Repository files navigation

azr implements a credential chain for seamless OAuth 2.0 authentication to Azure services. It builds onhttr2's OAuth framework to provide cache and automatic credential discovery, trying different authentication methods in sequence until one succeeds.

You can install httr2 from CRAN with:

install.packages("azr")

The package supports creating Credential chains for Authentication with:

• Client Secret Credential: Service principal authentication with client ID and secret
• Azure CLI Credential: Leverages existing Azure CLI (az) login
• Authorization Code Flow: Interactive browser-based authentication
• Device Code Flow: Authentication for headless or CLI environments

During interactive development, azr allows browser-based login flows, while in batch/production mode it seamlessly falls back to non-interactive methods.

The simplest way to authenticate is usingget_token(), which automatically tries different authentication methods until one succeeds:

library(azr)# Get a token using the default credential chaintoken<- get_token(tenant_id="your-tenant-id",scope="https://management.azure.com/.default")# Use the token with httr2library(httr2)req<- request("https://management.azure.com/subscriptions?api-version=2020-01-01")|>  req_auth_bearer_token(token$access_token)resp<- req_perform(req)

Alternatively, useget_request_authorizer() to get a function that adds authentication to requests:

library(azr)library(httr2)# Get a request authorizer for Microsoft Graph APIazr_req_auth<- get_request_authorizer(tenant_id="your-tenant-id",scope="https://graph.microsoft.com/.default")# Use it to authenticate requestsresp<- request("https://graph.microsoft.com/v1.0/me")|>  azr_req_auth()|>  req_perform()

You can customize which authentication methods are tried and in what order:

# Define a custom credential chain with specific credential instancescustom_chain<- credential_chain(ClientSecretCredential$new(# e.g. app://mycompany.onmicrosoft.com/MyAppId/DEV/my-api/.defaultscope= Sys.getenv("APP_SCOPE"),# the 'Application Id' used in production/batch modeclient_id= Sys.getenv("APP_CLIENT_ID"),client_secret= Sys.getenv("APP_CLIENT_SECRET")  ),# during development the developer authenticates via 'az login --use-device-code'AzureCLICredential)# Use the custom chaintoken<- get_token(tenant_id="mycompany-tenant-id",scope="https://management.azure.com/.default",.chain=custom_chain)

You can useget_credential_auth() to create a chat connection to Azure OpenAI with theelmer package:

library(elmer)# Create an authentication function for Azure OpenAIcredentials<-azr::get_credential_auth(scope="https://cognitiveservices.azure.com/.default")# Create a chat interface to Azure OpenAIchat<- chat_azure_openai(endpoint="https://your-resource.openai.azure.com",model="gpt-4o",credentials=credentials)# Use the chatchat$chat("What is the capital of France?")

azr is inspired by Python'sazure-identity library, which provides comprehensive coverage of Azure authentication scenarios and introduced the credential chain pattern for automatic authentication method discovery.

The R packageAzureAuth (based onhttr) also provides token acquisition for Azure services, but does not offer an explicit way to define credential chains. This becomes important in scenarios where different authentication methods require different configurations. For example:

• Client Secret Credentials: Using a service principalclient_id with an application-specificscope
• Interactive Credentials: Using user authentication with different credentials

azr addresses this by allowing you to define custom credential chains with method-specific configurations, enabling seamless fallback between authentication approaches.

Please note that the azr project is released with aContributor Code of Conduct. By contributing to this project, you agree to abide by its terms.