@azure/ms-rest-nodeauth
Advanced tools
@azure/ms-rest-nodeauth is an npm package that provides various authentication mechanisms for Azure services in Node.js applications. It supports different types of credentials such as service principal, managed identity, and interactive login, making it easier to authenticate and interact with Azure resources.
Service Principal Authentication
This feature allows you to authenticate using a service principal, which is a non-interactive way to authenticate with Azure. You need to provide the client ID, secret, and tenant ID (domain) of the service principal.
const msRestNodeAuth = require('@azure/ms-rest-nodeauth');
msRestNodeAuth.loginWithServicePrincipalSecret(clientId, secret, domain).then((credentials) => {
// Use the credentials to interact with Azure services
console.log('Authenticated with service principal');
}).catch((err) => {
console.error('Error authenticating with service principal:', err);
});Managed Identity Authentication
This feature allows you to authenticate using a managed identity, which is useful for applications running on Azure services like Azure VMs or Azure App Service. It eliminates the need to manage credentials.
const msRestNodeAuth = require('@azure/ms-rest-nodeauth');
msRestNodeAuth.loginWithManagedIdentity().then((credentials) => {
// Use the credentials to interact with Azure services
console.log('Authenticated with managed identity');
}).catch((err) => {
console.error('Error authenticating with managed identity:', err);
});Interactive Login
This feature allows you to authenticate interactively, which is useful for development and testing purposes. It opens a browser window for the user to log in and grant access.
const msRestNodeAuth = require('@azure/ms-rest-nodeauth');
msRestNodeAuth.interactiveLogin().then((credentials) => {
// Use the credentials to interact with Azure services
console.log('Authenticated with interactive login');
}).catch((err) => {
console.error('Error authenticating with interactive login:', err);
});@azure/identity is another package that provides Azure Active Directory token authentication support across the Azure SDK. It offers a more modern and unified approach to authentication compared to @azure/ms-rest-nodeauth, supporting a wider range of authentication scenarios and integrating seamlessly with other Azure SDK libraries.
adal-node is the Active Directory Authentication Library for Node.js. It provides easy-to-use authentication mechanisms for Azure Active Directory. While it is older and less feature-rich compared to @azure/ms-rest-nodeauth, it is still widely used for basic authentication scenarios.
msal-node is the Microsoft Authentication Library for Node.js. It is designed to work with the Microsoft identity platform (formerly Azure AD v2.0). It offers more advanced features and better support for modern authentication flows compared to @azure/ms-rest-nodeauth.
This library provides different node.js based authentication mechanisms for services in Azure. It also contains rich type definitions thereby providing a good TypeScript experience. All the authentication methods support callbacks as well as promises. If they are called within an async method in your application then you can use the async/await pattern as well.
import * as msRestNodeAuth from "@azure/ms-rest-nodeauth";
const username = process.env["AZURE_USERNAME"];
const password = process.env["AZURE_PASSWORD"];
msRestNodeAuth.loginWithUsernamePasswordWithAuthResponse(username, password).then((authres) => {
console.dir(authres, { depth: null })
}).catch((err) => {
console.log(err);
});
import * as msRestNodeAuth from "@azure/ms-rest-nodeauth";
const clientId = process.env["CLIENT_ID"];
const secret = process.env["APPLICATION_SECRET"];
const tenantId = process.env["DOMAIN"];
msRestNodeAuth.loginWithServicePrincipalSecretWithAuthResponse(clientId, secret, tenantId).then((authres) => {
console.dir(authres, { depth: null })
}).catch((err) => {
console.log(err);
});
import * as msRestNodeAuth from "@azure/ms-rest-nodeauth";
const clientId = process.env["CLIENT_ID"];
const tenantId = process.env["DOMAIN"];
msRestNodeAuth.loginWithServicePrincipalCertificateWithAuthResponse(clientId, "/Users/user1/foo.pem", tenantId).then((authres) => {
console.dir(authres, { depth: null })
}).catch((err) => {
console.log(err);
});
import * as msRestNodeAuth from "@azure/ms-rest-nodeauth";
const clientId = process.env["CLIENT_ID"];
const tenantId = process.env["DOMAIN"];
const certificate =
`
-----BEGIN PRIVATE KEY-----
xxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxx
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
yyyyyyyyyyyyyyyyy
yyyyyyyyyyyyyyyyy
-----END CERTIFICATE-----
`;
msRestNodeAuth.loginWithServicePrincipalCertificateWithAuthResponse(clientId, certificate, tenantId).then((authres) => {
console.dir(authres, { depth: null })
}).catch((err) => {
console.log(err);
});
import * as msRestNodeAuth from "@azure/ms-rest-nodeauth";
msRestNodeAuth.interactiveLoginWithAuthResponse().then((authres) => {
console.dir(authres, { depth: null })
}).catch((err) => {
console.log(err);
});
Before using this method please install az cli from https://github.com/Azure/azure-cli/releases.
Then execute az ad sp create-for-rbac --sdk-auth > ${yourFilename.json}.
If you want to create the sp for a different cloud/environment then please execute:
az cloud list
az cloud set –n
az ad sp create-for-rbac --sdk-auth > auth.json // create sp with secret.
OR
az ad sp create-for-rbac --create-cert --sdk-auth > auth.json // create sp with certificate. If the service principal is already created then login with service principal info:
az login --service-principal -u <clientId> -p <clientSecret> -t <tenantId>
az account show --sdk-auth > auth.json
import * as msRestNodeAuth from "@azure/ms-rest-nodeauth";
const options: msRestNodeAuth.LoginWithAuthFileOptions = {
filePath: "<file path to auth file>",
}
msRestNodeAuth.loginWithAuthFileWithAuthResponse(options).then((authRes) => {
console.log(authRes);
console.log(process.env["AZURE_SUBSCRIPTION_ID"]);
}).catch((err) => {
console.log(err);
});
import * as msRestNodeAuth from "@azure/ms-rest-nodeauth";
const options: msRestNodeAuth.MSIVmOptions = {
port: 50342;
}
msRestNodeAuth.loginWithVmMSI(options).then((msiTokenRes) => {
console.log(msiTokenRes);
}).catch((err) => {
console.log(err);
});
import * as msRestNodeAuth from "@azure/ms-rest-nodeauth";
const options: msRestNodeAuth.MSIAppServiceOptions = {
msiEndpoint: "http://127.0.0.1:41741/MSI/token/";
}
msRestNodeAuth.loginWithAppServiceMSI(options).then((msiTokenRes) => {
console.log(msiTokenRes);
}).catch((err) => {
console.log(err);
});
Pre-requisite
import { AzureCliCredentials } from "@azure/ms-rest-nodeauth";
import { ServiceClient, RequestPrepareOptions } from "@azure/ms-rest-js";
async function main(): Promise<void> {
try {
// Please make sure you have logged in via Azure CLI `az login` before executing this script.
const creds = await AzureCliCredentials.create();
const client = new ServiceClient(creds);
console.log(">>> Subscription associated with the access token: '%s'.",
creds.tokenInfo.subscription);
const request: RequestPrepareOptions = {
url: getUrl(creds.subscriptionInfo.id),
method: "GET"
};
console.log(">>> Request url: '%s'.", request.url);
const res = await client.sendRequest(request);
console.log("List of resource groups from subscriptionId '%s': \n%O",
creds.subscriptionInfo.id, res.parsedBody);
// Let us change the subscriptionId, which should trigger refreshing the access token.
const subscriptions = await AzureCliCredentials.listAllSubscriptions();
creds.subscriptionInfo = subscriptions[1];
console.log(">>> The new subscription id associated with the credential object is: '%s'.",
creds.subscriptionInfo.id);
request.url = getUrl(creds.subscriptionInfo.id);
console.log(">>> Request url: '%s'.", request.url);
const res2 = await client.sendRequest(request);
console.log("List of resource groups from subscriptionId '%s': \n%O",
creds.subscriptionInfo.id, res2.parsedBody);
console.log(">>> Subscription associated with the access token: '%s'.",
creds.tokenInfo.subscription);
} catch (err) {
console.log(err);
}
}
function getUrl(subscriptionId: string): string {
return `https://management.azure.com/subscriptions/${subscriptionId}/resourcegroups?api-version=2018-05-01`;
}
main();
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
FAQs
Azure Authentication library in node.js with type definitions.
The npm package @azure/ms-rest-nodeauth receives a total of 69,608 weekly downloads. As such, @azure/ms-rest-nodeauth popularity was classified as popular.
We found that @azure/ms-rest-nodeauth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.