-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Identity] More standard samples #12800
Changes from 7 commits
b0adae3
1f21e54
613bc8e
3579f16
84b4811
a1570b5
d2a0e15
5d0cec1
520e947
25cf943
76d01f0
c8446c7
8fe04c8
a299d50
2899bcb
1309ac0
5193217
072b752
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1 @@ | ||
src/**/*.js | ||
samples/**/*.js |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
--- | ||
page_type: sample | ||
languages: | ||
- javascript | ||
products: | ||
- azure | ||
- azure-active-directory | ||
urlFragment: identity-javascript | ||
--- | ||
|
||
# Azure Identity library samples for JavaScript | ||
|
||
These sample programs show how to use the JavaScript client libraries for Azure Identity in some common scenarios. | ||
|
||
| **File Name** | **Description** | | ||
| ------------------------------------------------------ | --------------------------------------------------------------- | | ||
| [defaultAzureCredential.js][defaultAzureCredential] | Tries several authentications. The simplest way to use @azure/identity | | ||
| [clientSecretCredential.js][clientSecretCredential] | Authenticates with a client and a client's secret. | | ||
| [environmentCredential.js][environmentCredential] | Authenticates with a client and a client's secret sent through environment variables. | | ||
|
||
## Prerequisites | ||
|
||
The samples are compatible with Node.js >= 8.0.0. | ||
|
||
You need [an Azure subscription][freesub] and [an Azure Key Vault][azkeyvault] to run these sample programs. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Probably needs to also mention the role bindings, since these samples are about AAD. We don't bring these up in the other packages, but it would make sense here. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good point! Thank you There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'll update this tomorrow. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I have added further instructions below! Let me know how it looks |
||
|
||
To create an AAD application: | ||
|
||
- Follow [Documentation to register a new application](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app) in the Azure Active Directory (in the Azure portal). | ||
- Note down the `CLIENT_ID` and `TENANT_ID`. | ||
- In the "Certificates & Secrets" tab, create a secret and note that down. | ||
|
||
To allow your registered application to access your Key Vault | ||
|
||
- In the Azure portal, go to your Azure Key Vault. | ||
- In the left-side-navbar of your Azure Key Vault in the Azure portal, go to the `Access Policies` section, then click the `+ Add Access Policy` button. | ||
- In the `Add access policy` page, select all the permissions for Keys, Secrets and Certificates. | ||
- For the `Select principal` field, click on the `None selected`. A panel will appear at the right of the window. Search for your Azure Active Directory application, click the application on the search results, then click "Select" at the bottom. | ||
- Once your application is selected, click the "Add" button. | ||
- Click the `Save` button at the top of the Access Policies section of your Key Vault. | ||
- For more information on securing your Key Vault: [Learn more](https://docs.microsoft.com/azure/key-vault/general/secure-your-key-vault) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm not opposed to using the Portal, though I've been told that we should use the @schaabs - do you have any guidance about portal vs |
||
|
||
Adapting the samples to run in the browser may require some additional consideration. For details, please see the [package README][package]. | ||
|
||
## Setup | ||
|
||
To run the samples using the published version of the package: | ||
|
||
1. Install the dependencies using `npm`: | ||
|
||
```bash | ||
npm install | ||
``` | ||
|
||
2. Edit the file `sample.env`, adding the correct credentials to access the Azure service and run the samples. Then rename the file from `sample.env` to just `.env`. The sample programs will read this file automatically. | ||
|
||
3. Run whichever samples you like (note that some samples may require additional setup, see the table above): | ||
|
||
```bash | ||
node helloWorld.js | ||
``` | ||
|
||
Alternatively, run a single sample with the correct environment variables set (step 2 is not required if you do this), for example (cross-platform): | ||
|
||
```bash | ||
npx cross-env KEYVAULT_NAME="<key vault name>" AZURE_TENANT_ID="<AAD tenant id>" AZURE_CLIENT_ID="<AAD client id>" AZURE_CLIENT_SECRET="<AAD client secret>" node environmentCredential.js | ||
``` | ||
|
||
## Next Steps | ||
|
||
Take a look at our [API Documentation][apiref] for more information about the APIs that are available in the clients. | ||
|
||
[defaultAzureCredential]: https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/samples/javascript/defaultAzureCredential.js | ||
[clientSecretCredential]: https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/samples/javascript/clientSecretCredential.js | ||
[environmentCredential]: https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/samples/javascript/environmentCredential.js | ||
[apiref]: https://docs.microsoft.com/javascript/api/@azure/identity | ||
[azkeyvault]: https://docs.microsoft.com/azure/key-vault/quick-create-portal | ||
[freesub]: https://azure.microsoft.com/free/ | ||
[package]: https://github.com/Azure/azure-sdk-for-js/tree/master/sdk/identity/identity/README.md |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the MIT license. | ||
|
||
const { ClientSecretCredential } = require("@azure/identity"); | ||
const { KeyClient } = require("@azure/keyvault-keys"); | ||
|
||
// Load the .env file if it exists | ||
require("dotenv").config(); | ||
|
||
async function main() { | ||
const credential = new ClientSecretCredential( | ||
process.env.AZURE_TENANT_ID, // The tenant ID in Azure Active Directory | ||
process.env.AZURE_CLIENT_ID, // The application (client) ID registered in the AAD tenant | ||
process.env.AZURE_CLIENT_SECRET // The client secret for the registered application | ||
); | ||
|
||
const keyVaultUrl = `https://key-vault-name.vault.azure.net`; | ||
const client = new KeyClient(keyVaultUrl, credential); | ||
|
||
// Retrieving the properties of the existing keys in that specific Key Vault. | ||
console.log(await client.listPropertiesOfKeys().next()); | ||
} | ||
|
||
main().catch((err) => { | ||
console.log("error code: ", err.code); | ||
console.log("error message: ", err.message); | ||
console.log("error stack: ", err.stack); | ||
}); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the MIT license. | ||
|
||
const { DefaultAzureCredential } = require("@azure/identity"); | ||
const { KeyClient } = require("@azure/keyvault-keys"); | ||
|
||
// Load the .env file if it exists | ||
require("dotenv").config(); | ||
|
||
/** | ||
* The `DefaultAzureCredential` is appropriate for most scenarios where the application is intended to ultimately be run in the Azure Cloud. | ||
* This is because the `DefaultAzureCredential` combines credentials commonly used to authenticate when deployed, | ||
* with credentials used to authenticate in a development environment. | ||
* | ||
* For more information, you may go to our readme: [link](https://github.com/Azure/azure-sdk-for-js/tree/master/sdk/identity/identity#defaultazurecredential) | ||
*/ | ||
|
||
async function main() { | ||
const credential = new DefaultAzureCredential(); | ||
|
||
const keyVaultUrl = `https://key-vault-name.vault.azure.net`; | ||
const client = new KeyClient(keyVaultUrl, credential); | ||
|
||
// Retrieving the properties of the existing keys in that specific Key Vault. | ||
console.log(await client.listPropertiesOfKeys().next()); | ||
} | ||
|
||
main().catch((err) => { | ||
console.log("error code: ", err.code); | ||
console.log("error message: ", err.message); | ||
console.log("error stack: ", err.stack); | ||
}); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the MIT license. | ||
|
||
const { EnvironmentCredential } = require("@azure/identity"); | ||
const { KeyClient } = require("@azure/keyvault-keys"); | ||
|
||
// Load the .env file if it exists | ||
require("dotenv").config(); | ||
|
||
async function main() { | ||
// EnvironmentCredential expects the following three environment variables: | ||
// - AZURE_TENANT_ID: The tenant ID in Azure Active Directory | ||
// - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant | ||
// - AZURE_CLIENT_SECRET: The client secret for the registered application | ||
const credential = new EnvironmentCredential(); | ||
|
||
const keyVaultUrl = `https://key-vault-name.vault.azure.net`; | ||
const client = new KeyClient(keyVaultUrl, credential); | ||
|
||
// Retrieving the properties of the existing keys in that specific Key Vault. | ||
console.log(await client.listPropertiesOfKeys().next()); | ||
} | ||
|
||
main().catch((err) => { | ||
console.log("error code: ", err.code); | ||
console.log("error message: ", err.message); | ||
console.log("error stack: ", err.stack); | ||
}); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
{ | ||
"name": "azure-identity-samples-js", | ||
"private": true, | ||
"version": "0.1.0", | ||
"description": "Azure Identity client library samples for JavaScript", | ||
"engine": { | ||
"node": ">=8.0.0" | ||
}, | ||
"repository": { | ||
"type": "git", | ||
"url": "git+https://github.com/Azure/azure-sdk-for-js.git" | ||
}, | ||
"keywords": [ | ||
"Azure", | ||
"Identity", | ||
"AAD", | ||
"Node.js", | ||
"JavaScript" | ||
], | ||
"author": "Microsoft Corporation", | ||
"license": "MIT", | ||
"bugs": { | ||
"url": "https://github.com/Azure/azure-sdk-for-js/issues" | ||
}, | ||
"homepage": "https://github.com/Azure/azure-sdk-for-js#readme", | ||
"sideEffects": false, | ||
"dependencies": { | ||
"@azure/identity": "latest", | ||
"@azure/keyvault-keys": "latest", | ||
"dotenv": "^8.2.0" | ||
}, | ||
"devDependencies": { | ||
"rimraf": "^3.0.0" | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
# The name of the key vault to use in the samples. | ||
# Create a Key Vault in the Azure Portal and enter its URI (e.g. https://mytest.vault.azure.net/) here. | ||
KEYVAULT_URI=<key-vault-uri> | ||
|
||
# Used by some of the credentials to authenticate using Azure AD as a service principal for role-based authentication. | ||
AZURE_TENANT_ID=<AD tenant id or name> | ||
AZURE_CLIENT_ID=<ID of the user/service principal to authenticate as> | ||
AZURE_CLIENT_SECRET=<client secret used to authenticate to Azure AD> |
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,9 @@ | ||
{ | ||
"extends": "../tsconfig.json", | ||
"compilerOptions": { | ||
"module": "commonjs", | ||
"declaration": false, | ||
"declarationMap": false, | ||
"sourceMap": false, | ||
"outDir": "../" | ||
}, | ||
"include": [ | ||
"**/*.ts" | ||
], | ||
"exclude": [ | ||
"src/**/*", | ||
"test/**/*" | ||
] | ||
"extends": "../tsconfig.samples.json", | ||
sadasant marked this conversation as resolved.
Show resolved
Hide resolved
|
||
"compilerOptions": { | ||
"module": "commonjs", | ||
"outDir": "typescript/dist" | ||
}, | ||
"include": ["typescript/src/**.ts"], | ||
"exclude": ["typescript/*.json", "**/node_modules/", "../node_modules", "../typings"] | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
--- | ||
page_type: sample | ||
languages: | ||
- typescript | ||
products: | ||
- azure | ||
- azure-active-directory | ||
urlFragment: identity-typescript | ||
--- | ||
|
||
# Azure Identity library samples for TypeScript | ||
|
||
These sample programs show how to use the TypeScript client libraries for Azure Identity in some common scenarios. | ||
|
||
| **File Name** | **Description** | | ||
| ------------------------------- | ---------------------------------------------------------------- | | ||
| [defaultAzureCredential.ts][defaultAzureCredential] | Tries several authentications. The simplest way to use @azure/identity | | ||
| [clientSecretCredential.ts][clientSecretCredential] | Authenticates with a client and a client's secret. | | ||
| [environmentCredential.ts][environmentCredential] | Authenticates with a client and a client's secret sent through environment variables. | | ||
|
||
## Prerequisites | ||
|
||
The samples are compatible with Node.ts >= 8.0.0. | ||
|
||
Before running the samples in Node, they must be compiled to TypeScript using the TypeScript compiler. For more information on TypeScript, see the [TypeScript documentation][typescript]. Install the TypeScript compiler using | ||
|
||
```bash | ||
npm install -g typescript | ||
``` | ||
|
||
You need [an Azure subscription][freesub] and [an Azure Key Vault][azkeyvault] to run these sample programs. | ||
|
||
To create an AAD application: | ||
|
||
- Follow [Documentation to register a new application](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app) in the Azure Active Directory (in the Azure portal). | ||
- Note down the `CLIENT_ID` and `TENANT_ID`. | ||
- In the "Certificates & Secrets" tab, create a secret and note that down. | ||
|
||
To allow your registered application to access your Key Vault | ||
|
||
- In the Azure portal, go to your Azure Key Vault. | ||
- In the left-side-navbar of your Azure Key Vault in the Azure portal, go to the `Access Policies` section, then click the `+ Add Access Policy` button. | ||
- In the `Add access policy` page, select all the permissions for Keys, Secrets and Certificates. | ||
- For the `Select principal` field, click on the `None selected`. A panel will appear at the right of the window. Search for your Azure Active Directory application, click the application on the search results, then click "Select" at the bottom. | ||
- Once your application is selected, click the "Add" button. | ||
- Click the `Save` button at the top of the Access Policies section of your Key Vault. | ||
- For more information on securing your Key Vault: [Learn more](https://docs.microsoft.com/azure/key-vault/general/secure-your-key-vault) | ||
|
||
Adapting the samples to run in the browser may require some additional consideration. For details, please see the [package README][package]. | ||
|
||
## Setup | ||
|
||
To run the samples using the published version of the package: | ||
|
||
1. Install the dependencies using `npm`: | ||
|
||
```bash | ||
npm install | ||
``` | ||
|
||
2. Compile the samples | ||
|
||
```bash | ||
npm run build | ||
``` | ||
|
||
3. Edit the file `sample.env`, adding the correct credentials to access the Azure service and run the samples. Then rename the file from `sample.env` to just `.env`. The sample programs will read this file automatically. | ||
|
||
4. Run whichever samples you like (note that some samples may require additional setup, see the table above): | ||
|
||
```bash | ||
node dist/helloWorld.ts | ||
``` | ||
|
||
Alternatively, run a single sample with the correct environment variables set (step 3 is not required if you do this), for example (cross-platform): | ||
|
||
```bash | ||
npx cross-env KEYVAULT_NAME="<key vault name>" AZURE_TENANT_ID="<AAD tenant id>" AZURE_CLIENT_ID="<AAD client id>" AZURE_CLIENT_SECRET="<AAD client secret>" node dist/environmentCredential.ts | ||
``` | ||
|
||
## Next Steps | ||
|
||
Take a look at our [API Documentation][apiref] for more information about the APIs that are available in the clients. | ||
|
||
[defaultAzureCredential]: https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/samples/typescript/src/defaultAzureCredential.ts | ||
[clientSecretCredential]: https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/samples/typescript/src/clientSecretCredential.ts | ||
[environmentCredential]: https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/samples/typescript/src/environmentCredential.ts | ||
[apiref]: https://docs.microsoft.com/javascript/api/@azure/identity | ||
[azkeyvault]: https://docs.microsoft.com/azure/key-vault/quick-create-portal | ||
[freesub]: https://azure.microsoft.com/free/ | ||
[package]: https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/keyvault/keyvault-keys/README.md | ||
[typescript]: https://www.typescriptlang.org/docs/home.html |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this was a bug! Accidental finding.