Skip to content

Commit

Permalink
[core-auth] Add AzureSasCredential
Browse files Browse the repository at this point in the history
This change adds an interfance and supporting class for use by services
which support authentication used a shared acccess signature.

Fixes Azure#13053
  • Loading branch information
ellismg committed Jan 5, 2021
1 parent ab74cfa commit 715fc95
Show file tree
Hide file tree
Showing 4 changed files with 89 additions and 0 deletions.
12 changes: 12 additions & 0 deletions sdk/core/core-auth/review/core-auth.api.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,13 @@ export class AzureKeyCredential implements KeyCredential {
update(newKey: string): void;
}

// @public
export class AzureSasCredential implements SasCredential {
constructor(signature: string);
get signature(): string;
update(newSignature: string): void;
}

// @public
export interface GetTokenOptions {
abortSignal?: AbortSignalLike;
Expand All @@ -39,6 +46,11 @@ export interface KeyCredential {
readonly key: string;
}

// @public
export interface SasCredential {
readonly signature: string;
}

// @public
export interface TokenCredential {
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
Expand Down
53 changes: 53 additions & 0 deletions sdk/core/core-auth/src/azureSasCredential.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT license.

/**
* Represents a credential defined by a static shared access signature.
*/
export interface SasCredential {
/**
* The value of the shared access signature represented as a string
*/
readonly signature: string;
}

/**
* A static-signature-based credential that supports updating
* the underlying signature value.
*/
export class AzureSasCredential implements SasCredential {
private _signature: string;

/**
* The value of the signature to be used in authentication
*/
public get signature(): string {
return this._signature;
}

/**
* Create an instance of an AzureSasCredential for use
* with a service client.
*
* @param signature - The initial value of the signature to use in authentication
*/
constructor(signature: string) {
if (!signature) {
throw new Error("key must be a non-empty string");
}

this._signature = signature;
}

/**
* Change the value of the signature.
*
* Updates will take effect upon the next request after
* updating the signature value.
*
* @param newSignature - The new signature value to be used
*/
public update(newSignature: string): void {
this._signature = newSignature;
}
}
1 change: 1 addition & 0 deletions sdk/core/core-auth/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
// Licensed under the MIT license.

export { AzureKeyCredential, KeyCredential } from "./azureKeyCredential";
export { AzureSasCredential, SasCredential } from "./azureSasCredential";

export {
TokenCredential,
Expand Down
23 changes: 23 additions & 0 deletions sdk/core/core-auth/test/index.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import assert from "assert";

import { AzureKeyCredential } from "../src/azureKeyCredential";
import { AzureSasCredential } from "../src/azureSasCredential";
import { isTokenCredential } from "../src/tokenCredential";

describe("AzureKeyCredential", () => {
Expand All @@ -27,6 +28,28 @@ describe("AzureKeyCredential", () => {
});
});

describe("AzureSasCredential", () => {
it("credential constructor throws on invalid signature", () => {
assert.throws(() => {
void new AzureSasCredential("");
}, /key must be a non-empty string/);
assert.throws(() => {
void new AzureSasCredential((null as unknown) as string);
}, /key must be a non-empty string/);
assert.throws(() => {
void new AzureSasCredential((undefined as unknown) as string);
}, /key must be a non-empty string/);
});

it("credential correctly updates", () => {
const credential = new AzureSasCredential("credential1");
assert.equal(credential.signature, "credential1");
credential.update("credential2");
assert.equal(credential.signature, "credential2");
});
});


describe("isTokenCredential", function() {
it("should return true for an object that resembles a TokenCredential", () => {
assert.ok(
Expand Down

0 comments on commit 715fc95

Please sign in to comment.