Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please document how to get a token with impersonation_scope to connect to an Azure SQL Database #15586

Closed
shueybubbles opened this issue Sep 17, 2021 · 5 comments
Closed

Please document how to get a token with impersonation_scope to connect to an Azure SQL Database #15586

shueybubbles opened this issue Sep 17, 2021 · 5 comments
Assignees
@chlowell
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
2022-12

Comments

@shueybubbles
Copy link

Feature Request

I am trying to implement the equivalent of sqlcmd -G, using the token-based access connector of the go-mssqldb driver.

The driver doesn't yet negotiate with the server to provide the tenant id and authority URLs so I know I have to use defaults for now, or have the user set them with environment variables.

Once I create a credential using azidentity.NewDefaultAzureCredential, how do I fetch a token with scope user_impersonation for the resource https://database.windows.net ?
@ghost ghost added needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Sep 17, 2021
@RickWinter RickWinter added Azure.Identity Client This issue points to a problem in the data-plane of the library. labels Sep 17, 2021
@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Sep 17, 2021
@chlowell
Copy link
Member

You call the credential's GetToken method. azidentity uses the Azure AD v2 endpoint, so you would request a token for the v2 scope /.default, which has the same permissions as the v1 resource:

cred, err := azidentity.NewDefaultAzureCredential(nil)
opts := policy.TokenRequestOptions{Scopes: []string{"https://database.windows.net/.default"}}
tk, err := cred.GetToken(context.Background(), opts)
log.Print(tk.Token) // tk.Token is the access token, a string

@RickWinter
Copy link
Member

@chlowell Lets add this snippet to the identity README.md docs

@ghost ghost added the needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team label Sep 17, 2021
@RickWinter RickWinter removed Docs needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team labels Sep 17, 2021
@shueybubbles
Copy link
Author

Is there a way to provide a login hint for the interactive login?

@chlowell
Copy link
Member

Not today, but we intend to enable that. I created #15599 to track it.

@RickWinter RickWinter added this to the Backlog milestone Oct 21, 2021
@RickWinter RickWinter modified the milestones: Backlog, [2022] October Jun 22, 2022
@RickWinter RickWinter modified the milestones: 2022-10, 2022-12 Sep 1, 2022
@chlowell
Copy link
Member

Closing this because the details of Azure AD scopes are out of scope for azidentity docs. Azure AD's own docs are a better source: https://learn.microsoft.com/azure/active-directory/develop/scopes-oidc

@github-actions github-actions bot locked and limited conversation to collaborators Apr 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@chlowell chlowell

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
None yet
Milestone
2022-12
Development

No branches or pull requests
3 participants
@shueybubbles @RickWinter @chlowell