New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Bearer Token Credentials #389
Comments
To unblock the use of DefaultAzureCredential, I committed a naive implementation to my fork here: jongio@273e3b1 It only checks for the existence of a bearer token right now. It does not validate it in any way. More details can be found here: I posted this blog as a stopgap to help customers use Azurite with DefaultAzureCredential today. Ihttps://blog.jongallant.com/2020/02/azurite-https-defaultazurecredential/ |
Hi @jongio I'm evaluating Bearer challenge or OAuth support for Azurite. It can be very simple, just like your implementation or suggestion to use a well known token. Or it can be very complex, to support more scenarios during OAuth authentication. It sounds like a well-known token fits your needs, right? |
I don’t need OAuth integration. Options:
Either way the SDK would likely implement AzuriteCredential to enable the completely disconnected scenario. But would like to Azurite to support Any Token if no security concerns. I recommend consulting with our security team for review. And reviewing existing Azurite customer security requirements |
I assume I have the same problem here. I try to access Azurite from azure-sdk-for-c by using the example https://github.com/Azure/azure-sdk-for-c/blob/master/sdk/storage/blobs/samples/src/blobs_client_example.c. It expects |
Hi Guys, v3.7.0 includes basic level OAuth (token) support. Try with following parameters to enable OAuth. Note that OAuth needs HTTPS.
Thanks and worked with @jongio We have a long road plan for OAuth token support. The first step is about basic level OAuth supporting, in this step: Azurite will validate JWT token integrity, audience, issuer, expiry and etc. But it will not valid token signature. Azurite will accept any token your application currently using with Azure Storage. Or accept a self signed token for testing purpose in a disconnected scenario. In the same time, basic level OAuth is not enabled by default. Azurite customers should enable OAuth with explict parameter and define OAuth levels. The reason is, basic level brings candidate back holes especially for customized storage account in Azurite. Basic level OAuth validation doesn't check signature, which means anyone can sign a token for Azurite. |
Which service(blob, file, queue, table) does this issue concern?
Blob
Which version of the Azurite was used?
3.4.0
Where do you get Azurite? (npm, DockerHub, NuGet, Visual Studio Code Extension)
npm
What's the Node.js version?
v12.13
What problem was encountered?
Cannot use TokenCredentials
Steps to reproduce the issue?
Try to access Azurite with Azure Storage SDK
The official SDK supports TokenCredential
https://docs.microsoft.com/en-us/dotnet/api/azure.storage.blobs.blobcontainerclient.-ctor?view=azure-dotnet#Azure_Storage_Blobs_BlobContainerClient__ctor_System_Uri_Azure_Core_TokenCredential_Azure_Storage_Blobs_BlobClientOptions_
Have you found a mitigation/solution?
I can use this code, but it is not ideal. I want to just use DefaultAzureCredential to work with emulator and azure.
Suggestion
Just like we have a well known account and key, I would like to see us publish a well known Bearer Token, that Azurite accepts, then update the DefaultAzureCredential to use that Bearer Token when it detects Azurite as the server.
The text was updated successfully, but these errors were encountered: