Share via

InteractiveBrowserCredentialInBrowserOptions interface

Package:
@azure/identity

Defines the common options for the InteractiveBrowserCredential class.

Extends
InteractiveCredentialOptions

Properties

clientId

The Client ID of the Microsoft Entra application that users will sign into. This parameter is required on the browser. Developers need to register their applications and assign appropriate roles. For more information, visit https://aka.ms/identity/AppRegistrationAndRoleAssignment.
loginHint

loginHint allows a user name to be pre-selected for interactive logins. Setting this option skips the account selection prompt and immediately attempts to login with the specified account.
loginStyle

Specifies whether a redirect or a popup window should be used to initiate the user authentication flow. Possible values are "redirect" or "popup" (default) for browser and "popup" (default) for node.
redirectUri

Gets the redirect URI of the application. This should be same as the value in the application registration portal. Defaults to window.___location.href. This field is no longer required for Node.js.
tenantId

The Microsoft Entra tenant (directory) ID.

Inherited Properties

additionallyAllowedTenants

For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.
additionalPolicies

Additional policies to include in the HTTP pipeline.
agent

Options for configuring Agent instance for outgoing requests
allowInsecureConnection

Set to true if the request is sent over HTTP instead of HTTPS
authenticationRecord

Result of a previous authentication that can be used to retrieve the cached credentials of each individual account. This is necessary to provide in case the application wants to work with more than one account per Client ID and Tenant ID pair.

This record can be retrieved by calling to the credential's authenticate() method, as follows:

const authenticationRecord = await credential.authenticate();
authorityHost

The authority host to use for authentication requests. Possible values are available through AzureAuthorityHosts. The default is "https://login.microsoftonline.com".
disableAutomaticAuthentication

Makes getToken throw if a manual authentication is necessary. Developers will need to call to authenticate() to control when to manually authenticate.
disableInstanceDiscovery

The field determines whether instance discovery is performed when attempting to authenticate. Setting this to true will completely disable both instance discovery and authority validation. As a result, it's crucial to ensure that the configured authority host is valid and trustworthy. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.
httpClient

The HttpClient that will be used to send HTTP requests.
loggingOptions

Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.
proxyOptions

Options to configure a proxy for outgoing requests.
redirectOptions

Options for how redirect responses are handled.
retryOptions

Options that control how to retry failed requests.
telemetryOptions

Options for setting common telemetry and tracing info to outgoing requests.
tlsOptions

Options for configuring TLS authentication
userAgentOptions

Options for adding user agent details to outgoing requests.

Property Details

clientId

The Client ID of the Microsoft Entra application that users will sign into. This parameter is required on the browser. Developers need to register their applications and assign appropriate roles. For more information, visit https://aka.ms/identity/AppRegistrationAndRoleAssignment.

clientId: string

Property Value

string

loginHint

loginHint allows a user name to be pre-selected for interactive logins. Setting this option skips the account selection prompt and immediately attempts to login with the specified account.

loginHint?: string

Property Value

string

loginStyle

Specifies whether a redirect or a popup window should be used to initiate the user authentication flow. Possible values are "redirect" or "popup" (default) for browser and "popup" (default) for node.

loginStyle?: BrowserLoginStyle

Property Value

BrowserLoginStyle

redirectUri

Gets the redirect URI of the application. This should be same as the value in the application registration portal. Defaults to window.___location.href. This field is no longer required for Node.js.

redirectUri?: string | () => string

Property Value

string | () => string

tenantId

The Microsoft Entra tenant (directory) ID.

tenantId?: string

Property Value

string

Inherited Property Details

additionallyAllowedTenants

For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.

additionallyAllowedTenants?: string[]

Property Value

string[]

Inherited From InteractiveCredentialOptions.additionallyAllowedTenants

additionalPolicies

Additional policies to include in the HTTP pipeline.

additionalPolicies?: AdditionalPolicyConfig[]

Property Value

AdditionalPolicyConfig[]

Inherited From InteractiveCredentialOptions.additionalPolicies

agent

Options for configuring Agent instance for outgoing requests

agent?: Agent

Property Value

Agent

Inherited From InteractiveCredentialOptions.agent

allowInsecureConnection

Set to true if the request is sent over HTTP instead of HTTPS

allowInsecureConnection?: boolean

Property Value

boolean

Inherited From InteractiveCredentialOptions.allowInsecureConnection

authenticationRecord

Result of a previous authentication that can be used to retrieve the cached credentials of each individual account. This is necessary to provide in case the application wants to work with more than one account per Client ID and Tenant ID pair.

This record can be retrieved by calling to the credential's authenticate() method, as follows:

const authenticationRecord = await credential.authenticate();

authenticationRecord?: AuthenticationRecord

Property Value

AuthenticationRecord

Inherited From InteractiveCredentialOptions.authenticationRecord

authorityHost

The authority host to use for authentication requests. Possible values are available through AzureAuthorityHosts. The default is "https://login.microsoftonline.com".

authorityHost?: string

Property Value

string

Inherited From InteractiveCredentialOptions.authorityHost

disableAutomaticAuthentication

Makes getToken throw if a manual authentication is necessary. Developers will need to call to authenticate() to control when to manually authenticate.

disableAutomaticAuthentication?: boolean

Property Value

boolean

Inherited From InteractiveCredentialOptions.disableAutomaticAuthentication

disableInstanceDiscovery

The field determines whether instance discovery is performed when attempting to authenticate. Setting this to true will completely disable both instance discovery and authority validation. As a result, it's crucial to ensure that the configured authority host is valid and trustworthy. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.

disableInstanceDiscovery?: boolean

Property Value

boolean

Inherited From InteractiveCredentialOptions.disableInstanceDiscovery

httpClient

The HttpClient that will be used to send HTTP requests.

httpClient?: HttpClient

Property Value

HttpClient

Inherited From InteractiveCredentialOptions.httpClient

loggingOptions

Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.

loggingOptions?: LogPolicyOptions & { allowLoggingAccountIdentifiers?: boolean, enableUnsafeSupportLogging?: boolean }

Property Value

LogPolicyOptions & { allowLoggingAccountIdentifiers?: boolean, enableUnsafeSupportLogging?: boolean }

Inherited From InteractiveCredentialOptions.loggingOptions

proxyOptions

Options to configure a proxy for outgoing requests.

proxyOptions?: ProxySettings

Property Value

ProxySettings

Inherited From InteractiveCredentialOptions.proxyOptions

redirectOptions

Options for how redirect responses are handled.

redirectOptions?: RedirectPolicyOptions

Property Value

RedirectPolicyOptions

Inherited From InteractiveCredentialOptions.redirectOptions

retryOptions

Options that control how to retry failed requests.

retryOptions?: PipelineRetryOptions

Property Value

PipelineRetryOptions

Inherited From InteractiveCredentialOptions.retryOptions

telemetryOptions

Options for setting common telemetry and tracing info to outgoing requests.

telemetryOptions?: TelemetryOptions

Property Value

TelemetryOptions

Inherited From InteractiveCredentialOptions.telemetryOptions

tlsOptions

Options for configuring TLS authentication

tlsOptions?: TlsSettings

Property Value

TlsSettings

Inherited From InteractiveCredentialOptions.tlsOptions

userAgentOptions

Options for adding user agent details to outgoing requests.

userAgentOptions?: UserAgentPolicyOptions

Property Value

UserAgentPolicyOptions

Inherited From InteractiveCredentialOptions.userAgentOptions