Support for Azure AD RBAC when using Cosmos DB

[MarcelMichau]

Azure Cosmos DB now supports RBAC for data plane operations using Azure AD as described here. This improves the security posture of an application as it negates the need for managing the secure storage & rotation of connection strings/account keys when communicating with Cosmos DB.

Currently, it doesn't seem like there is a way to enable Azure AD RBAC when using the Cosmos DB EF provider. This makes it impossible to connect to Azure Cosmos DB through RBAC exclusively when using EF Core. According to the Cosmos DB docs, the SDK needs to be initialized with a specific TokenCredential passed to the CosmosClient constructor, but I'm unaware of a mechanism to customize the CosmosClient used by EF other than using CosmosDbContextOptionsBuilder which does not seem to provide such an option.

It would be ideal if there was a mechanism to provide a custom CosmosClient to EF in some way. This closed issue requested something similar, though I understand the CosmosClient cannot be provided due to how EF performs caching internally. Failing that, it would be nice to have an overload of UseCosmos() which takes a TokenCredential parameter which it then passes to the SDK instead of using the AccountKey/ConnectionString.

[ajcvickers]

Duplicate of #26491.

[MarcelMichau]

Ah shucks, thanks @ajcvickers! I clearly missed that one, my apologies. I'll close this issue.