ExAzureCore. Auth. TokenSource. ManagedIdentity
(ex_azure_core v0.2.0)
Copy Markdown
Managed Identity token source for Azure workloads.
Fetches tokens directly from Azure identity endpoints for workloads running in Azure VMs, App Service, Functions, Container Instances, etc.
This source supports automatic environment detection or explicit provider selection.
Configuration
:resource(required) - The Azure resource URI (e.g., "https://management.azure.com/"):client_id(optional) - Client ID for user-assigned managed identity:provider(optional) - Force specific provider::auto,:imds,:app_service(default::auto)
Examples
# System-assigned identity with auto-detection
config = %{resource: "https://management.azure.com/"}
# User-assigned identity
config = %{
resource: "https://vault.azure.net/",
client_id: "user-assigned-client-id"
}
# Force IMDS provider
config = %{
resource: "https://storage.azure.com/",
provider: :imds
}Environment Detection
When :provider is :auto (default), the source detects the environment:
- App Service - if
IDENTITY_ENDPOINTandIDENTITY_HEADERare set - IMDS - probes the IMDS endpoint at 169.254.169.254
For AKS Workload Identity (federated tokens), use TokenSource.WorkloadIdentity instead.