or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

index.mdkey-authentication.mdnamed-key-authentication.mdsas-authentication.mdtoken-authentication.md
tile.json

tessl/npm-azure--core-auth

Provides low-level interfaces and helper methods for authentication in Azure SDK

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
npmpkg:npm/@azure/core-auth@1.10.x

To install, run

npx @tessl/cli install tessl/npm-azure--core-auth@1.10.0

index.mddocs/

Azure Core Auth

Azure Core Auth provides low-level interfaces and helper methods for authentication in Azure SDK libraries. It defines standardized patterns for handling various Azure authentication schemes including Azure Active Directory integration, with built-in support for modern JavaScript environments including browser, Node.js, and React Native platforms.

Package Information

  • Package Name: @azure/core-auth
  • Package Type: npm
  • Language: TypeScript
  • Installation: npm install @azure/core-auth

Core Imports

import {
  TokenCredential,
  AzureKeyCredential,
  AzureNamedKeyCredential,
  AzureSASCredential,
  KeyCredential,
  NamedKeyCredential,
  SASCredential,
  type AccessToken,
  type GetTokenOptions,
  type HttpMethods, // Re-exported from @azure/core-util
  type TracingContext,
  isTokenCredential,
  isKeyCredential,
  isNamedKeyCredential,
  isSASCredential
} from "@azure/core-auth";

For CommonJS:

const {
  TokenCredential,
  AzureKeyCredential,
  AzureNamedKeyCredential,
  AzureSASCredential,
  KeyCredential,
  NamedKeyCredential,
  SASCredential,
  isTokenCredential,
  isKeyCredential,
  isNamedKeyCredential,
  isSASCredential
} = require("@azure/core-auth");

Basic Usage

import { TokenCredential, AzureKeyCredential, AccessToken } from "@azure/core-auth";

// Token-based authentication (most common for Azure services)
class MyTokenCredential implements TokenCredential {
  async getToken(scopes: string | string[]): Promise<AccessToken | null> {
    // Implementation would obtain token from Azure AD
    return {
      token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIs...",
      expiresOnTimestamp: Date.now() + 3600000 // 1 hour from now
    };
  }
}

// Key-based authentication for services that use API keys
const keyCredential = new AzureKeyCredential("your-api-key");

// Update key when needed (e.g., key rotation)
keyCredential.update("new-api-key");

Architecture

Azure Core Auth is built around several key components:

  • TokenCredential Interface: Primary interface for Azure AD-based authentication with automatic token refresh
  • Credential Classes: Concrete implementations for different authentication methods with update capabilities
  • Type Guards: Runtime validation functions to determine credential types
  • Option Interfaces: Comprehensive configuration for token requests including CAE, PoP, and tracing
  • Cross-platform Support: Consistent behavior across Node.js, browser, and React Native environments

Capabilities

Token-based Authentication

Azure Active Directory token-based authentication with support for scopes, claims, and advanced features like Continuous Access Evaluation (CAE) and Proof of Possession (PoP) tokens.

interface TokenCredential {
  getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
}

interface AccessToken {
  token: string;
  expiresOnTimestamp: number;
  refreshAfterTimestamp?: number;
  tokenType?: "Bearer" | "pop";
}

interface GetTokenOptions {
  abortSignal?: AbortSignalLike;
  requestOptions?: { timeout?: number };
  tracingOptions?: { tracingContext?: TracingContext };
  claims?: string;
  enableCae?: boolean;
  tenantId?: string;
  proofOfPossessionOptions?: {
    nonce: string;
    resourceRequestMethod: HttpMethods;
    resourceRequestUrl: string;
  };
}

Token Authentication

Key-based Authentication

Static API key authentication with key rotation capabilities for services that use API keys instead of tokens.

interface KeyCredential {
  readonly key: string;
}

class AzureKeyCredential implements KeyCredential {
  constructor(key: string);
  get key(): string;
  update(newKey: string): void;
}

Key Authentication

Named Key Authentication

Named key pair authentication for services requiring both a name and key combination, such as storage account keys.

interface NamedKeyCredential {
  readonly key: string;
  readonly name: string;
}

class AzureNamedKeyCredential implements NamedKeyCredential {
  constructor(name: string, key: string);
  get key(): string;
  get name(): string;
  update(newName: string, newKey: string): void;
}

Named Key Authentication

SAS Authentication

Shared Access Signature authentication for Azure Storage and other services that support SAS tokens.

interface SASCredential {
  readonly signature: string;
}

class AzureSASCredential implements SASCredential {
  constructor(signature: string);
  get signature(): string;
  update(newSignature: string): void;
}

SAS Authentication

Types

Core Types

type HttpMethods = "GET" | "PUT" | "POST" | "DELETE" | "PATCH" | "HEAD" | "OPTIONS" | "TRACE";

interface TracingContext {
  getValue(key: symbol): unknown;
  setValue(key: symbol, value: unknown): TracingContext;
  deleteValue(key: symbol): TracingContext;
}

interface AbortSignalLike {
  readonly aborted: boolean;
  addEventListener(type: "abort", listener: () => void): void;
  removeEventListener(type: "abort", listener: () => void): void;
}

Type Guards

function isTokenCredential(credential: unknown): credential is TokenCredential;
function isKeyCredential(credential: unknown): credential is KeyCredential;
function isNamedKeyCredential(credential: unknown): credential is NamedKeyCredential;
function isSASCredential(credential: unknown): credential is SASCredential;