Login to Azure Active Directory Graph
create_graph_login(tenant = "common", app = .az_cli_app_id,
password = NULL, username = NULL, certificate = NULL,
auth_type = NULL, host = "https://graph.microsoft.com/",
aad_host = "https://login.microsoftonline.com/", config_file = NULL,
token = NULL, ...)get_graph_login(tenant = "common", selection = NULL, refresh = TRUE)
delete_graph_login(tenant = "common", confirm = TRUE)
list_graph_logins()
The Azure Active Directory tenant for which to obtain a login client. Can be a name ("myaadtenant"), a fully qualified domain name ("myaadtenant.onmicrosoft.com" or "mycompanyname.com"), or a GUID. The default is to login via the "common" tenant, which will infer your actual tenant from your credentials.
The client/app ID to use to authenticate with Azure Active Directory. The default is to login interactively using the Azure CLI cross-platform app, but you can supply your own app credentials as well.
If auth_type == "client_credentials"
, the app secret; if auth_type == "resource_owner"
, your account password.
If auth_type == "resource_owner"
, your username.
If `auth_type == "client_credentials", a certificate to authenticate with. This is a more secure alternative to using an app secret.
The OAuth authentication method to use, one of "client_credentials", "authorization_code", "device_code" or "resource_owner". If NULL
, this is chosen based on the presence of the username
and password
arguments.
Your Microsoft Graph host. Defaults to https://graph.microsoft.com/
. Change this if you are using a government or private cloud.
Azure Active Directory host for authentication. Defaults to https://login.microsoftonline.com/
. Change this if you are using a government or private cloud.
Optionally, a JSON file containing any of the arguments listed above. Arguments supplied in this file take priority over those supplied on the command line. You can also use the output from the Azure CLI az ad sp create-for-rbac
command.
Optionally, an OAuth 2.0 token, of class AzureAuth::AzureToken. This allows you to reuse the authentication details for an existing session. If supplied, all other arguments to create_graph_login
will be ignored.
Other arguments passed to ms_graph$new()
.
For get_graph_login
, if you have multiple logins for a given tenant, which one to use. This can be a number, or the input MD5 hash of the token used for the login. If not supplied, get_graph_login
will print a menu and ask you to choose a login.
For get_graph_login
, whether to refresh the authentication token on loading the client.
For delete_graph_login
, whether to ask for confirmation before deleting.
For get_graph_login
and create_graph_login
, an object of class ms_graph
, representing the login client. For list_graph_logins
, a (possibly nested) list of such objects.
If the AzureR data directory for saving credentials does not exist, get_graph_login
will throw an error.
If you are using a Linux Data Science Virtual Machine in Azure, you may have problems running create_graph_login()
(ie, without any arguments). In this case, try create_graph_login(auth_type="device_code")
.
create_graph_login
creates a login client to authenticate with Microsoft Graph, using the supplied arguments. The authentication token is obtained using get_azure_token, which automatically caches and reuses tokens for subsequent sessions. Note that credentials are only cached if you allowed AzureGraph to create a data directory at package startup.
get_graph_login
returns a login client by retrieving previously saved credentials. It searches for saved credentials according to the supplied tenant; if multiple logins are found, it will prompt for you to choose one.
One difference between create_graph_login
and get_graph_login
is the former will delete any previously saved credentials that match the arguments it was given. You can use this to force AzureGraph to remove obsolete tokens that may be lying around.
ms_graph, AzureAuth::get_azure_token for more details on authentication methods
# NOT RUN {
# without any arguments, this will create a client using your AAD credentials
az <- create_graph_login()
# retrieve the login in subsequent sessions
az <- get_graph_login()
# this will create an Microsoft Graph client for the tenant 'microsoft.onmicrosoft.com',
# using the client_credentials method
az <- create_graph_login("microsoft", app="{app_id}", password="{password}")
# you can also login using credentials in a json file
az <- create_graph_login(config_file="~/creds.json")
# }
Run the code above in your browser using DataLab