org.apache.hadoop.fs.azurebfs.oauth2

Class AzureADAuthenticator

java.lang.Object

org.apache.hadoop.fs.azurebfs.oauth2.AzureADAuthenticator

@InterfaceAudience.Private
 @InterfaceStability.Evolving
public final class AzureADAuthenticator
extends Object

This class provides convenience methods to obtain AAD tokens. While convenient, it is not necessary to use these methods to obtain the tokens. Customers can use any other method (e.g., using the adal4j client) to obtain tokens.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AzureADAuthenticator.HttpException This exception class contains the http error code, requestId and error message, it is thrown when AzureADAuthenticator failed to get the Azure Active Directory token.

Method Summary

Modifier and Type	Method and Description
static AzureADToken	getTokenFromMsi(String tenantGuid, String clientId, boolean bypassCache) Gets AAD token from the local virtual machine's VM extension.
static AzureADToken	getTokenUsingClientCreds(String authEndpoint, String clientId, String clientSecret) gets Azure Active Directory token using the user ID and password of a service principal (that is, Web App in Azure Active Directory).
static AzureADToken	getTokenUsingRefreshToken(String clientId, String refreshToken) Gets Azure Active Directory token using refresh token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getTokenUsingClientCreds

public static AzureADToken getTokenUsingClientCreds(String authEndpoint,
                                                    String clientId,
                                                    String clientSecret)
                                             throws IOException

gets Azure Active Directory token using the user ID and password of a service principal (that is, Web App in Azure Active Directory). Azure Active Directory allows users to set up a web app as a service principal. Users can optionally obtain service principal keys from AAD. This method gets a token using a service principal's client ID and keys. In addition, it needs the token endpoint associated with the user's directory.

Parameters:

authEndpoint - the OAuth 2.0 token endpoint associated with the user's directory (obtain from Active Directory configuration)

clientId - the client ID (GUID) of the client web app btained from Azure Active Directory configuration

clientSecret - the secret key of the client web app

Returns:

AzureADToken obtained using the creds

Throws:

IOException - throws IOException if there is a failure in connecting to Azure AD

getTokenFromMsi

public static AzureADToken getTokenFromMsi(String tenantGuid,
                                           String clientId,
                                           boolean bypassCache)
                                    throws IOException

Gets AAD token from the local virtual machine's VM extension. This only works on an Azure VM with MSI extension enabled.

Parameters:

tenantGuid - (optional) The guid of the AAD tenant. Can be null.

clientId - (optional) The clientId guid of the MSI service principal to use. Can be null.

bypassCache - boolean specifying whether a cached token is acceptable or a fresh token request should me made to AAD

Returns:

AzureADToken obtained using the creds

Throws:

IOException - throws IOException if there is a failure in obtaining the token

getTokenUsingRefreshToken

public static AzureADToken getTokenUsingRefreshToken(String clientId,
                                                     String refreshToken)
                                              throws IOException

Gets Azure Active Directory token using refresh token.

Parameters:

clientId - the client ID (GUID) of the client web app obtained from Azure Active Directory configuration

refreshToken - the refresh token

Returns:

AzureADToken obtained using the refresh token

Throws:

IOException - throws IOException if there is a failure in connecting to Azure AD