@@ -38,4 +38,189 @@ All demos and source code available online:
3838
3939### Today's agenda
4040
41- 1 . Item
41+ 1 . Use msal-node library in a Node server-side app
42+ 1 . Use default azure credential provider for Azure SDK
43+ 1 . Create custom credential provider
44+
45+ ## Demo: * Accessing Azure resource using MSAL.js and a Node.js server-side app*
46+
47+ ::: notes
48+
49+ ##### Create Node server-side app
50+
51+ > Register app with ** secret** , ** User.Read.All** , and ** admin constent** .
52+
53+ ``` bash
54+ npm init
55+ ```
56+
57+ ``` json
58+ {
59+ "name" : " servernodemsal"
60+ "main" : " app.js"
61+ "type" : " module"
62+ "scripts" : {
63+ "start" : " node app.js"
64+ }
65+ }
66+ ```
67+
68+ ##### Configure MSAL.js 2.0 (Node variant)
69+
70+ ``` bash
71+ npm install @azure/msal-node --save
72+ ```
73+
74+ ``` javascript
75+ import { ConfidentialClientApplication } from ' @azure/msal-node'
76+ ```
77+
78+ ``` javascript
79+ const config = {
80+ auth: {
81+ clientId: ' <client-id>'
82+ authority: ' https://login.microsoftonline.com/<tenant-id>'
83+ clientSecret: ' <client-secret>'
84+ }
85+ };
86+
87+ var client = new ConfidentialClientApplication (config);
88+
89+ var request = {
90+ scopes: [ ' https://graph.microsoft.com/.default'
91+ };
92+
93+ let response = await client .acquireTokenByClientCredential (request);
94+
95+ console .dir (response);
96+ ```
97+
98+ ##### Query Microsoft Graph
99+
100+ ``` bash
101+ npm install node-fetch --save
102+ ```
103+
104+ ``` javascript
105+ import fetch from ' node-fetch'
106+ ```
107+
108+ ``` javascript
109+ let query = await fetch (' https://graph.microsoft.com/v1.0/users'
110+ headers: {
111+ ' Authorization' : ' Bearer ' + response .accessToken
112+ }
113+ });
114+ let json = await query .json ();
115+ console .dir (json);
116+ ```
117+
118+ ##### Manipulate Azure Storage
119+
120+ > Add Azure Storage ** user_impersonation** permission and grant ** admin consent** . Also use RBAC to add AAD app reg as a ** Storage Blob Data Contributor** .
121+
122+ ``` bash
123+ npm install @azure/storage-blob --save
124+ ```
125+
126+ ``` javascript
127+ import { BlobServiceClient } from ' @azure/storage-blob'
128+ ```
129+
130+ ``` bash
131+ npm install @azure/identity --save
132+ ```
133+
134+ ``` javascript
135+ import { DefaultAzureCredential } from ' @azure/identity'
136+ ```
137+
138+ ``` javascript
139+ var request = {
140+ scopes: [ ' https://storage.azure.com/.default'
141+ };
142+ ```
143+
144+ ``` javascript
145+ var client = new BlobServiceClient (' https://<storage-account>.blob.core.windows.net/' new DefaultAzureCredential ());
146+
147+ let container = client .getContainerClient (' democontainer'
148+ await container .createIfNotExists ();
149+ ```
150+
151+ ``` bash
152+ npm install dotenv --save-dev
153+ ```
154+
155+ ``` javascript
156+ import dotenv from ' dotenv'
157+ ```
158+
159+ ``` env
160+ AZURE_CLIENT_ID ="<client-id>"
161+ AZURE_TENANT_ID="<tenant-id>"
162+ AZURE_CLIENT_SECRET="<client-secret>"
163+ ```
164+
165+ ``` javascript
166+ dotenv .config ();
167+ ```
168+
169+ ##### Create custom token credential
170+
171+ ``` bash
172+ npm install @azure/core-auth --save
173+ ```
174+
175+ ``` javascript
176+ class MyAzureCredential {
177+ async getToken (requestedScopes ) {
178+ const config = {
179+ auth: {
180+ clientId: ' <client-id>'
181+ authority: ' https://login.microsoftonline.com/<tenant-id>'
182+ clientSecret: ' <client-secret>'
183+ }
184+ }
185+ var client = new ConfidentialClientApplication (config);
186+ var request = {
187+ scopes: Array .isArray (requestedScopes) ? requestedScopes : [requestedScopes]
188+ };
189+ let response = await client .acquireTokenByClientCredential (request);
190+ return {
191+ token: response .accessToken ,
192+ expiresOnTimestamp: response .expiresOn .getTime ()
193+ }
194+ };
195+ }
196+ ```
197+
198+ ``` javascript
199+ var client = new BlobServiceClient (' https://<storage-account>.blob.core.windows.net/' new MyAzureCredential ());
200+
201+ let container = client .getContainerClient (' examplecontainer'
202+ await container .createIfNotExists ();
203+ ```
204+
205+ ##### Use custom token credential with
206+
207+ ``` bash
208+ npm install @azure/cosmos --save
209+ ```
210+
211+ ``` javascript
212+ import { CosmosClient } from ' @azure/cosmos'
213+ ```
214+
215+ ``` javascript
216+ var client = new CosmosClient ({
217+ aadCredentials: new MyAzureCredential ,
218+ endpoint: ' https://<account-name>.documents.azure.com:443/'
219+ });
220+
221+ let response = await client .getDatabaseAccount ();
222+
223+ console .dir (response);
224+ ```
225+
226+ :::
0 commit comments