Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Which service(blob, file, queue, table) does this issue concern?
Which version of the Azurite was used?
Where do you get Azurite? (npm, DockerHub, NuGet, Visual Studio Code Extension)
What's the Node.js version?
What problem was encountered?
Cannot use TokenCredentials
Steps to reproduce the issue?
Try to access Azurite with Azure Storage SDK
var client = new BlobContainerClient(new Uri(path), new DefaultAzureCredential());
The official SDK supports TokenCredential
Have you found a mitigation/solution?
I can use this code, but it is not ideal. I want to just use DefaultAzureCredential to work with emulator and azure.
var client = emulator ? new BlobContainerClient(connection, container) : new BlobContainerClient(new Uri(path), new DefaultAzureCredential());
Just like we have a well known account and key, I would like to see us publish a well known Bearer Token, that Azurite accepts, then update the DefaultAzureCredential to use that Bearer Token when it detects Azurite as the server.
To unblock the use of DefaultAzureCredential, I committed a naive implementation to my fork here: jongio@273e3b1
It only checks for the existence of a bearer token right now. It does not validate it in any way.
More details can be found here:
I posted this blog as a stopgap to help customers use Azurite with DefaultAzureCredential today. Ihttps://blog.jongallant.com/2020/02/azurite-https-defaultazurecredential/
Hi @jongio I'm evaluating Bearer challenge or OAuth support for Azurite. It can be very simple, just like your implementation or suggestion to use a well known token. Or it can be very complex, to support more scenarios during OAuth authentication. It sounds like a well-known token fits your needs, right?
I don’t need OAuth integration.
Either way the SDK would likely implement AzuriteCredential to enable the completely disconnected scenario. But would like to Azurite to support Any Token if no security concerns.
I recommend consulting with our security team for review. And reviewing existing Azurite customer security requirements