tediousjs/tedious

[FEATURE REQUEST] Custom `ChainedTokenCredential`

elliot-huffman opened this issue · 2 comments

Is your feature request related to a problem? If so, please give a short summary of the problem and how the feature would resolve it

The default azure credential isn't always the best way to authenticate, sometimes people need to authenticate using a custom chain, e.g. by using the VS Code plugin, which isn't available in the default chain or to do some fancy environmental variable stuff using azure app config and or azure key vault.
These people would create their own credential chain by using the @azure/identitiy package's ChainedTokenCredential class.

Describe the preferred solution

Add an additional authentication type which accepts a class that implements the chained token credential class from @azure/identity.

Additionally, chained credential support would allow for the removal of support for azure-active-directory-default, azure-active-directory-password, azure-active-directory-msi-vm, azure-active-directory-msi-app-service, and azure-active-directory-service-principal-secret from the maintenance cycle to reduce codebase complexity as this would be able to be offloaded to the chained credential class implementation in the @azure/identity package, which implements all of these features and then some, such as embedded device authentication.

Tl;Dr:
simplify the auth types in Tedious.JS by offloading the majority of auth to the provided ChainedTokenCredential instance.

Describe alternatives you've considered

Default Azure credential (about to migrate to this), custom coded error handler to re-initialize the connection (current method) when the token expires.

Additional context

#1144

Reference Documentations/Specifications

https://tediousjs.github.io/tedious/api-connection.html#function_newConnection
https://www.npmjs.com/package/@azure/identity
https://learn.microsoft.com/en-us/javascript/api/%40azure/identity/?view=azure-node-latest

I just created a pull request with the required code to enable this functionality.
I did not remove the existing auth methods so that they could be removed at a future date with plenty of communication as it would be a breaking API change (removing functionality is a semver major change).

Hi @elliot-huffman, thanks for putting in the effort and made the PR. I saw you and Arthur has a discussion under the PR. I will do some catch up, and see how I can assist on this.