Azure OSS for PHP API Reference

ManagedIdentityCredential
in package
implements TokenCredential

FinalYes
Tags
experimental

This credential is difficult to test reliably in CI because most managed identity endpoints are only available from within the corresponding Azure runtime (IMDS, App Service/Functions, Arc, etc.). If you try this in a real environment and it works (or fails), please let us know which environment you used and any relevant HTTP status/error details.

Table of Contents

Interfaces

TokenCredential
Defines how an Azure credential obtains access tokens.

Constants

APP_SERVICE_API_VERSION  : mixed = '2019-08-01'
ARC_API_VERSION  : mixed = '2020-06-01'
IMDS_API_VERSION  : mixed = '2018-02-01'
IMDS_ENDPOINT  : mixed = 'http://169.254.169.254/metadata/identity/oauth...
LEGACY_MSI_API_VERSION  : mixed = '2017-09-01'

Properties

$options  : ManagedIdentityCredentialOptions

Methods

__construct()  : mixed
getToken()  : AccessToken
Requests an access token for the supplied OAuth scopes.
appendQuery()  : string
detectEnvironment()  : string
discoverClientAndRequestFactory()  : RequestFactoryInterface}
getStringEnv()  : string|null
getTokenFromAppService()  : AccessToken
getTokenFromAzureArc()  : AccessToken
getTokenFromImds()  : AccessToken
getTokenFromMsiEndpoint()  : AccessToken
handleImdsResponse()  : AccessToken
parseWwwAuthenticateBasicRealm()  : string|null
readSecretFile()  : string
requestToken()  : ResponseInterface
scopeToResource()  : string

Constants

Properties

Methods

appendQuery()

private static appendQuery(string $url, array<string, mixed> $query) : string
Parameters
$url : string
$query : array<string, mixed>
Return values
string

detectEnvironment()

private detectEnvironment(string|null $identityEndpoint, string|null $identityHeader, string|null $imdsEndpoint, string|null $msiEndpoint) : string
Parameters
$identityEndpoint : string|null
$identityHeader : string|null
$imdsEndpoint : string|null
$msiEndpoint : string|null
Return values
string

discoverClientAndRequestFactory()

private discoverClientAndRequestFactory() : RequestFactoryInterface}
Return values
RequestFactoryInterface}

getStringEnv()

private getStringEnv(string $name) : string|null
Parameters
$name : string
Return values
string|null

getTokenFromAppService()

private getTokenFromAppService(string $resource, string $identityEndpoint, string $identityHeader, string|null $clientId) : AccessToken
Parameters
$resource : string
$identityEndpoint : string
$identityHeader : string
$clientId : string|null
Return values
AccessToken

getTokenFromMsiEndpoint()

private getTokenFromMsiEndpoint(string $resource, string $msiEndpoint, string|null $msiSecret, string|null $clientId) : AccessToken
Parameters
$resource : string
$msiEndpoint : string
$msiSecret : string|null
$clientId : string|null
Return values
AccessToken

parseWwwAuthenticateBasicRealm()

private parseWwwAuthenticateBasicRealm(string $header) : string|null
Parameters
$header : string
Return values
string|null

readSecretFile()

private readSecretFile(string $path) : string
Parameters
$path : string
Return values
string

requestToken()

private requestToken(ClientInterface $client, RequestFactoryInterface $requestFactory, string $url, array<string, string> $headers, array<string, mixed> $query, string $source) : ResponseInterface
Parameters
$client : ClientInterface
$requestFactory : RequestFactoryInterface
$url : string
$headers : array<string, string>
$query : array<string, mixed>
$source : string
Return values
ResponseInterface
On this page

Search results