[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-e9bce61c-5308-4693-86cb-08ac722e0af1":3,"$fQtplweZqnOtIQekcIRD-PwAfRk2z66SqAr8lYmXjcaU":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"e9bce61c-5308-4693-86cb-08ac722e0af1","azure-identity-ts","使用各种凭证类型验证Azure服务。","cat_coding_devops","mod_coding","sickn33,coding","---\nname: azure-identity-ts\ndescription: \"Authenticate to Azure services with various credential types.\"\nrisk: unknown\nsource: community\ndate_added: \"2026-02-27\"\n---\n\n# Azure Identity SDK for TypeScript\n\nAuthenticate to Azure services with various credential types.\n\n## Installation\n\n```bash\nnpm install @azure\u002Fidentity\n```\n\n## Environment Variables\n\n### Service Principal (Secret)\n\n```bash\nAZURE_TENANT_ID=\u003Ctenant-id>\nAZURE_CLIENT_ID=\u003Cclient-id>\nAZURE_CLIENT_SECRET=\u003Cclient-secret>\n```\n\n### Service Principal (Certificate)\n\n```bash\nAZURE_TENANT_ID=\u003Ctenant-id>\nAZURE_CLIENT_ID=\u003Cclient-id>\nAZURE_CLIENT_CERTIFICATE_PATH=\u002Fpath\u002Fto\u002Fcert.pem\nAZURE_CLIENT_CERTIFICATE_PASSWORD=\u003Coptional-password>\n```\n\n### Workload Identity (Kubernetes)\n\n```bash\nAZURE_TENANT_ID=\u003Ctenant-id>\nAZURE_CLIENT_ID=\u003Cclient-id>\nAZURE_FEDERATED_TOKEN_FILE=\u002Fvar\u002Frun\u002Fsecrets\u002Ftokens\u002Fazure-identity\n```\n\n## DefaultAzureCredential (Recommended)\n\n```typescript\nimport { DefaultAzureCredential } from \"@azure\u002Fidentity\";\n\nconst credential = new DefaultAzureCredential();\n\n\u002F\u002F Use with any Azure SDK client\nimport { BlobServiceClient } from \"@azure\u002Fstorage-blob\";\nconst blobClient = new BlobServiceClient(\n  \"https:\u002F\u002F\u003Caccount>.blob.core.windows.net\",\n  credential\n);\n```\n\n**Credential Chain Order:**\n1. EnvironmentCredential\n2. WorkloadIdentityCredential\n3. ManagedIdentityCredential\n4. VisualStudioCodeCredential\n5. AzureCliCredential\n6. AzurePowerShellCredential\n7. AzureDeveloperCliCredential\n\n## Managed Identity\n\n### System-Assigned\n\n```typescript\nimport { ManagedIdentityCredential } from \"@azure\u002Fidentity\";\n\nconst credential = new ManagedIdentityCredential();\n```\n\n### User-Assigned (by Client ID)\n\n```typescript\nconst credential = new ManagedIdentityCredential({\n  clientId: \"\u003Cuser-assigned-client-id>\"\n});\n```\n\n### User-Assigned (by Resource ID)\n\n```typescript\nconst credential = new ManagedIdentityCredential({\n  resourceId: \"\u002Fsubscriptions\u002F\u003Csub>\u002FresourceGroups\u002F\u003Crg>\u002Fproviders\u002FMicrosoft.ManagedIdentity\u002FuserAssignedIdentities\u002F\u003Cname>\"\n});\n```\n\n## Service Principal\n\n### Client Secret\n\n```typescript\nimport { ClientSecretCredential } from \"@azure\u002Fidentity\";\n\nconst credential = new ClientSecretCredential(\n  \"\u003Ctenant-id>\",\n  \"\u003Cclient-id>\",\n  \"\u003Cclient-secret>\"\n);\n```\n\n### Client Certificate\n\n```typescript\nimport { ClientCertificateCredential } from \"@azure\u002Fidentity\";\n\nconst credential = new ClientCertificateCredential(\n  \"\u003Ctenant-id>\",\n  \"\u003Cclient-id>\",\n  { certificatePath: \"\u002Fpath\u002Fto\u002Fcert.pem\" }\n);\n\n\u002F\u002F With password\nconst credentialWithPwd = new ClientCertificateCredential(\n  \"\u003Ctenant-id>\",\n  \"\u003Cclient-id>\",\n  { \n    certificatePath: \"\u002Fpath\u002Fto\u002Fcert.pem\",\n    certificatePassword: \"\u003Cpassword>\"\n  }\n);\n```\n\n## Interactive Authentication\n\n### Browser-Based Login\n\n```typescript\nimport { InteractiveBrowserCredential } from \"@azure\u002Fidentity\";\n\nconst credential = new InteractiveBrowserCredential({\n  clientId: \"\u003Cclient-id>\",\n  tenantId: \"\u003Ctenant-id>\",\n  loginHint: \"user@example.com\"\n});\n```\n\n### Device Code Flow\n\n```typescript\nimport { DeviceCodeCredential } from \"@azure\u002Fidentity\";\n\nconst credential = new DeviceCodeCredential({\n  clientId: \"\u003Cclient-id>\",\n  tenantId: \"\u003Ctenant-id>\",\n  userPromptCallback: (info) => {\n    console.log(info.message);\n    \u002F\u002F \"To sign in, use a web browser to open...\"\n  }\n});\n```\n\n## Custom Credential Chain\n\n```typescript\nimport { \n  ChainedTokenCredential,\n  ManagedIdentityCredential,\n  AzureCliCredential\n} from \"@azure\u002Fidentity\";\n\n\u002F\u002F Try managed identity first, fall back to CLI\nconst credential = new ChainedTokenCredential(\n  new ManagedIdentityCredential(),\n  new AzureCliCredential()\n);\n```\n\n## Developer Credentials\n\n### Azure CLI\n\n```typescript\nimport { AzureCliCredential } from \"@azure\u002Fidentity\";\n\nconst credential = new AzureCliCredential();\n\u002F\u002F Uses: az login\n```\n\n### Azure Developer CLI\n\n```typescript\nimport { AzureDeveloperCliCredential } from \"@azure\u002Fidentity\";\n\nconst credential = new AzureDeveloperCliCredential();\n\u002F\u002F Uses: azd auth login\n```\n\n### Azure PowerShell\n\n```typescript\nimport { AzurePowerShellCredential } from \"@azure\u002Fidentity\";\n\nconst credential = new AzurePowerShellCredential();\n\u002F\u002F Uses: Connect-AzAccount\n```\n\n## Sovereign Clouds\n\n```typescript\nimport { ClientSecretCredential, AzureAuthorityHosts } from \"@azure\u002Fidentity\";\n\n\u002F\u002F Azure Government\nconst credential = new ClientSecretCredential(\n  \"\u003Ctenant>\", \"\u003Cclient>\", \"\u003Csecret>\",\n  { authorityHost: AzureAuthorityHosts.AzureGovernment }\n);\n\n\u002F\u002F Azure China\nconst credentialChina = new ClientSecretCredential(\n  \"\u003Ctenant>\", \"\u003Cclient>\", \"\u003Csecret>\",\n  { authorityHost: AzureAuthorityHosts.AzureChina }\n);\n```\n\n## Bearer Token Provider\n\n```typescript\nimport { DefaultAzureCredential, getBearerTokenProvider } from \"@azure\u002Fidentity\";\n\nconst credential = new DefaultAzureCredential();\n\n\u002F\u002F Create a function that returns tokens\nconst getAccessToken = getBearerTokenProvider(\n  credential,\n  \"https:\u002F\u002Fcognitiveservices.azure.com\u002F.default\"\n);\n\n\u002F\u002F Use with APIs that need bearer tokens\nconst token = await getAccessToken();\n```\n\n## Key Types\n\n```typescript\nimport type { \n  TokenCredential, \n  AccessToken, \n  GetTokenOptions \n} from \"@azure\u002Fcore-auth\";\n\nimport {\n  DefaultAzureCredential,\n  DefaultAzureCredentialOptions,\n  ManagedIdentityCredential,\n  ClientSecretCredential,\n  ClientCertificateCredential,\n  InteractiveBrowserCredential,\n  ChainedTokenCredential,\n  AzureCliCredential,\n  AzurePowerShellCredential,\n  AzureDeveloperCliCredential,\n  DeviceCodeCredential,\n  AzureAuthorityHosts\n} from \"@azure\u002Fidentity\";\n```\n\n## Custom Credential Implementation\n\n```typescript\nimport type { TokenCredential, AccessToken, GetTokenOptions } from \"@azure\u002Fcore-auth\";\n\nclass CustomCredential implements TokenCredential {\n  async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise\u003CAccessToken | null> {\n    \u002F\u002F Custom token acquisition logic\n    return {\n      token: \"\u003Caccess-token>\",\n      expiresOnTimestamp: Date.now() + 3600000\n    };\n  }\n}\n```\n\n## Debugging\n\n```typescript\nimport { setLogLevel, AzureLogger } from \"@azure\u002Flogger\";\n\nsetLogLevel(\"verbose\");\n\n\u002F\u002F Custom log handler\nAzureLogger.log = (...args) => {\n  console.log(\"[Azure]\", ...args);\n};\n```\n\n## Best Practices\n\n1. **Use DefaultAzureCredential** - Works in development (CLI) and production (managed identity)\n2. **Never hardcode credentials** - Use environment variables or managed identity\n3. **Prefer managed identity** - No secrets to manage in production\n4. **Scope credentials appropriately** - Use user-assigned identity for multi-tenant scenarios\n5. **Handle token refresh** - Azure SDK handles this automatically\n6. **Use ChainedTokenCredential** - For custom fallback scenarios\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,95,314,"2026-05-16 13:06:33",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"DevOps","devops","mdi-cog-outline","CI\u002FCD、容器化、部署运维",3,162,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"659e963d-eae6-427b-b894-5a5b12441360","1.0.0","azure-identity-ts.zip",2305,"uploads\u002Fskills\u002Fe9bce61c-5308-4693-86cb-08ac722e0af1\u002Fazure-identity-ts.zip","545e43f3c049942a15325f711512622ab3c3e766f66d88a5f530d6545a4db4bc","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":7079}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]