2018-11-13 02:13:05 +03:00
# ms-rest-nodeauth [![Build Status](https://dev.azure.com/azure-public/adx/_apis/build/status/public.Azure.ms-rest-nodeauth)](https://dev.azure.com/azure-public/adx/_build/latest?definitionId=9)
2017-09-17 21:52:21 +03:00
This library provides different node.js based authentication mechanisms for services in Azure. It also contains rich type definitions thereby providing good typescrit experience.
All the authentication methods support callback as well as promise. IF they are called within an async method in your application then you can use the async/await pattern as well.
2017-09-08 21:25:16 +03:00
### Example
2017-09-09 04:14:00 +03:00
### username/password based login
2017-09-08 21:25:16 +03:00
```typescript
2018-11-13 22:08:20 +03:00
import * as msRestNodeAuth from "@azure/ms-rest-nodeauth";
2017-09-08 21:25:16 +03:00
2017-09-09 04:14:00 +03:00
const username = process.env["AZURE_USERNAME"];
const password = process.env["AZURE_PASSWORD"];
msRestNodeAuth.loginWithUsernamePasswordWithAuthResponse(username, password).then((authres) => {
console.dir(authres, { depth: null })
}).catch((err) => {
console.log(err);
});
```
2019-05-06 23:22:16 +03:00
### service-principal and secret based login
2017-09-09 04:14:00 +03:00
```typescript
2018-11-13 22:08:20 +03:00
import * as msRestNodeAuth from "@azure/ms-rest-nodeauth";
2017-09-09 04:14:00 +03:00
const clientId = process.env["CLIENT_ID"];
const secret = process.env["APPLICATION_SECRET"];
const tenantId = process.env["DOMAIN"];
msRestNodeAuth.loginWithServicePrincipalSecretWithAuthResponse(clientId, secret, tenantId).then((authres) => {
console.dir(authres, { depth: null })
}).catch((err) => {
console.log(err);
});
```
2019-05-06 23:22:16 +03:00
#### service-principal and certificate based login by providing an ABSOLUTE file path to the .pem file
```typescript
import * as msRestNodeAuth from "@azure/ms-rest-nodeauth";
const clientId = process.env["CLIENT_ID"];
const tenantId = process.env["DOMAIN"];
msRestNodeAuth.loginWithServicePrincipalCertificateWithAuthResponse(clientId, "/Users/user1/foo.pem", tenantId).then((authres) => {
console.dir(authres, { depth: null })
}).catch((err) => {
console.log(err);
});
```
#### service-principal and certificate based login by providing the certificate and private key (contents of the .pem file)
```typescript
import * as msRestNodeAuth from "@azure/ms-rest-nodeauth";
const clientId = process.env["CLIENT_ID"];
const tenantId = process.env["DOMAIN"];
const certificate =
`
-----BEGIN PRIVATE KEY-----
xxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxx
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
yyyyyyyyyyyyyyyyy
yyyyyyyyyyyyyyyyy
-----END CERTIFICATE-----
`;
msRestNodeAuth.loginWithServicePrincipalCertificateWithAuthResponse(clientId, certificate, tenantId).then((authres) => {
console.dir(authres, { depth: null })
}).catch((err) => {
console.log(err);
});
```
2017-09-09 04:14:00 +03:00
### interactive/device-code flow login
```typescript
2018-11-13 22:08:20 +03:00
import * as msRestNodeAuth from "@azure/ms-rest-nodeauth";
2017-09-09 04:14:00 +03:00
msRestNodeAuth.interactiveLoginWithAuthResponse().then((authres) => {
console.dir(authres, { depth: null })
}).catch((err) => {
console.log(err);
});
2017-09-08 21:25:16 +03:00
```
2017-09-09 04:42:34 +03:00
### service-principal authentication from auth file on disk
2019-05-06 23:22:16 +03:00
Before using this method please install az cli from https://github.com/Azure/azure-cli/releases.
Then execute `az ad sp create-for-rbac --sdk-auth > ${yourFilename.json}` .
If you want to create the sp for a different cloud/environment then please execute:
1. az cloud list
2. az cloud set –n < name of the environment >
3. az ad sp create-for-rbac --sdk-auth > auth.json // create sp with **secret** .
**OR**
az ad sp create-for-rbac --create-cert --sdk-auth > auth.json // create sp with **certificate** .
If the service principal is already created then login with service principal info:
4. az login --service-principal -u < clientId > -p < clientSecret > -t < tenantId >
5. az account show --sdk-auth > auth.json
2017-09-09 04:42:34 +03:00
```typescript
import * as msRestNodeAuth from "../lib/msRestNodeAuth";
2017-09-17 21:52:21 +03:00
const options: msRestNodeAuth.LoginWithAuthFileOptions = {
2017-09-09 04:42:34 +03:00
filePath: "< file path to auth file > ",
}
msRestNodeAuth.loginWithAuthFileWithAuthResponse(options).then((authRes) => {
console.log(authRes);
console.log(process.env["AZURE_SUBSCRIPTION_ID"]);
}).catch((err) => {
console.log(err);
});
```
2018-09-05 20:44:46 +03:00
### MSI (Managed Service Identity) based login from a virtual machine created in Azure.
2017-09-17 21:52:21 +03:00
```typescript
import * as msRestNodeAuth from "../lib/msRestNodeAuth";
2018-09-05 20:44:46 +03:00
const options: msRestNodeAuth.MSIVmOptions = {
port: 50342;
}
msRestNodeAuth.loginWithVmMSI(options).then((msiTokenRes) => {
console.log(msiTokenRes);
}).catch((err) => {
console.log(err);
});
```
### MSI (Managed Service Identity) based login from an AppService or Azure Function created in Azure.
```typescript
import * as msRestNodeAuth from "../lib/msRestNodeAuth";
const options: msRestNodeAuth.MSIAppServiceOptions = {
msiEndpoint: "http://127.0.0.1:41741/MSI/token/";
}
msRestNodeAuth.loginWithAppServiceMSI(options).then((msiTokenRes) => {
2017-09-17 21:52:21 +03:00
console.log(msiTokenRes);
}).catch((err) => {
console.log(err);
});
```
2017-09-08 21:25:16 +03:00
### Contributing
2017-09-07 02:29:08 +03:00
This project welcomes contributions and suggestions. Most contributions require you to agree to a
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide
a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions
provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the [Microsoft Open Source Code of Conduct ](https://opensource.microsoft.com/codeofconduct/ ).
For more information see the [Code of Conduct FAQ ](https://opensource.microsoft.com/codeofconduct/faq/ ) or
contact [opencode@microsoft.com ](mailto:opencode@microsoft.com ) with any additional questions or comments.