Merge pull request #286148 from flang-msft/fxl---nodejs-ropc-entra-fix

JamesJBarnett · web-flow · commit 7d2c07c5c3a3 · 2024-09-07T14:57:51.000-07:00
Fxl---nodejs ropc entra fix
diff --git a/articles/azure-cache-for-redis/cache-nodejs-get-started.md b/articles/azure-cache-for-redis/cache-nodejs-get-started.md
@@ -17,14 +17,242 @@ In this quickstart, you incorporate Azure Cache for Redis into a Node.js app to
 ## Prerequisites
 
 - Azure subscription - [create one for free](https://azure.microsoft.com/free/)
-- [node_redis](https://github.com/mranney/node_redis), which you can install with the command `npm install redis`.
+- Node.js installed, if you haven't done so already. See [Install Node.js on Windows](/windows/dev-environment/javascript/nodejs-on-windows) for instructions on how to install Node and npm on a Windows computer.
 
-For examples of using other Node.js clients, see the individual documentation for the Node.js clients listed at [Node.js Redis clients](https://redis.io/docs/connect/clients/nodejs/).
-
-## Create a cache
+## Create a cache instance
 
 [!INCLUDE [redis-cache-create](~/reusable-content/ce-skilling/azure/includes/azure-cache-for-redis/includes/redis-cache-create.md)]
 
+## Install the node-redis client library
+
+The [node-redis](https://github.com/redis/node-redis) library is the primary Node.js client for Redis. You can install the client with [npm](https://docs.npmjs.com/about-npm) by using the following command:
+
+```bash
+npm install redis
+```
+
+## Create a Node.js app to access a cache
+
+Create a Node.js app that uses either Microsoft Entra ID or access keys to connect to an Azure Cache for Redis. We recommend you use Microsoft Entra ID.
+
+## [Microsoft Entra ID Authentication (recommended)](#tab/entraid)
+
+[!INCLUDE [cache-entra-access](includes/cache-entra-access.md)]
+
+### Install the JavaScript Azure Identity client library
+
+The [Microsoft Authentication Library (MSAL)](/entra/identity-platform/msal-overview) allows you to acquire security tokens from Microsoft identity to authenticate users. There's a [JavaScript Azure identity client library](/javascript/api/overview/azure/identity-readme) available that uses MSAL to provide token authentication support. Install this library using `npm`:
+
+```bash
+npm install @azure/identity
+```
+
+### Create a new Node.js app using Microsoft Entra ID
+
+1. Add environment variables for your **Host name** and **Service Principal ID**, which is the object ID of your Microsoft Entra ID service principal or user. In the Azure portal, this is shown as the _Username_.
+
+    ```cmd
+    set AZURE_CACHE_FOR_REDIS_HOST_NAME=contosoCache
+    set REDIS_SERVICE_PRINCIPAL_ID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+    ```
+
+1. Create a new script file named _redistest.js_.
+
+1. Add the following example JavaScript to the file. This code shows you how to connect to an Azure Cache for Redis instance using the cache host name and key environment variables. The code also stores and retrieves a string value in the cache. The `PING` and `CLIENT LIST` commands are also executed. For more examples of using Redis with the [node-redis](https://github.com/redis/node-redis) client, see [https://redis.js.org/](https://redis.js.org/).
+
+    ```javascript
+    const { createClient } = require("redis");
+    const { DefaultAzureCredential } = require("@azure/identity");
+    
+    async function main() {
+      // Construct a Token Credential from Identity library, e.g. ClientSecretCredential / ClientCertificateCredential / ManagedIdentityCredential, etc.
+      const credential = new DefaultAzureCredential();
+      const redisScope = "https://redis.azure.com/.default";
+    
+      // Fetch a Microsoft Entra token to be used for authentication. This token will be used as the password.
+      let accessToken = await credential.getToken(redisScope);
+      console.log("access Token", accessToken);
+    
+      // Create redis client and connect to the Azure Cache for Redis over the TLS port using the access token as password.
+      const cacheConnection = createClient({
+        username: process.env.REDIS_SERVICE_PRINCIPAL_ID,
+        password: accessToken.token,
+        url: `redis://${process.env.AZURE_CACHE_FOR_REDIS_HOST_NAME}:6380`,
+        pingInterval: 100000,
+        socket: { 
+          tls: true,
+          keepAlive: 0 
+        },
+      });
+    
+      cacheConnection.on("error", (err) => console.log("Redis Client Error", err));
+      await cacheConnection.connect();
+    
+      // PING command
+      console.log("\nCache command: PING");
+      console.log("Cache response : " + await cacheConnection.ping());
+    
+      // SET
+      console.log("\nCache command: SET Message");
+      console.log("Cache response : " + await cacheConnection.set("Message",
+          "Hello! The cache is working from Node.js!"));
+    
+      // GET
+      console.log("\nCache command: GET Message");
+      console.log("Cache response : " + await cacheConnection.get("Message"));
+    
+      // Client list, useful to see if connection list is growing...
+      console.log("\nCache command: CLIENT LIST");
+      console.log("Cache response : " + await cacheConnection.sendCommand(["CLIENT", "LIST"]));
+    
+      cacheConnection.disconnect();
+    
+      return "Done"
+    }
+    
+    main().then((result) => console.log(result)).catch(ex => console.log(ex));
+    ```
+
+1. Run the script with Node.js.
+
+    ```bash
+    node redistest.js
+    ```
+
+1. The output of your code looks like this.
+
+    ```bash
+    Cache command: PING
+    Cache response : PONG
+    
+    Cache command: GET Message
+    Cache response : Hello! The cache is working from Node.js!
+    
+    Cache command: SET Message
+    Cache response : OK
+    
+    Cache command: GET Message
+    Cache response : Hello! The cache is working from Node.js!
+    
+    Cache command: CLIENT LIST
+    Cache response : id=10017364 addr=76.22.73.183:59380 fd=221 name= age=1 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=26 qbuf-free=32742 argv-mem=10 obl=0 oll=0 omem=0 tot-mem=61466 ow=0 owmem=0 events=r cmd=client user=default numops=6
+    
+    Done
+    ```
+
+### Create a sample JavaScript app with reauthentication
+
+Microsoft Entra ID access tokens have a limited lifespan, [averaging 75 minutes](/entra/identity-platform/configurable-token-lifetimes#token-lifetime-policies-for-access-saml-and-id-tokens). In order to maintain a connection to your cache, you need to refresh the token. This example demonstrates how to do this using JavaScript.
+
+1. Create a new script file named _redistestreauth.js_.
+
+1. Add the following example JavaScript to the file.
+
+   ```javascript
+    const { createClient } = require("redis");
+    const { DefaultAzureCredential } = require("@azure/identity");
+    
+    async function returnPassword(credential) {
+        const redisScope = "https://redis.azure.com/.default";
+    
+        // Fetch a Microsoft Entra token to be used for authentication. This token will be used as the password.
+        return credential.getToken(redisScope);
+    }
+    
+    async function main() {
+      // Construct a Token Credential from Identity library, e.g. ClientSecretCredential / ClientCertificateCredential / ManagedIdentityCredential, etc.
+      const credential = new DefaultAzureCredential();
+      let accessToken = await returnPassword(credential);
+    
+      // Create redis client and connect to the Azure Cache for Redis over the TLS port using the access token as password.
+      let cacheConnection = createClient({
+        username: process.env.REDIS_SERVICE_PRINCIPAL_ID,
+        password: accessToken.token,
+        url: `redis://${process.env.AZURE_CACHE_FOR_REDIS_HOST_NAME}:6380`,
+        pingInterval: 100000,
+        socket: { 
+          tls: true,
+          keepAlive: 0 
+        },
+      });
+    
+      cacheConnection.on("error", (err) => console.log("Redis Client Error", err));
+      await cacheConnection.connect();
+    
+      for (let i = 0; i < 3; i++) {
+        try {
+            // PING command
+            console.log("\nCache command: PING");
+            console.log("Cache response : " + await cacheConnection.ping());
+    
+            // SET
+            console.log("\nCache command: SET Message");
+            console.log("Cache response : " + await cacheConnection.set("Message",
+                "Hello! The cache is working from Node.js!"));
+    
+            // GET
+            console.log("\nCache command: GET Message");
+            console.log("Cache response : " + await cacheConnection.get("Message"));
+    
+            // Client list, useful to see if connection list is growing...
+            console.log("\nCache command: CLIENT LIST");
+            console.log("Cache response : " + await cacheConnection.sendCommand(["CLIENT", "LIST"]));
+          break;
+        } catch (e) {
+          console.log("error during redis get", e.toString());
+          if ((accessToken.expiresOnTimestamp <= Date.now())|| (redis.status === "end" || "close") ) {
+            await redis.disconnect();
+            accessToken = await returnPassword(credential);
+            cacheConnection = createClient({
+              username: process.env.REDIS_SERVICE_PRINCIPAL_ID,
+              password: accessToken.token,
+              url: `redis://${process.env.AZURE_CACHE_FOR_REDIS_HOST_NAME}:6380`,
+              pingInterval: 100000,
+              socket: {
+                tls: true,
+                keepAlive: 0
+              },
+            });
+          }
+        }
+      }
+    }
+    
+    main().then((result) => console.log(result)).catch(ex => console.log(ex));
+   ```
+
+1. Run the script with Node.js.
+
+    ```bash
+    node redistestreauth.js
+    ```
+
+1. The output of your code looks like this.
+
+   ```bash
+    Cache command: PING
+    Cache response : PONG
+    
+    Cache command: GET Message
+    Cache response : Hello! The cache is working from Node.js!
+    
+    Cache command: SET Message
+    Cache response : OK
+    
+    Cache command: GET Message
+    Cache response : Hello! The cache is working from Node.js!
+    
+    Cache command: CLIENT LIST
+    Cache response : id=10017364 addr=76.22.73.183:59380 fd=221 name= age=1 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=26 qbuf-free=32742 argv-mem=10 obl=0 oll=0 omem=0 tot-mem=61466 ow=0 owmem=0 events=r cmd=client user=default numops=6
+
+   ```
+
+>[!NOTE]
+>For additional examples of using Microsoft Entra ID to authenticate to Redis using the node-redis library, please see [this GitHub repo](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureCacheForRedis/node-redis.md)
+>
+
+## [Access Key Authentication](#tab/accesskey)
+
 [!INCLUDE [redis-cache-access-keys](includes/redis-cache-access-keys.md)]
 
 Add environment variables for your **HOST NAME** and **Primary** access key. Use these variables from your code instead of including the sensitive information directly in your code.
@@ -34,18 +262,15 @@ set AZURE_CACHE_FOR_REDIS_HOST_NAME=contosoCache
 set AZURE_CACHE_FOR_REDIS_ACCESS_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 ```
 
-## Connect to the cache
+### Connect to the cache
 
-The latest builds of [node_redis](https://github.com/mranney/node_redis) provide support several connection options. Don't create a new connection for each operation in your code. Instead, reuse connections as much as possible.
+>[!NOTE]
+> Don't create a new connection for each operation in your code. Instead, reuse connections as much as possible.
+>
 
-## Create a new Node.js app
+### Create a new Node.js app
 
-1. Create a new script file named *redistest.js*.
-1. Use the command to install a redis package.
-
-    ```bash
-    `npm install redis`
-    ```
+1. Create a new script file named _redistest.js_.
 
 1. Add the following example JavaScript to the file.
 
@@ -101,7 +326,7 @@ The latest builds of [node_redis](https://github.com/mranney/node_redis) provide
     testCache().then((result) => console.log(result)).catch(ex => console.log(ex));
     ```
 
-    This code shows you how to connect to an Azure Cache for Redis instance using the cache host name and key environment variables. The code also stores and retrieves a string value in the cache. The `PING` and `CLIENT LIST` commands are also executed. For more examples of using Redis with the [node_redis](https://github.com/mranney/node_redis) client, see [https://redis.js.org/](https://redis.js.org/).
+    This code shows you how to connect to an Azure Cache for Redis instance using the cache host name and key environment variables. The code also stores and retrieves a string value in the cache. The `PING` and `CLIENT LIST` commands are also executed. For more examples of using Redis with the [node_redis](https://github.com/redis/node-redis) client, see [https://redis.js.org/](https://redis.js.org/).
 
 1. Run the script with Node.js.
 
@@ -111,7 +336,7 @@ The latest builds of [node_redis](https://github.com/mranney/node_redis) provide
 
 1. Example the output.
 
-    ```console
+    ```bash
     Cache command: PING
     Cache response : PONG
     
@@ -130,31 +355,16 @@ The latest builds of [node_redis](https://github.com/mranney/node_redis) provide
     Done
     ```
 
-## Clean up resources
-
-If you continue to the next tutorial, can keep the resources created in this quickstart and reuse them. Otherwise, if you're finished with the quickstart sample application, you can delete the Azure resources created in this quickstart to avoid charges.
-
-> [!IMPORTANT]
-> Deleting a resource group is irreversible and that the resource group and all the resources in it are permanently deleted. Make sure that you do not accidentally delete the wrong resource group or resources. If you created the resources for hosting this sample inside an existing resource group that contains resources you want to keep, you can delete each resource individually instead of deleting the resource group.
->
-
-1. Sign in to the [Azure portal](https://portal.azure.com) and select **Resource groups**.
-
-1. In the **Filter by name** text box, enter the name of your resource group. The instructions for this article used a resource group named *TestResources*. On your resource group in the result list, select **...** then **Delete resource group**.
-
-    ![Delete Azure Resource group](./media/cache-nodejs-get-started/redis-cache-delete-resource-group.png)
-
-1. Confirm the deletion of the resource group. Enter the name of your resource group to confirm, and select **Delete**.
+---
 
-1. After a few moments, the resource group and all of its contained resources are deleted.
+[!INCLUDE [cache-delete-resource-group](includes/cache-delete-resource-group.md)]
 
 ## Get the sample code
 
 Get the [Node.js quickstart](https://github.com/Azure-Samples/azure-cache-redis-samples/tree/main/quickstart/nodejs) on GitHub.
 
-## Next steps
+## Related content
 
 In this quickstart, you learned how to use Azure Cache for Redis from a Node.js application. Continue to the next quickstart to use Azure Cache for Redis with an ASP.NET web app.
 
-> [!div class="nextstepaction"]
-> [Create an ASP.NET web app that uses an Azure Cache for Redis.](./cache-web-app-howto.md)
+- [Create an ASP.NET web app that uses an Azure Cache for Redis.](cache-web-app-howto.md)
