Add support for Access Token Authentication for SQL Server Driver (mssql) #7477
+154
−6
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
When I was modifying
mmsql
package, I noticed that it acceptsauthentication
parameters in the config object. See discussion under PR tediousjs/node-mssql#1208 and documentation I've updated https://github.com/tediousjs/node-mssql#tedious. It passes authentication configuration directly to thetedious
library, which supports the following authentication types.DefaultAuthentication
NtlmAuthentication
AzureActiveDirectoryAccessTokenAuthentication
AzureActiveDirectoryMsiAppServiceAuthentication
AzureActiveDirectoryMsiVmAuthentication
AzureActiveDirectoryPasswordAuthentication
AzureActiveDirectoryServicePrincipalSecret
I copied authentication options interfaces directly from the
tedious
repository and modified TypeORM code to support passing authentication options for the sqlserver driver.What does it change?
It changes a way of passing credentials to the SQLServer database. I modified current interfaces to deprecate
domain
property directly in the configuration model. Instead of this I proposed to passauthentication
property which is compatible with themssql
andtedious
one.I'd recommend to remove
options.domain
in future, to give developers time for any adjustments. Then instead of passing:developers should pass:
Solves
Usage
Default authentication type
AAD Access Token
AAD Service Principal (secret)
AAD MSI App Service Authentication