const credential = new ChainedTokenCredential(
new ManagedIdentityCredential(),
new AzureCliCredential()
);
import { useIdentityPlugin, VisualStudioCodeCredential } from "@azure/identity";
import { vsCodePlugin } from "@azure/identity-vscode";
useIdentityPlugin(vsCodePlugin);
const credential = new VisualStudioCodeCredential();
import { AzureCliCredential } from "@azure/identity";
const credential = new AzureCliCredential();
// Uses: az login
import { AzureDeveloperCliCredential } from "@azure/identity";
const credential = new AzureDeveloperCliCredential();
// Uses: azd auth login
import { AzurePowerShellCredential } from "@azure/identity";
const credential = new AzurePowerShellCredential();
// Uses: Connect-AzAccount
import { ClientSecretCredential, AzureAuthorityHosts } from "@azure/identity";
// Azure Government
const credential = new ClientSecretCredential(
"<tenant>", "<client>", "<secret>",
{ authorityHost: AzureAuthorityHosts.AzureGovernment }
);
// Azure China
const credentialChina = new ClientSecretCredential(
"<tenant>", "<client>", "<secret>",
{ authorityHost: AzureAuthorityHosts.AzureChina }
);
import { DefaultAzureCredential, getBearerTokenProvider } from "@azure/identity";
const credential = new DefaultAzureCredential({requiredEnvVars: ["AZURE_TOKEN_CREDENTIALS"]});
// Create a function that returns tokens
const getAccessToken = getBearerTokenProvider(
credential,
"https://cognitiveservices.azure.com/.default"
);
// Use with APIs that need bearer tokens
const token = await getAccessToken();
import type {
TokenCredential,
AccessToken,
GetTokenOptions
} from "@azure/core-auth";
import {
DefaultAzureCredential,
DefaultAzureCredentialOptions,
ManagedIdentityCredential,
ClientSecretCredential,
ClientCertificateCredential,
InteractiveBrowserCredential,
ChainedTokenCredential,
AzureCliCredential,
AzurePowerShellCredential,
AzureDeveloperCliCredential,
DeviceCodeCredential,
AzureAuthorityHosts
} from "@azure/identity";
import type { TokenCredential, AccessToken, GetTokenOptions } from "@azure/core-auth";
class CustomCredential implements TokenCredential {
async getToken(
scopes: string | string[],
options?: GetTokenOptions
): Promise<AccessToken | null> {
// Custom token acquisition logic
return {
token: "<access-token>",
expiresOnTimestamp: Date.now() + 3600000
};
}
}
import { setLogLevel, AzureLogger } from "@azure/logger";
setLogLevel("verbose");
// Custom log handler
AzureLogger.log = (...args) => {
console.log("[Azure]", ...args);
};
DefaultAzureCredential for local development; use ManagedIdentityCredential or WorkloadIdentityCredential for productionnpx claudepluginhub microsoft/skills --plugin azure-sdk-typescriptAuthenticate to Azure services using various credential types: environment variables, managed identity, service principals, and interactive flows.
Azure Identity SDK for Python authentication with Microsoft Entra ID. Use for DefaultAzureCredential, managed identity, service principals, and token caching.
Authenticates .NET apps to Azure services using Azure Identity library with DefaultAzureCredential, managed identities, service principals, and ASP.NET Core integration.