Support AAD authentication via connection string #1400
Comments
|
This definitely would be a worthwhile enhancement - would you be prepared to open a PR? |
|
@dhensby would it be possible to get a new release with latest (including the above)? |
|
Oh yes! sorry, this shouldn't have been left unreleased so long. v9.1.0 is out |
|
👍 perfect thanks @dhensby |
|
Unfortunately the release broke standard connections strings. The changes hadn't been tested to ensure standard connection strings worked and, as such, the PR was no adequate to work in a generic way. It provided AD support at the expense of standard authentication. |
|
Upon further investigation, I found two issues The first one, the breakage of standard authentication was caused by this code. node-mssql/lib/base/connection-pool.js Lines 302 to 305 in 9e1fc42 Where tedious still recognizes an empty authentication object. However if we selectively initialize the authentication under certain conditions like something like this for example: return Object.entries(parsed).reduce((config, [key, value]) => {
if (["client id", "client secret", "tenant id", "tenant id", "token", "authentication"].includes(key)) {
if (typeof(config.authentication) === "undefined") {
config.authentication = { options: {} }
}
}It would work with basic authentication and aad authentication. I tested this with basic authentication: var conn_str = `Server=${config.server};Database=${config.database};User Id=${config.username};Password=${config.password};`;and AAD authentication using client secrets var conn_str = `Server=${config.server};Database=${config.database};Authentication=azure-active-directory-service-principal-secret;client id=${process.env.AZURE_CLIENT_ID};client secret=${process.env.AZURE_CLIENT_SECRET};tenant id=${process.env.AZURE_TENANT_ID};`;Another problem I found was with parsing UUIDs. If the value starts with a numeric value, the method So if the UUID on Azure was generated with a numeric character, then our code wouldn't work eitherway. Should we rewrite _parseConnectionString? or should we file this as a bug under tedious? |
|
Thanks for that feedback. I had come to the same conclusion about the fact that an empty We have two choices:
As for the issue with parsing UUIDs, we must get that sorted in the parsing library. Other feedback on the PR is that it is not using the correct strings for the authentication types as dictated by the docs so that also needs to be re-implemented. |
|
Alright, I'll try to sort these out (except for the parsing library one) later this weekend, should I submit a new PR? |
|
connection string fix here: tediousjs/connection-string#27 |
|
Got the PR up tonight. Went with approach 1. I tried to follow how the authentication object is handle in the connection-pool.js under tedious, where the parameters such as client id, tenant and such are assigned on the config object and then reassigned to config.authentication later. Also done updating the values of authentication to align with the docs, was a bit tricky to do since what is in the docs isn't exactly a one-to-one match with what is available on tedious so I had to create a method called _parseAuthenticationType where it changes based on the other parameters given. Such as if the type is Active Directory Integrated and only the token parameter is supplied, internally, it becomes azure-active-directory-access-token and so-on. |
Expected behaviour:
Successful connection when "Active Directory Password" is specified in the connection string
Example:
See https://learn.microsoft.com/en-us/dotnet/api/system.data.sqlclient.sqlconnection.connectionstring?view=dotnet-plat-ext-7.0 for allowed values in
authenticationprop ("Active Directory Integrated, Active Directory Password, Sql Password")Actual behaviour:
Connection fails because the authentication is ignored when creating the connection config, defaulting to SQL login with user and password
node-mssql/lib/base/connection-pool.js
Lines 107 to 108 in 567c2de
Software versions
The text was updated successfully, but these errors were encountered: