Security News
NVD Backlog Tops 20,000 CVEs Awaiting Analysis as NIST Prepares System Updates
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
@azure/communication-common
Advanced tools
Common package for Azure Communication services.
This package contains common code for Azure Communication Service libraries.
npm install @azure/communication-common
To use this client library in the browser, first you need to use a bundler. For details on how to do this, please refer to our bundling documentation.
The CommunicationTokenCredential
is an interface used to authenticate a user with Communication Services, such as Chat or Calling.
The AzureCommunicationTokenCredential
offers a convenient way to create a credential implementing the said interface and allows you to take advantage of the built-in auto-refresh logic.
Depending on your scenario, you may want to initialize the AzureCommunicationTokenCredential
with:
The tokens supplied to the AzureCommunicationTokenCredential
either through the constructor or via the token refresher callback can be obtained using the Azure Communication Identity library.
For a short-lived clients, refreshing the token upon expiry is not necessary and the AzureCommunicationTokenCredential
may be instantiated with a static token.
const tokenCredential = new AzureCommunicationTokenCredential(
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjM2MDB9.adM-ddBZZlQ1WlN3pdPBOF5G4Wh9iZpxNP_fSvpF4cWs"
);
Here we assume that we have a function fetchTokenFromMyServerForUser
that makes a network request to retrieve a JWT token string for a user. We pass it into the credential to fetch a token for Bob from our own server. Our server would use the Azure Communication Identity library to issue tokens. It's necessary that the fetchTokenFromMyServerForUser
function returns a valid token (with an expiration date set in the future) at all times.
const tokenCredential = new AzureCommunicationTokenCredential({
tokenRefresher: async () => fetchTokenFromMyServerForUser("bob@contoso.com"),
});
Setting refreshProactively
to true will call your tokenRefresher
function when the token is close to expiry.
const tokenCredential = new AzureCommunicationTokenCredential({
tokenRefresher: async () => fetchTokenFromMyServerForUser("bob@contoso.com"),
refreshProactively: true,
});
Passing initialToken
is an optional optimization to skip the first call to tokenRefresher
. You can use this to separate the boot from your application from subsequent token refresh cycles.
const tokenCredential = new AzureCommunicationTokenCredential({
tokenRefresher: async () => fetchTokenFromMyServerForUser("bob@contoso.com"),
refreshProactively: true,
token:
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjM2MDB9.adM-ddBZZlQ1WlN3pdPBOF5G4Wh9iZpxNP_fSvpF4cWs",
});
AzureCommunicationTokenCredential
constructor or to the tokenRefresher
callback is a bare JWT token string. E.g. if you're using the Azure Communication Identity library or REST API to obtain the token, make sure you're passing just the token
part of the response object.If you'd like to contribute to this library, please read the contributing guide to learn more about how to build and test the code.
FAQs
Common package for Azure Communication services.
We found that @azure/communication-common demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.