将 Bearer 令牌与 azure-sdk-for-js 一起使用 [英] Using Bearer tokens along with azure-sdk-for-js

问题描述

我们正在构建一个 nodejs 服务器，它使用 AAD 对用户进行身份验证.当用户登录我们的应用程序时，我们会从 Microsoft 登录端点获得一个 JWT accessToken.

We are building a nodejs server, which authenticates the user using AAD. We get a JWT accessToken from the Microsoft login endpoint when a user logs in to our app.

我们如何使用这个令牌来调用使用这个 javascript API 来获取 blob/containers?我不想使用 (Authorization: Bearer accessToken) 调用直接向 API 发出 ajax 请求.

How do we use this token to make calls to get the blobs/containers using this javascript API? I don't want to make direct ajax requests to the API's using the (Authorization: Bearer accessToken) calls.

我已经成功使用这样的邮递员拨打电话了?如何使用 blobServiceClient 以编程方式执行此操作?

I have succeeded in using postman like this to make the calls? How do I do this programmatically using blobServiceClient?

推荐答案

根据我的研究，如果我们使用 V10 版本的 SDK @azure/storage-blob 我们可以直接使用 Azure AD 访问令牌来管理 azure blob 服务.因为sdk提供类TokenCredential.我们可以使用代码 const tokenCredential = new azure.TokenCredential("token") 来初始化一个凭证，然后使用它来获取 blob.

According to my research, if we use V10 version SDK @azure/storage-blob we can directly use Azure AD access token to manage azure blob service. Because the sdk provides class TokenCredential. We can use code const tokenCredential = new azure.TokenCredential("token") to initialize a credential then use it to get blob.

例如

const azure = require("@azure/storage-blob"); 

async function getBlobContent(){

    const tokenCredential = new azure.TokenCredential("")
    const pipeline =  azure.StorageURL.newPipeline(tokenCredential)
    const serviceURL = new azure.ServiceURL(`https://jimtestperfdiag516.blob.core.windows.net`, pipeline);
    const containerURL = azure.ContainerURL.fromServiceURL(serviceURL, "test");
    const blockBlobURL = azure.BlockBlobURL.fromContainerURL(containerURL, "test.csv");
    const aborter=azure.Aborter.timeout(30* 60 * 1000)
    const downloadResponse = await blockBlobURL.download(aborter, 0);
    const downloadedContent = await streamToString(downloadResponse.readableStreamBody);
    console.log(`Downloaded blob content: "${downloadedContent}"`);



}

async function streamToString(readableStream) {
    return new Promise((resolve, reject) => {
      const chunks = [];
      readableStream.on("data", data => {
        chunks.push(data.toString());
      });
      readableStream.on("end", () => {
        resolve(chunks.join(""));
      });
      readableStream.on("error", reject);
    });
}

getBlobContent()
  .then(() => {
    console.log("Successfully executed sample.");
  })
  .catch((err) => {
    console.log(err.message);
  });

更多详情请参考https:///www.npmjs.com/package/@azure/storage-blob/v/10.5.0 和 https://docs.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-nodejs-legacy.

For more details, please refer to https://www.npmjs.com/package/@azure/storage-blob/v/10.5.0 and https://docs.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-nodejs-legacy.

此外，请注意，如果您想使用 Azure AD 访问 azure blob，我们需要将 RABS 角色(存储 Blob 数据所有者、存储 Blob 数据贡献者或存储 Blob 数据读取者)分配给用户或服务主体:https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad

Besides, please note that if you want to access azure blob with Azure AD, we need to assign RABS role (Storage Blob Data Owner Storage Blob Data Contributor or Storage Blob Data Reader) to user or service principal : https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad

这篇关于将 Bearer 令牌与 azure-sdk-for-js 一起使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！