Revisit AAD/Entra security options #357
Replies: 5 comments
-
|
This makes sense. Other drivers offer a similar experience. |
Beta Was this translation helpful? Give feedback.
-
|
One of the key things is to make sure that we have all individual authentication options addressable as connection string flags for az default auth: https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.defaultazurecredential?view=azure-python |
Beta Was this translation helpful? Give feedback.
-
|
We should also have a new auth option for Fabric notebooks that encapsulates the logic shown here to fetch an auth token: https://www.reddit.com/r/MicrosoftFabric/comments/1p6mkn3/connect_to_fabric_warehouse_from_python_notebook/ |
Beta Was this translation helpful? Give feedback.
-
|
Here's the flags the go driver supports: https://github.com/microsoft/go-mssqldb#azure-active-directory-authentication |
Beta Was this translation helpful? Give feedback.
-
|
Also, given that we are deprecating Entra Password authentication across all drivers, if we haven't already put it in mssql-python, don't add it. If we have, we should mark it deprecated. As for other options, if we are just leveraging Azure Identity and passing through to that library, I'm good with exposing all the auth options they expose. (Caveat - I have not looked into what, if anything, each option requires in the way of new parameters that we might additionally need to account for. So those should be listed before a final include/exclude decision is made.) |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Is your feature request related to a problem? Please describe.
Based upon feedback from here: https://www.reddit.com/r/MicrosoftFabric/comments/1p5cjda/comment/nqn5hou/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
We should create aliases for the Entra versions of the AAD authentication options. While we are in there, we should make sure all of the individual options for entra authentication are available in the connection string to avoid forcing people to use ActiveDirectoryDefault in production.
Describe the solution you'd like
We should create aliases for the Entra versions of the AAD authentication options. While we are in there, we should make sure all of the individual options for entra authentication are available in the connection string to avoid forcing people to use ActiveDirectoryDefault in production.
Describe alternatives you've considered
There is no alternative.
Additional context
Add any other context about the feature request here.
Beta Was this translation helpful? Give feedback.
All reactions