Named key pair authentication for services requiring both a name and key combination. This authentication method is commonly used with Azure Storage account keys, where both the account name and access key are required, and supports atomic updates of both values.
Base interface for name/key pair authentication.
/**
* Represents a credential defined by a static API name and key.
*/
interface NamedKeyCredential {
/** The value of the API key represented as a string */
readonly key: string;
/** The value of the API name represented as a string */
readonly name: string;
}Concrete implementation of NamedKeyCredential with atomic name/key rotation support.
/**
* A static name/key-based credential that supports updating the underlying name and key values.
*/
class AzureNamedKeyCredential implements NamedKeyCredential {
/**
* Create an instance of an AzureNamedKeyCredential for use with a service client.
* @param name - The initial value of the name to use in authentication
* @param key - The initial value of the key to use in authentication
* @throws TypeError if name or key is empty or undefined
*/
constructor(name: string, key: string);
/** The value of the key to be used in authentication */
get key(): string;
/** The value of the name to be used in authentication */
get name(): string;
/**
* Change the value of the key.
* Updates will take effect upon the next request after updating the key value.
* @param newName - The new name value to be used
* @param newKey - The new key value to be used
* @throws TypeError if newName or newKey is empty or undefined
*/
update(newName: string, newKey: string): void;
}Usage Examples:
import { AzureNamedKeyCredential } from "@azure/core-auth";
// Create credential with storage account name and key
const namedKeyCredential = new AzureNamedKeyCredential(
"mystorageaccount",
"base64-encoded-storage-key-here"
);
// Use with Azure Storage service client
const storageClient = new BlobServiceClient(
"https://mystorageaccount.blob.core.windows.net",
namedKeyCredential
);
// Access current name and key
console.log(namedKeyCredential.name); // "mystorageaccount"
console.log(namedKeyCredential.key); // "base64-encoded-storage-key-here"
// Update both name and key atomically (useful for account migration)
namedKeyCredential.update("newstorageaccount", "new-base64-encoded-key");
// Future requests will use the new name and key
const containers = await storageClient.listContainers();
// Common pattern for storage account key rotation
async function rotateStorageKey(credential: AzureNamedKeyCredential) {
const accountName = credential.name;
const newKey = await getRotatedKeyFromAzure(accountName);
credential.update(accountName, newKey);
console.log(`Storage key rotated for account: ${accountName}`);
}
// Pattern for account migration
async function migrateStorageAccount(
credential: AzureNamedKeyCredential,
newAccountName: string
) {
const newKey = await getKeyForAccount(newAccountName);
credential.update(newAccountName, newKey);
console.log(`Migrated from ${credential.name} to ${newAccountName}`);
}Runtime validation to determine if an object implements the NamedKeyCredential interface.
/**
* Tests an object to determine whether it implements NamedKeyCredential.
* @param credential - The assumed NamedKeyCredential to be tested
* @returns true if the object implements NamedKeyCredential, false otherwise
*/
function isNamedKeyCredential(credential: unknown): credential is NamedKeyCredential;Usage Examples:
import { isNamedKeyCredential, AzureNamedKeyCredential } from "@azure/core-auth";
function processStorageCredential(credential: unknown) {
if (isNamedKeyCredential(credential)) {
// TypeScript now knows credential has 'name' and 'key' properties
console.log(`Storage account: ${credential.name}`);
console.log(`Key length: ${credential.key.length}`);
return true;
}
return false;
}
// Usage in credential validation
function validateStorageCredentials(credentials: unknown[]) {
const namedKeyCredentials = credentials.filter(isNamedKeyCredential);
namedKeyCredentials.forEach(cred => {
if (!cred.name.match(/^[a-z0-9]{3,24}$/)) {
console.warn(`Invalid storage account name format: ${cred.name}`);
}
if (cred.key.length < 64) {
console.warn(`Storage key appears to be too short: ${cred.name}`);
}
});
}
// Usage with multiple credential types
function getStorageCredentialInfo(credential: unknown): string {
if (isNamedKeyCredential(credential)) {
return `Named key credential for account: ${credential.name}`;
}
return "Not a named key credential";
}
// Pattern for handling different credential types
function configureStorageClient(credential: unknown, endpoint: string) {
if (isNamedKeyCredential(credential)) {
return new BlobServiceClient(endpoint, credential);
}
throw new Error("Named key credential required for storage client");
}The AzureNamedKeyCredential constructor and update method will throw TypeError if any parameter is empty or undefined:
import { AzureNamedKeyCredential } from "@azure/core-auth";
// Constructor validation
try {
const credential = new AzureNamedKeyCredential("", "key"); // Throws TypeError
} catch (error) {
console.error(error.message); // "name and key must be non-empty strings"
}
try {
const credential = new AzureNamedKeyCredential("name", ""); // Throws TypeError
} catch (error) {
console.error(error.message); // "name and key must be non-empty strings"
}
// Update method validation
const credential = new AzureNamedKeyCredential("validname", "validkey");
try {
credential.update("", "newkey"); // Throws TypeError
} catch (error) {
console.error(error.message); // "newName and newKey must be non-empty strings"
}
try {
credential.update("newname", ""); // Throws TypeError
} catch (error) {
console.error(error.message); // "newName and newKey must be non-empty strings"
}