Merge pull request #143 from Azure/migration-fixes

Migration to Identity: Issues in the code snippets
Azure · Feb 22, 2022 · ea8056a · ea8056a
2 parents 3710a14 + 385cacb
commit ea8056a
Showing 1 changed file with 14 additions and 16 deletions.
diff --git a/migrate-to-identity-v2.md b/migrate-to-identity-v2.md
@@ -108,9 +108,9 @@ const credential = new ClientSecretCredential(
 You will continue specifying a `baseUri` when creating the client in the Azure package to point to the correct scope relative to a national cloud. An example follows:
 
 ```diff
-- import { ApplicationTokenCredentials } from "@azure/ms-rest-nodeauth";
+- import { loginWithServicePrincipalSecret } from "@azure/ms-rest-nodeauth";
 + import { ClientSecretCredential, AzureAuthorityHosts } from "@azure/identity";
-- import { Environment } from "@azure/ms-rest-azure-env";
+import { Environment } from "@azure/ms-rest-azure-env";
 import { SubscriptionClient } from "@azure/arm-subscriptions";
 
 import * as msRest from "@azure/ms-rest-js";
@@ -119,20 +119,16 @@ import * as dotenv from "dotenv";
 dotenv.config();
 
 const clientId = process.env.AZURE_CLIENT_ID;
-const domain = process.env.AZURE_TENANT_ID;
-const tenantId = process.env.AZURE_TENANT_ID;
-const secret = "process.env.AZURE_CLIENT_SECRET;
-const tokenAudience = "https://graph.microsoft.com/";
-- const environment = Environment.ChinaCloud;
+const domain = process.env.AZURE_TENANT_ID; // domain or tenantId
+const secret = process.env.AZURE_CLIENT_SECRET;
+const environment = Environment.ChinaCloud;
++ const authorityHost = AzureAuthorityHosts.AzureChina;
 
 async function main() {
-- const credential = new ApplicationTokenCredentials(clientId, domain, secret, tokenAudience, environment);
-+ const credential = new ClientSecretCredential(tenantId, clientId, secret, tokenAudience, {
-+  authorityHost: AzureAuthorityHosts.AzureChina
-+ });
+- const credential = await loginWithServicePrincipalSecret(clientId, secret, domain, { environment });
++ const credential = new ClientSecretCredential(domain, clientId, secret, { authorityHost });
   const client = new SubscriptionClient(credential, {
--  baseUri: environment.resourceManagerEndpointUrl,
-+  baseUri: "https://management.chinacloudapi.cn"
+   baseUri: environment.resourceManagerEndpointUrl,
   });
 
   const subscriptions = await client.subscriptions.list();
@@ -211,17 +207,19 @@ While scopes (or resources) are generally provided to the new credentials intern
 
 Scopes generally include permissions. For example, to request a token that could have read access to the currently authenticated user, the scope would be `https://graph.microsoft.com/User.Read`. An app may also request any available permission, as defined through the app registration on the Azure portal, by sending a request ending in `/.default` as the scope. For more information about Azure scopes and permissions, see [Permissions and consent in the Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent).
 
-The following example code shows how to migrate from using `@azure/ms-rest-nodeauth`'s `tokenAudience` to `@azure/identity`'s `getToken`, with a scope that grants Key Vault access:
+The following example code shows how to migrate from using `@azure/ms-rest-nodeauth`'s `getToken` to `@azure/identity`'s `getToken`, with a scope that grants Key Vault access:
 
 ```diff
 - import { interactiveLogin } from "@azure/ms-rest-nodeauth";
 + import { AzureCliCredential } from "@azure/identity";
 
 async function main() {
--  const authResponse = await interactiveLogin({
+-  const credentials = await interactiveLogin({
 -    tokenAudience: "https://vault.azure.net/"
 -  });
-+  const credential = new AzureCliCredential("https://vault.azure.net/.default");
+-  const tokenResponse = await credentials.getToken();
++  const credential = new InteractiveBrowserCredential();
++  const accessToken = await credential.getToken("https://vault.azure.net/.default");
 }
 
 main().catch(console.error);