In [None]:
For latest documentation please run TokenLibrary.help() from Notebook


In [None]:
// By default Synapse uses AAD passthrough for authentication
// TokenLibrary is invoked under the hood for obtaining AAD token and using it for
// authenticating against the resource

val df = spark.read.parquet("abfss://..")

In [None]:
// While Gen2 is the default storage for Synapse, AAD passthrough support exists for Gen1 as well. PLEASE NOTE THAT WE DO NOT OFFICIALLY SUPPORT GEN1 IN SYNAPSE AND CUSTOMERS WHO USE IT ARE ON THEIR OWN.

val df = spark.read.parquet("adl://")

In [None]:
// Linked services can be used for storing and retreiving credentials (e.g, account key)
// Example connection string (for storage): "DefaultEndpointsProtocol=https;AccountName=<accountname>;AccountKey=<accountkey>"

val connectionString: String = TokenLibrary.getConnectionString("<linkedServiceName>")
val accountKey: String = TokenLibrary.getConnectionStringAsMap("<linkedServiceName>").get("AccountKey")


In [None]:
// TokenLibrary can be used for obtaining secrets from AKV

val secret: String = TokenLibrary.getSecret("<akvName>", "<secret>", "<akvLinkedService>") //uses workspace MSI
val secret: String = TokenLibrary.getSecret("<akvName>", "<secret>") // uses user credentials 


In [None]:
// Synapse has inbuilt integration of linked services with storage Gen2 via TokenLibrary
// For storage Gen2, linkedServiceName can be supplied through config for SAS-key based authentication (in lieu of account-key based authentication) 
// Direct invokation of TokenLibrary is not required for obtaining creds and connection info

spark.conf.set("spark.storage.synapse.linkedServiceName", "<linkedServiceName>")
spark.conf.set("fs.azure.account.auth.type", "SAS")
spark.conf.set("fs.azure.sas.token.provider.type", "com.microsoft.azure.synapse.tokenlibrary.LinkedServiceBasedSASProvider")

val df = spark.read.parquet("abfss://..")

In [None]:
// In order to pass a SAS token from configuration for Gen2: 

spark.conf.set("fs.azure.account.auth.type", "SAS")
spark.conf.set("fs.azure.sas.token.provider.type", "com.microsoft.azure.synapse.tokenlibrary.ConfBasedSASProvider")
spark.conf.set("spark.storage.synapse.sas", "<SAS Token>")

val df = spark.read.parquet("abfss://..")

In [None]:
// In order to fetch a SAS token from AKV for Gen2: 

spark.conf.set("fs.azure.account.auth.type", "SAS")
spark.conf.set("fs.azure.sas.token.provider.type", "com.microsoft.azure.synapse.tokenlibrary.AkvBasedSASProvider")
spark.conf.set("spark.storage.synapse.akv", "<akvName>")
spark.conf.set("spark.storage.akv.secret", "<secretName>")

val df = spark.read.parquet("abfss://..")