Search code examples
javaazureauthenticationservice

Is this is the correct and full list of authentications methods to authenticate Azure services?

I use the Azure SDK to build my project in Java. And I need to authenticate to some Azure services below:

  1. File Storage
  2. Queue Storage
  3. Service Bus Queue
  4. Service Bus Topic
  5. Data Lake
  6. Data Lake Gen 2
  7. Blob Storage
  8. Event Hub

I found a short documentation at https://learn.microsoft.com/en-us/java/api/com.microsoft.azure.management.azure.authenticate?view=azure-java-legacy and it just mentions about 4 authenticate() methods. But it does not confirm what service they are used for. And I am still concerned if they are all able to use for the above services?

Currently, I want to know a list of auth methods in Azure SDK for each service as I mentioned above.

Please advise me and thanks so much!

Solution

  • Well, in Azure, different services use different auth methods, they can be roughly divided into two categories(not all the services).

    1. Use basic auth, some services will provide something like a connection string, account name and key, then you can use them to access the service easily.

    2. Use Azure AD auth, some services support to use Azure AD auth, you need to use a user account/service principal, give the RBAC roles at the resource scope you want to access, then use the OAuth flows e.g. client credential flow, auth code flow to get the token, then use the token to access the Azure REST API for the specific service. In this way, usually there will be SDK for you, so you don't need to do the above manually.

    For the services you list, some use one of them, and some can use both of them.

    1.File Storage - It uses the account name and key to auth, you need to use them to build the client, refer to this doc.

    2.Queue Storage - It also uses the account name and key to auth, refer to this doc.

    3&4. Service Bus Queue & Topic - They can use connection string or azure ad to auth, create the client, then you can access queue and topic.

    5.Data Lake - It uses azure ad auth, it provides two scenarios, you can choose them depending on your requirement, refer to this doc.

    6.Data Lake Gen 2 - It uses account name and key, or azure ad to auth, refer to this doc.

    7.Blob Storage - It uses the connection string to auth, refer to this doc.

    8.Event Hub - It uses the connection string to auth, refer to this doc.