search

Bertverbeek4PS / bc2adls

Exporting data from Dynamics 365 Business Central to Azure data lake storage or MS Fabric lakehouse
MIT License
49 stars 20 forks source link

Remove Username and Password settings for Microsoft Fabric #16

Closed Arthurvdv closed 1 year ago

Arthurvdv commented 1 year ago

When calling OneLake via the DFS APIs directly, you can authenticate with a bearer token for your Azure AD account.

https://learn.microsoft.com/en-us/fabric/onelake/onelake-access-api

image Together with @Bertverbeek4PS we've discovered that we can remove the need for a username and password for the Microsoft Fabric setup (hooray!). This means we can reduce the current complexity of acquiring an access token.

case ADLSESetup.GetStorageType() of
    ADLSESetup."Storage Type"::"Azure Data Lake":
        RequestBody :=
            StrSubstNo(
                AcquireTokenBodyTok,
                'https%3A%2F%2Fstorage.azure.com%2F', // url encoded form of https://storage.azure.com/
                'https%3A%2F%2Fstorage.azure.com%2Fuser_impersonation', // url encoded form of https://storage.azure.com/user_impersonation
                Credentials.GetClientID(),
                Credentials.GetClientSecret());

    ADLSESetup."Storage Type"::"Microsoft Fabric":
        RequestBody :=
            StrSubstNo(
                AcquireTokenFabricBodyTok,
                'https://storage.azure.com/.default', // url encoded form of https://storage.azure.com/user_impersonation
                Credentials.GetClientID(),
                Credentials.GetClientSecret(),
                Credentials.GetUserName(),
                Credentials.GetPassword(),
                'https%3A%2F%2Fstorage.azure.com%2F'); // url encoded form of https://storage.azure.com/;
end;

I have two questions where I could use some insights;

A) Resource Currently on Azure Data Lake it's set to https://storage.azure.com/user_impersonation and on Microsoft Fabric on https://storage.azure.com/.default. Can I change this to .default for both Storage Types? I've tested this on my environment en didn't encounter any issues, but not sure if this could break something for the Azure Data Lake setup?

B) client_info What does the parameter client_info=1 does? I can't find any difference in the token when not include this. Can I safely remove this from the AcquireTokenBodyTok label?

Bertverbeek4PS commented 1 year ago

@Arthurvdv The difference between user_impersonation and .default is the scope. .default is the default scope with all the permissions and user_impersonation is with a limited scope for a user. Fabric doesn;t have user_impersonation. So I would prefer user_impersonation for data lake and fabric it must be .default.

For client_info it is more about get additional information about the client.

Arthurvdv commented 1 year ago

@Bertverbeek4PS , thanks for the info for the scopes, I'll update the PR on this.

Still confused about the client_info. When I look at the token I'm not seeing anything different including this parameter or not. Am I overlooking something here?

set client_info=1 no client_info
image image
image image
Bertverbeek4PS commented 1 year ago

@Arthurvdv there is indeed not much different. I also see nothing in the Azure Blob API. So proberly it will be skipped 😄

Arthurvdv commented 1 year ago

@Bertverbeek4PS, thanks for verifying, PR merged.