[Identity] Wrapper for packages that use @azure/ms-rest-nodeauth

[ramya-rao-a]

Most of the JS packages for Azure services use the credentials from the @azure/ms-rest-nodeauth. These follow the TokenClientCredentials interface.

Now the latest docs around Identity will lead people to the @azure/identity which is also the place where active development is taking place.

In order to take advantage of the new features in the @azure/identity package, it would be good to have a wrapper/helper method that would take a credential from the new package and return something that follows the interface TokenClientCredentials from the older package

@jongio did mention that he has something along these lines. If so, can we have a pointer to it from the readme of the @azure/identity package?

cc @jonathandturner

[ramya-rao-a]

https://github.com/jongio/azidext

[ramya-rao-a]

Assuming we know which "scope" to use, we have a couple of options where we update the v4 code generator to provide a solution here. This scope would be the same for all ARM packages, but would be different for the rest like batch, graph, service fabric etc.

• Update the v4 code generator to update the readme that show the use of ms-rest-nodeauth to instead use the code snippet that
  • Uses @azure/identity to create a credential
  • Call getToken() on it with the right scope
  • Then use Authenticating with existing token to create a ServiceClientCredentials that can then be used with the package in question
• Do the above, but move the last step into the generated package i.e. update the v4 code generator to add a constructor overload that takes the access token instead of ServiceClientCredentials. Internally, this can create the credentials using the code snippet shared in Authenticating with existing token.
• Update the v4 code generator to add a constructor overload that takes a TokenCredential instead of ServiceClientCredentials. Internally, this can create the credentials using the code snippet shared in Jon's adapter. This requires the generated code to take dependency on @azure/core-auth

@joheredi, Thoughts?

cc @daviwil

Once we are done with the above, the Authenticate with the Azure management modules for JavaScript will need to be updated as well

[joheredi]

Option 1 is of course the cheaper option, however we may end up with a snippet that is not easy to follow.

Option 3 makes sense, as it shouldn't be too difficult to generate the overload and adapter. Also the user experience will be better.

@ramya-rao-a what's the timeframe for this?

[jongio]

Yeah, i recommend creating the adapter - please steal the existing code.

[jongio]

Heads up , removed space from file name, new path: https://github.com/jongio/azidext/blob/master/js/azureIdentityCredentialAdapter.ts

[ramya-rao-a]

@joheredi If Option 3 is doable, then doing so now during the MQ milestone would be preferable

[ramya-rao-a]

@joheredi Can you log an issue in the code gen repo, link it here and close this issue?

[joheredi]

Logged Azure/autorest.typescript#815 which will be the main tracking issue