ramya-rao-a commented 3 years ago

All JS management/control plane packages today are auto generated and expect credentials from either @azure/ms-rest-nodeauth or @azure/ms-rest-browserauth packages for authentication.

These authentication packages use older APIs for Azure Active Directory and MSAL. Moreover, since active development is on the newer @azure/identity package since 2019, these packages receive only critical bug fixes and no new features.

This issue is to track the work needed to update the mgmt plane packages to support the credentials from the @azure/identity package so that customers can rely on the package that is being actively developed and have a unified authentication story across the management plane and the new data plane packages.

[x] Update ServiceClient constructor in @azure/ms-rest-js to take TokenCredential as well. Done in v2.2.0
[x] Update AzureServiceClient constructor in @azure/ms-rest-azure-js to take TokenCredential as well. Done in v2.1.0
[x] Update code generator to use the above new versions at a minimum and generate clients with constructors that take TokenCredential as well with appropriately updated Readme file. Done, but readme is being revised
[x] Create a script to update packages manually rather than use the code generator to avoid pulling in any changes done to the swagger file.

cc @qiaozha, @nickzhums, @lirenhe

colawwj commented 3 years ago

Hi @ramya-rao-a I have tested the package @azure/ms-rest-browserauth ,the follow is my step.

1 deploy my web app to nginx

new a empty folder and named it as test-browserauth cd in this foler , npm init && npm i @azure/ms-rest-browserauth in command line new a test.html file and write the follow sample code in this file

<!DOCTYPE html>
<html lang="en">
  <head>
    <title>ms-rest-browserauth sample</title>
    <script src="node_modules/@azure/ms-rest-js/dist/msRest.browser.js"></script>
    <script src="node_modules/@azure/ms-rest-azure-js/dist/msRestAzure.js"></script>
    <script src="node_modules/@azure/ms-rest-browserauth/dist/msAuth.js"></script>

  </head>
  <body>
  </body>
  <script>
  const authManager = new msAuth.AuthManager({
    clientId: "********-****-****-****-************",
    tenant: "********-****-****-****-************"
  });
  authManager.finalizeLogin().then((res) => {
    if (!res.isLoggedIn) {
      // Usually, this will cause redirects to the Azure AD login page.
      // In practice, you may wish to call this method in the onClick for a login button on the page.
      authManager.login();
    }

    // These credentials can be passed to any of the Client classes provided in azure-sdk-for-js to authenticate
    const credentials = res.creds;
    console.log("Available subscriptions: ", res.availableSubscriptions);
  });
</script>
</html>

set config in nginx.conf like follow picture

input start nginx in command

2 input http://localhost:8100/test.html in chrome browser but it will request me repeatedly login in

Cc: @dw511214992

qiaozha commented 3 years ago

@colawwj You are suppose to test against @azure/identity not @azure/ms-rest-nodeauth.

ramya-rao-a commented 3 years ago

Update: All the steps listed in the issue description are completed

dw511214992 commented 3 years ago

Mgmt plane packages which already support @azure/identity:

@azure/arm-advisor
@azure/arm-analysisservices
@azure/arm-apimanagement
@azure/arm-appconfiguration
@azure/arm-appinsights
@azure/arm-appplatform
@azure/arm-appservice
@azure/arm-appservice-profile-2019-03-01-hybrid
@azure/arm-appservice-profile-2020-09-01-hybrid
@azure/arm-attestation
@azure/arm-authorization
@azure/arm-authorization-profile-2019-03-01-hybrid
@azure/arm-authorization-profile-2020-09-01-hybrid
@azure/arm-automation
@azure/arm-avs
@azure/arm-azurestack
@azure/arm-azurestackhci
@azure/arm-batch
@azure/arm-batchai
@azure/arm-billing
@azure/arm-botservice
@azure/arm-cdn
@azure/arm-changeanalysis
@azure/arm-cognitiveservices
@azure/arm-commerce
@azure/arm-commerce-profile-2020-09-01-hybrid
@azure/arm-communication
@azure/arm-compute
@azure/arm-compute-profile-2019-03-01-hybrid
@azure/arm-compute-profile-2020-09-01-hybrid
@azure/arm-confluent
@azure/arm-consumption
@azure/arm-containerinstance
@azure/arm-containerregistry
@azure/arm-containerservice
@azure/arm-cosmosdb
@azure/arm-customerinsights
@azure/arm-databox
@azure/arm-databoxedge
@azure/arm-databoxedge-profile-2020-09-01-hybrid
@azure/arm-datacatalog
@azure/arm-datadog
@azure/arm-datafactory
@azure/arm-datalake-analytics
@azure/arm-datamigration
@azure/arm-deploymentmanager
@azure/arm-deviceprovisioningservices
@azure/arm-devspaces
@azure/arm-devtestlabs
@azure/arm-digitaltwins
@azure/arm-dns
@azure/arm-dns-profile-2019-03-01-hybrid
@azure/arm-dns-profile-2020-09-01-hybrid
@azure/arm-domainservices
@azure/arm-eventhub
@azure/arm-hdinsight
@azure/arm-keyvault
@azure/arm-netapp
@azure/arm-network
@azure/arm-postgresql-flexible
@azure/arm-recoveryservicesbackup
@azure/arm-resources
@azure/arm-sql

ramya-rao-a commented 3 years ago

All mgmt plane packages have now been updated.

15945 was the last of the known issues for adding the support for `@azure/identity` in the mgmt plane packages.

Therefore closing this issue.

Azure / azure-sdk-for-js

Update mgmt plane packages to support credentials from @azure/identity #14922

15945 was the last of the known issues for adding the support for `@azure/identity` in the mgmt plane packages.

Azure / azure-sdk-for-js

Update mgmt plane packages to support credentials from @azure/identity #14922

15945 was the last of the known issues for adding the support for @azure/identity in the mgmt plane packages.

15945 was the last of the known issues for adding the support for `@azure/identity` in the mgmt plane packages.