Azure Sql 连接使用来自 Azure 的访问令牌与 nodejs 的身份
[英]Azure Sql connection using access token from Azure Identity with nodejs
问题描述
I'm trying to use access tokens from @azure/identity to connect to azure sql using mssql (which uses tedious behind the scenes).
我正在尝试使用来自 @azure/identity 的访问令牌连接到 azure sql 使用 mssql(在幕后使用繁琐)。 The access tokens don't seem to work as is (quite similar to python - more on this later).访问令牌似乎没有按原样工作(与 python 非常相似 - 稍后会详细介绍)。
I have the following code:我有以下代码:
const identity = require("@azure/identity")
function getConfig(accessToken){
var config = {
"authentication": {
"type": "azure-active-directory-access-token",
"options": {
"token": accessToken
}
},
"server": "dbserver.database.windows.net",
"options": {
"encrypt": true,
"database": "dbname",
}
};
return config;
}
const cred = new identity.DefaultAzureCredential();
const token = await cred.getToken("https://database.windows.net/.default")
const conf = getConfig(token.token)
let pool = await sql.connect(conf)
This always fails with "Login failed for user ''".这总是失败并显示“用户''登录失败”。
I have the following python code which does exactly the same:我有以下 python 代码完全相同:
def get_token():
creds = identity.DefaultAzureCredential()
token = creds.get_token("https://database.windows.net/.default")
tokenb = bytes(token.token, "UTF-8")
exptoken = b''
for i in tokenb:
exptoken += bytes({i})
exptoken += bytes(1)
tokenstruct = struct.pack("=i", len(exptoken)) + exptoken
return tokenstruct
def execute_query():
access_token = get_token()
print(access_token)
sql_server_name = "db-server"
sql_server_db = "database_name"
SQL_COPT_SS_ACCESS_TOKEN = 1256
connString = f"Driver={{ODBC Driver 17 for SQL Server}};SERVER={sql_server_name}.database.windows.net;DATABASE={sql_server_db}"
conn = pyodbc.connect(connString, attrs_before={
SQL_COPT_SS_ACCESS_TOKEN: access_token})
cursor = conn.cursor()
cursor.execute("SELECT * from SYSOBJECTS")
row = cursor.fetchone()
while row:
print(row)
row = cursor.fetchone()
This works perfectly.这完美地工作。 I've also noticed the following:我还注意到以下几点:
- If I take the access token from the node version (printed by console.log) and pass it to the python code in please of access_token, I get the same error from python (Login failed for user '').如果我从节点版本(由 console.log 打印)获取访问令牌并将其传递给 access_token 中的 python 代码,我会从 python 收到相同的错误(用户''登录失败)。
- If I pass the access token from javascript and pass it to the python code for token.token (in get_token), then it works perfectly.如果我从 javascript 传递访问令牌并将其传递给 token.token 的 python 代码(在 get_token 中),那么它可以完美运行。
So I'm guessing the binary padding and packing thing that's working for python needs to be done for the node code to work.所以我猜想为 python 工作的二进制填充和打包需要完成节点代码才能工作。 Is there some way of doing this?有没有办法做到这一点? Or is there some better way to pass an access token from azure-identity to tedious?或者有没有更好的方法将访问令牌从 azure-identity 传递到乏味?
1 个解决方案
解决方案1
0 2021-02-24 22:07:29
Doh... I was using node-mssql which is the abandoned 0.0.1 library. Doh ...我使用的是废弃的 0.0.1 库 node-mssql。 Switching to mssql (v6.3.1) uses a recent version of tedious, and the access token works directly.切换到 mssql (v6.3.1) 使用的是最新版本的 tedious,访问令牌直接工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.