1

Is there a library I can use in Node.js to access SQL, which supports AAD authorization? The one that's generally recommended for Node and SQL, Tedious does not have the support for AAD tokens.

Cœur
  • 37,241
  • 25
  • 195
  • 267
Marc
  • 953
  • 7
  • 17

2 Answers2

0

Azure AD has a Node library, ADAL for Node. It supports some flows and is built to support Azure AD v1 only. I'd recommend seeing if the latter option makes sense for you.

Azure AD v2 is mostly feature complete and is very close to the OAuth2 and OpenID Connect standards meaning you can use pretty much any popular open source library. Simple OAuth2 looks to be very popular.

If you choose to use an open source library, here's a good starting place to get the required parameters you'll need for Azure AD v2.

Configs you'll need for an open source library

Authorize: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize

Token: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

OIDC Metadata: https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration

Daniel Dobalian
  • 3,129
  • 2
  • 15
  • 28
  • My question is about using AAD specifically for SQL, not generally getting tokens. I don't think ADAl does it. Even in .NET you need a separate SQL driver to consume the tokens (which you can get through ADAL). – Marc Oct 30 '18 at 19:02
  • Hey Marc, I assumed SQL behaved like other OAuth2 APIs. Can you share the Node repo/doc you were referring to in your question? – Daniel Dobalian Oct 30 '18 at 20:28
  • Here u go @Daniel: [link](https://github.com/tediousjs/tedious/issues/416) – Marc Oct 31 '18 at 04:36
0

Tedious has AAD authentication methods such as azure-active-directory-password, azure-active-directory-access-token, azure-active-directory-msi-vm, or azure-active-directory-msi-app-service.

Because node-mssql is using tedious, I would recommend using that library to interact with SQL. There is no documentation around how to setup the connection in node-mssql, but node-mssql basically just passes through the credentials config to tedious.

Below an example using node-mssql and azure-active-directory-password:

const config = {
    server: 'yoursqlserver.database.windows.net',
    database: 'yourdb',
    authentication: {
        type: "azure-active-directory-password",
        options: {
            userName: "bob@contoso.com",
            password: "password",
            }
        }
    }
tim
  • 358
  • 3
  • 14
  • How is tedious able to do this without ADAL token etc and why can't we do it in python? – Nikhil VJ Jul 20 '20 at 04:44
  • 1
    If you check the dependencies of tedious you see that they are using a package called @azure/ms-rest-nodeauth. I assume that is the library they use to authenticate with AAD. Python is a different story – tim Jul 20 '20 at 06:45
  • in the python snippets there is a "tenantId". see https://github.com/AzureAD/azure-activedirectory-library-for-python/issues/206 . How is the library getting it? Is it constructing it using the available info? – Nikhil VJ Jul 21 '20 at 13:18