Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Access Token Authentication for SQL Server Driver (mssql) #7477

Merged

Conversation

funkydev
Copy link
Contributor

@funkydev funkydev commented Mar 19, 2021

Overview

When I was modifying mmsql package, I noticed that it accepts authentication parameters in the config object. See discussion under PR tediousjs/node-mssql#1208 and documentation I've updated https://github.com/tediousjs/node-mssql#tedious. It passes authentication configuration directly to the tedious library, which supports the following authentication types.

  • DefaultAuthentication
  • NtlmAuthentication
  • AzureActiveDirectoryAccessTokenAuthentication
  • AzureActiveDirectoryMsiAppServiceAuthentication
  • AzureActiveDirectoryMsiVmAuthentication
  • AzureActiveDirectoryPasswordAuthentication
  • AzureActiveDirectoryServicePrincipalSecret

I copied authentication options interfaces directly from the tedious repository and modified TypeORM code to support passing authentication options for the sqlserver driver.

What does it change?

It changes a way of passing credentials to the SQLServer database. I modified current interfaces to deprecate domain property directly in the configuration model. Instead of this I proposed to pass authentication property which is compatible with the mssql and tedious one.

I'd recommend to remove options.domain in future, to give developers time for any adjustments. Then instead of passing:

createConnection({
  type: "mssql",
  database: "db-name",
  host: "db-server",
  username: "username",
  password: "password",
  domain: "domain"
}).then(connection => {
  // here you can start to work with your entities
}).catch(error => console.log(error));

developers should pass:

createConnection({
  type: "mssql",
  database: "db-name",
  host: "db-server",
  authentication: {
    type: "ntlm",
    options: {
        userName: "username",
        password: "password",
        domain: "domain"
    }
  }
}).then(connection => {
  // here you can start to work with your entities
}).catch(error => console.log(error));

Solves

Usage

Default authentication type

createConnection({
  type: "mssql",
  database: "db-name",
  host: "db-server",
  authentication: {
    type: "default",
    options: {
      userName: "username",
      password: "password"
    }
  }
}).then(connection => {
  // here you can start to work with your entities
}).catch(error => console.log(error));

AAD Access Token

createConnection({
  type: "mssql",
  database: "db-name",
  host: "db-server",
  authentication: {
    type: "azure-active-directory-access-token",
    options: {
      token: "token"
    }
  }
}).then(connection => {
  // here you can start to work with your entities
}).catch(error => console.log(error));

AAD Service Principal (secret)

createConnection({
  type: "mssql",
  database: "db-name",
  host: "db-server",
  authentication: {
    type: "azure-active-directory-service-principal-secret",
    options: {
      tenantId: 'tenant-id',
      clientId: 'client-id',
      clientSecret: 'client-secret'
    }
  }
}).then(connection => {
  // here you can start to work with your entities
}).catch(error => console.log(error));

AAD MSI App Service Authentication

createConnection({
  type: "mssql",
  database: "db-name",
  host: "db-server",
  authentication: {
    type: "azure-active-directory-msi-app-service",
    options: {
      clientId: "optional clientId (it should be taken from app service environment)",
      msiEndpoint: "optional msiEndpoint (it should be taken from app service environment)",
      msiSecret: "optional msiSecret (it should be taken from app service environment)"
    }
  }
}).then(connection => {
  // here you can start to work with your entities
}).catch(error => console.log(error));

@funkydev funkydev changed the title Add support for Access Token Authentication for SQL Server Driver (mssql) WIP: Add support for Access Token Authentication for SQL Server Driver (mssql) Mar 19, 2021
@funkydev funkydev force-pushed the feature/access-token-authentication branch from aee7df3 to b1b15cc Compare March 19, 2021 14:40
@funkydev funkydev marked this pull request as draft March 19, 2021 14:54
@funkydev funkydev changed the title WIP: Add support for Access Token Authentication for SQL Server Driver (mssql) Add support for Access Token Authentication for SQL Server Driver (mssql) Mar 19, 2021
@funkydev funkydev marked this pull request as ready for review March 19, 2021 15:29
…er drivers

`options.domain` is an advanced driver-based authentication type and node-mssql fallbacks it as ntlm type.
Because of that, it should be passed in the same way as other advanced authentication types in `options.authentication` object.
@funkydev funkydev force-pushed the feature/access-token-authentication branch from 7ed3695 to 63ada72 Compare March 20, 2021 13:49
/**
* A user need to provide `userName` asscoiate to their account.
*/
userName: string;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we have username everywhere written in lowercase. Can we do same here?

@AlexMesser AlexMesser merged commit e639772 into typeorm:master Mar 29, 2021
@AlexMesser
Copy link
Collaborator

thank you for contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants