[FEATURE REQUEST] Custom `ChainedTokenCredential`
elliot-huffman opened this issue · 2 comments
Is your feature request related to a problem? If so, please give a short summary of the problem and how the feature would resolve it
The default azure credential isn't always the best way to authenticate, sometimes people need to authenticate using a custom chain, e.g. by using the VS Code plugin, which isn't available in the default chain or to do some fancy environmental variable stuff using azure app config and or azure key vault.
These people would create their own credential chain by using the @azure/identitiy
package's ChainedTokenCredential
class.
Describe the preferred solution
Add an additional authentication type which accepts a class that implements the chained token credential class from @azure/identity
.
Additionally, chained credential support would allow for the removal of support for azure-active-directory-default
, azure-active-directory-password
, azure-active-directory-msi-vm
, azure-active-directory-msi-app-service
, and azure-active-directory-service-principal-secret
from the maintenance cycle to reduce codebase complexity as this would be able to be offloaded to the chained credential class implementation in the @azure/identity
package, which implements all of these features and then some, such as embedded device authentication.
Tl;Dr:
simplify the auth types in Tedious.JS by offloading the majority of auth to the provided ChainedTokenCredential
instance.
Describe alternatives you've considered
Default Azure credential (about to migrate to this), custom coded error handler to re-initialize the connection (current method) when the token expires.
Additional context
Reference Documentations/Specifications
https://tediousjs.github.io/tedious/api-connection.html#function_newConnection
https://www.npmjs.com/package/@azure/identity
https://learn.microsoft.com/en-us/javascript/api/%40azure/identity/?view=azure-node-latest
I just created a pull request with the required code to enable this functionality.
I did not remove the existing auth methods so that they could be removed at a future date with plenty of communication as it would be a breaking API change (removing functionality is a semver major change).
Hi @elliot-huffman, thanks for putting in the effort and made the PR. I saw you and Arthur has a discussion under the PR. I will do some catch up, and see how I can assist on this.