Closed PlagueHO closed 3 months ago
@PlagueHO I'm happy to help with this one. I've been wanting to use AAD oauth tokens instead of master keys for some time 😄.
Was thinking of having a way to pass in the AAD access token from Get-AzAccessToken
:
$aadToken = (Get-AzAccessToken -ResourceUrl 'https://<cosmosDBAccountName>.documents.azure.com').Token | ConvertTo-SecureString -AsPlainText -Force
But not sure how could be passed into New-CosmosDBContext
. I looked at -Token
but this seems to be mainly used for resource tokens. Would AAD tokens need a new parameter? Wasn't sure how we could use the existing token parameter since its of type ContextToken
, and seems very scoped to resource tokens.
I was thinking if it might be easier to create a new cmdlet like New-CosmosDbContextAADToken
or something which gets the AAD token from the current AAD context.
@ArmaanMcleod - this is now available in the 5.0.0-preview0001. I'll close this for now, but open new issue if need some changes.
I implemented New-CosmosDbContextAADToken
but called Get-CosmosDbContextEntraIdToken
- see the README.md
Cosmos DB now supports AAD OAuth 2.0 Authorization: https://docs.microsoft.com/en-us/rest/api/cosmos-db/access-control-on-cosmosdb-resources
Enable support for this.