将 Bearer 令牌与 azure-sdk-for-js 一起使用
Using Bearer tokens along with azure-sdk-for-js
我们正在构建一个 nodejs 服务器,它使用 AAD 对用户进行身份验证。当用户登录到我们的应用程序。
我们如何使用此令牌进行调用以使用此 javascriptAPI 获取 blobs/containers?我不想使用 (Authorization: Bearer accessToken[=35= 向 API 发出直接 ajax 请求]) 来电。
这样的邮递员打电话成功了吗?如何使用 blobServiceClient?
以编程方式执行此操作
根据我的研究,如果我们使用V10版本的SDK@azure/storage-blob我们可以直接使用Azure AD access token来管理azure blob服务。因为sdk提供了classTokenCredential。我们可以使用代码 const tokenCredential = new azure.TokenCredential("token") 来初始化凭证,然后使用它来获取 blob。
例如
const azure = require("@azure/storage-blob");
async function getBlobContent(){
const tokenCredential = new azure.TokenCredential("")
const pipeline = azure.StorageURL.newPipeline(tokenCredential)
const serviceURL = new azure.ServiceURL(`https://jimtestperfdiag516.blob.core.windows.net`, pipeline);
const containerURL = azure.ContainerURL.fromServiceURL(serviceURL, "test");
const blockBlobURL = azure.BlockBlobURL.fromContainerURL(containerURL, "test.csv");
const aborter=azure.Aborter.timeout(30* 60 * 1000)
const downloadResponse = await blockBlobURL.download(aborter, 0);
const downloadedContent = await streamToString(downloadResponse.readableStreamBody);
console.log(`Downloaded blob content: "${downloadedContent}"`);
}
async function streamToString(readableStream) {
return new Promise((resolve, reject) => {
const chunks = [];
readableStream.on("data", data => {
chunks.push(data.toString());
});
readableStream.on("end", () => {
resolve(chunks.join(""));
});
readableStream.on("error", reject);
});
}
getBlobContent()
.then(() => {
console.log("Successfully executed sample.");
})
.catch((err) => {
console.log(err.message);
});
详情请参考https://www.npmjs.com/package/@azure/storage-blob/v/10.5.0 and https://docs.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-nodejs-legacy。
此外,请注意,如果您想使用 Azure AD 访问 azure blob,我们需要为用户或服务分配 RABS 角色(Storage Blob Data Owner Storage Blob Data Contributor 或 Storage Blob Data Reader)校长:https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad
对于 v12 Storage JS SDK,您将从 @azure/core-auth
实现 TokenCredential 接口
/**
* Represents a credential capable of providing an authentication token.
*/
export interface TokenCredential {
/**
* Gets the token provided by this credential.
*
* @param scopes The list of scopes for which the token will have access.
* @param options The options used to configure any requests this
* TokenCredential implementation might make.
*/
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
}
一个简单的例子:
const { ContainerClient } = require("@azure/storage-blob");
const url = "<url to container>";
function TestTokenCredential() {
return {
getToken: function (_scope, _opts) {
return {
token: "<access token>",
expiresOnTimestamp: Date.now() + 60 * 60 * 1000,
};
},
};
}
const containerClient = new ContainerClient(url, new TestTokenCredential());
async function main() {
for await (const blob of containerClient.listBlobsFlat()) {
console.log(blob.name);
}
}
main().catch((error) => {
console.error(error);
});
我们正在构建一个 nodejs 服务器,它使用 AAD 对用户进行身份验证。当用户登录到我们的应用程序。
我们如何使用此令牌进行调用以使用此 javascriptAPI 获取 blobs/containers?我不想使用 (Authorization: Bearer accessToken[=35= 向 API 发出直接 ajax 请求]) 来电。
这样的邮递员打电话成功了吗?如何使用 blobServiceClient?
根据我的研究,如果我们使用V10版本的SDK@azure/storage-blob我们可以直接使用Azure AD access token来管理azure blob服务。因为sdk提供了classTokenCredential。我们可以使用代码 const tokenCredential = new azure.TokenCredential("token") 来初始化凭证,然后使用它来获取 blob。
例如
const azure = require("@azure/storage-blob");
async function getBlobContent(){
const tokenCredential = new azure.TokenCredential("")
const pipeline = azure.StorageURL.newPipeline(tokenCredential)
const serviceURL = new azure.ServiceURL(`https://jimtestperfdiag516.blob.core.windows.net`, pipeline);
const containerURL = azure.ContainerURL.fromServiceURL(serviceURL, "test");
const blockBlobURL = azure.BlockBlobURL.fromContainerURL(containerURL, "test.csv");
const aborter=azure.Aborter.timeout(30* 60 * 1000)
const downloadResponse = await blockBlobURL.download(aborter, 0);
const downloadedContent = await streamToString(downloadResponse.readableStreamBody);
console.log(`Downloaded blob content: "${downloadedContent}"`);
}
async function streamToString(readableStream) {
return new Promise((resolve, reject) => {
const chunks = [];
readableStream.on("data", data => {
chunks.push(data.toString());
});
readableStream.on("end", () => {
resolve(chunks.join(""));
});
readableStream.on("error", reject);
});
}
getBlobContent()
.then(() => {
console.log("Successfully executed sample.");
})
.catch((err) => {
console.log(err.message);
});
详情请参考https://www.npmjs.com/package/@azure/storage-blob/v/10.5.0 and https://docs.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-nodejs-legacy。
此外,请注意,如果您想使用 Azure AD 访问 azure blob,我们需要为用户或服务分配 RABS 角色(Storage Blob Data Owner Storage Blob Data Contributor 或 Storage Blob Data Reader)校长:https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad
对于 v12 Storage JS SDK,您将从 @azure/core-auth
TokenCredential 接口
/**
* Represents a credential capable of providing an authentication token.
*/
export interface TokenCredential {
/**
* Gets the token provided by this credential.
*
* @param scopes The list of scopes for which the token will have access.
* @param options The options used to configure any requests this
* TokenCredential implementation might make.
*/
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
}
一个简单的例子:
const { ContainerClient } = require("@azure/storage-blob");
const url = "<url to container>";
function TestTokenCredential() {
return {
getToken: function (_scope, _opts) {
return {
token: "<access token>",
expiresOnTimestamp: Date.now() + 60 * 60 * 1000,
};
},
};
}
const containerClient = new ContainerClient(url, new TestTokenCredential());
async function main() {
for await (const blob of containerClient.listBlobsFlat()) {
console.log(blob.name);
}
}
main().catch((error) => {
console.error(error);
});