how to use aad in different languages

Author: terencefan

articles/azure-web-pubsub/concept-azure-ad-authorization.md

@@ -26,7 +26,7 @@ When a security principal attempts to access a Web PubSub resource, the request
 
 ### Client-side authentication while using Azure AD
 
-When using Access Key, the key is shared between your negotiation server (or Function App) and the Web PubSub resource, which means the Web PubSub service could authenticate the client connection request with the shared key. However, there is no shared key when using Azure AD to authorize. 
+When using Access Key, the key is shared between your negotiation server (or Function App) and the Web PubSub resource, which means the Web PubSub service could authenticate the client connection request with the shared key. However, there is no access key when using Azure AD to authorize. 
 
 To solve this problem, we provided a REST API for generating the client token that can be used to connect to the Azure Web PubSub service.
 

articles/azure-web-pubsub/howto-authorize-from-application.md

@@ -107,55 +107,14 @@ To learn more about how to assign and manage Azure role assignments, see these a
 - [Assign Azure roles using Azure CLI](../role-based-access-control/role-assignments-cli.md)
 - [Assign Azure roles using Azure Resource Manager templates](../role-based-access-control/role-assignments-template.md)
 
-## Configure your server
+## Sample codes
 
-It is recommended to configure identity and credentials in your environment variables:
+We officially support 4 programming languages:
 
-| Variable	| Description |
-|------|------
-| `AZURE_TENANT_ID`	| The Azure Active Directory tenant(directory) ID. |
-| `AZURE_CLIENT_ID`	| The client(application) ID of an App Registration in the tenant. |
-| `AZURE_CLIENT_SECRET`	| A client secret that was generated for the App Registration. |
-| `AZURE_CLIENT_CERTIFICATE_PATH` | A path to certificate and private key pair in PEM or PFX format, which can authenticate the App Registration. |
-| `AZURE_USERNAME`	| The username, also known as upn, of an Azure Active Directory user account. |
-| `AZURE_PASSWORD`	| The password of the Azure Active Directory user account. Note this does not support accounts with MFA enabled. |
-
-By doing this, you could use either [DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential) or [EnvironmentCredential](/dotnet/api/azure.identity.environmentcredential) to configure your Web PubSub endpoints.
-
-### Sample codes
-
-These are sample codes for C#. For other supported languages, see JavaScript/Python/Java.
-
-```C#
-var endpoint = new Uri("https://<resource1>.webpubsub.azure.com");
-var client = new WebPubSubServiceClient(endpoint, "hub", new DefaultAzureCredential());
-```
-
-To learn how `DefaultAzureCredential` works, see [DefaultAzureCredential Class](/dotnet/api/azure.identity.defaultazurecredential).
-
-```C#
-var endpoint = new Uri("https://<resource1>.webpubsub.azure.com");
-var client = new WebPubSubServiceClient(endpoint, "hub", new EnvironmentCredential());
-```
-
-You could also use [ClientSecretCredential](/dotnet/api/azure.identity.clientsecretcredential) or [ClientCertificateCredential](/dotnet/api/azure.identity.clientcertificatecredential) directly if you'd like to.
-
-```C#
-var endpoint = new Uri("https://<resource1>.webpubsub.azure.com");
-var credential = new ClientSecretCredential("tenantId", "clientId", "clientSecret");
-var client = new WebPubSubServiceClient(endpoint, "hub", credential);
-```
-```C#
-var endpoint = new Uri("https://<resource1>.webpubsub.azure.com");
-var credential = new ClientCertificateCredential("tenantId", "clientId", "pathToCert");
-var client = new WebPubSubServiceClient(endpoint, "hub", credential);
-```
-
-To learn more about creating `TokenCredential` for Azure AD Authorization, see there articles:
-
-- [DefaultAzureCredential Class](/dotnet/api/azure.identity.defaultazurecredential)
-- [ClientSecretCredential Constructors](/dotnet/api/azure.identity.clientsecretcredential.-ctor)
-- [ClientCertificateCredential Constructors](/dotnet/api/azure.identity.clientcertificatecredential.-ctor)
+- [C#](./howto-use-aad-in-csharp)
+- [Python](./howto-use-aad-in-python)
+- [Java](./howto-use-aad-in-java)
+- [JavaScript](./howto-use-aad-in-javascript)
 
 ## Next steps
 

articles/azure-web-pubsub/howto-authorize-from-managed-identity.md

@@ -92,41 +92,14 @@ To learn more about how to assign and manage Azure role assignments, see these a
 - [Assign Azure roles using Azure CLI](../role-based-access-control/role-assignments-cli.md)
 - [Assign Azure roles using Azure Resource Manager templates](../role-based-access-control/role-assignments-template.md)
 
-## Sample codes while configuring your server
+## Sample codes
 
-### Using system-assigned identity
+We officially support 4 programming languages:
 
-You can use either [DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential) or [ManagedIdentityCredential](/dotnet/api/azure.identity.managedidentitycredential) to configure your Web PubSub endpoints while using system-assigned identity.
-
-However, the best practice is to use `ManagedIdentityCredential` directly.
-
-The system-assigned managed identity will be used by default, but **please make sure that you don't have configured any environment variables** that are preserved by [EnvironmentCredential](/dotnet/api/azure.identity.environmentcredential) if you were using `DefaultAzureCredential`. Otherwise it will fall back to use `EnvironmentCredential` to make the request and it will results to a `401 Unauthorized` response in most cases.
-
-Here is sample codes for C#.
-
-```C#
-var endpoint = new Uri("https://<resource1>.webpubsub.azure.com");
-var client = new WebPubSubServiceClient(endpoint, "hub", new ManagedIdentityCredential());
-```
-
-There are also samples for other supported languages, see [Java](), [JavaScript](), [Python]().
-
-### Using user-assigned identity
-
-Simply provide `ClientId` while creating the  `ManagedIdentityCredential` object.
-
-> [!IMPORTANT]
-> Use **Client Id**, not the Object (principal) ID even if they looked similar!
-
-Here is sample codes for C#.
-
-```C#
-var endpoint = new Uri("https://<resource1>.webpubsub.azure.com");
-var clientId = "<your user-assigned identity client id>";
-var client = new WebPubSubServiceClient(endpoint, "hub", new ManagedIdentityCredential(clientId));
-```
-
-There are also samples for other supported languages, see [Java](), [JavaScript](), [Python]().
+- [C#](./howto-use-aad-in-csharp)
+- [Python](./howto-use-aad-in-python)
+- [Java](./howto-use-aad-in-java)
+- [JavaScript](./howto-use-aad-in-javascript)
 
 ## Next steps
 

articles/azure-web-pubsub/howto-use-aad-in-csharp.md

@@ -0,0 +1,113 @@
+---
+title: How to use Azure Active Directory (AAD) in C#
+description: How to use Azure Active Directory (AAD) in C#
+author: terencefan
+
+ms.author: tefa
+ms.date: 11/15/2021
+ms.service: azure-web-pubsub
+ms.topic: how-to
+---
+
+# How to use Azure Active Directory (AAD) in C#
+
+## Requirements
+
+- Install [Azure.Identity](https://www.nuget.org/packages/Azure.Identity) from nuget.org.
+
+  ```bash
+  Install-Package Azure.Identity
+  ```
+
+- Install [Azure.Messaging.WebPubSub](https://www.nuget.org/packages/Azure.Messaging.WebPubSub) from nuget.org
+
+  ```bash
+  Install-Package Azure.Messaging.WebPubSub 
+  ```
+
+## Sample codes
+
+1. Create a `TokenCredential` with Azure Identity SDK.
+
+    ```C#
+    using Azure.Identity
+
+    namespace chatapp 
+    {
+        public class Program
+        {
+            public static void Main(string[] args)
+            {
+                var credential = new DefaultAzureCredential();
+            }
+        }
+    }
+    ```
+
+    `credential` can be any class that inherits from `TokenCredential` class.
+
+    - EnvironmentCredential
+    - ClientSecretCredential
+    - ClientCertificateCredential
+    - ManagedIdentityCredential
+    - VisualStudioCredential
+    - VisualStudioCodeCredential
+    - AzureCliCredential
+    - ...
+
+    To learn more, see [Azure Identity client library for .NET](/dotnet/api/overview/azure/identity-readme)
+
+2. Then create a `client` with `endpoint`, `hub`, and `credential`. 
+
+    ```C#
+    using Azure.Identity
+
+    public class Program
+    {
+        public static void Main(string[] args)
+        {
+            var credential = new DefaultAzureCredential();
+            var client = new WebPubSubServiceClient(new Uri("<endpoint>"), "<hub>", credential);
+        }
+    }
+    ```
+
+    Or inject it into `IServiceCollections` with our `BuilderExtensions`.
+
+    ```C#
+    using System;
+
+    using Azure.Identity;
+
+    using Microsoft.Extensions.Azure;
+    using Microsoft.Extensions.Configuration;
+    using Microsoft.Extensions.DependencyInjection;
+
+    namespace chatapp
+    {
+        public class Startup
+        {
+            public Startup(IConfiguration configuration)
+            {
+                Configuration = configuration;
+            }
+
+            public IConfiguration Configuration { get; }
+
+            public void ConfigureServices(IServiceCollection services)
+            {
+                services.AddAzureClients(builder =>
+                {
+                    var credential = new DefaultAzureCredential();
+                    builder.AddWebPubSubServiceClient(new Uri("<endpoint>"), "<hub>", credential);
+                });
+            }
+        }
+    }
+    ```
+
+3. Learn how to use this client, see [Azure Web PubSub service client library for .NET](/dotnet/api/overview/azure/messaging.webpubsub-readme-pre)
+
+## Complete sample
+
+- [Simple chatroom with AAD Auth](https://github.com/Azure/azure-webpubsub/tree/main/samples/csharp/chatapp-aad)

articles/azure-web-pubsub/howto-use-aad-in-java.md

@@ -0,0 +1,102 @@
+---
+title: How to use Azure Active Directory (AAD) in Java
+description: How to use Azure Active Directory (AAD) in Java
+author: terencefan
+
+ms.author: tefa
+ms.date: 11/15/2021
+ms.service: azure-web-pubsub
+ms.topic: how-to
+---
+
+# How to use Azure Active Directory (AAD) in Java
+
+## Requirements
+
+- Add [azure-identity](https://mvnrepository.com/artifact/com.azure/azure-identity) dependency in your `pom.xml`.
+
+  ```xml
+  <dependency>
+    <groupId>com.azure</groupId>
+    <artifactId>azure-identity</artifactId>
+    <version>1.4.1</version>
+  </dependency>
+  ```
+
+  > Latest version can be found on this [page](https://mvnrepository.com/artifact/com.azure/azure-identity)
+
+  See [Azure authentication with Java and Azure Identity](/azure/developer/java/sdk/identity) to learn more.
+
+- Add [azure-messaging-webpubsub]() dependency in your `pom.xml`.
+
+  ```xml
+  <dependency>
+      <groupId>com.azure</groupId>
+      <artifactId>azure-messaging-webpubsub</artifactId>
+      <version>1.0.0-beta.2</version>
+  </dependency>
+  ```
+
+  > Latest version can be found on this [page](https://mvnrepository.com/artifact/com.azure/azure-messaging-webpubsub)
+
+## Sample codes
+
+1. Create a `TokenCredential` with Azure Identity SDK.
+
+    ```java
+    package com.webpubsub.tutorial;
+
+    import com.azure.core.credential.TokenCredential;
+    import com.azure.identity.DefaultAzureCredentialBuilder;
+
+    public class App {
+
+        public static void main(String[] args) {
+            TokenCredential credential = new DefaultAzureCredentialBuilder().build();
+        }
+    }
+    ```
+
+    `credential` can be any class that inherits from `TokenCredential` class.
+
+    - EnvironmentCredential
+    - ClientSecretCredential
+    - ClientCertificateCredential
+    - ManagedIdentityCredential
+    - VisualStudioCredential
+    - VisualStudioCodeCredential
+    - AzureCliCredential
+    - ...
+
+    To learn more, see [Azure Identity client library for Java](/java/api/overview/azure/identity-readme)
+
+2. Then create a `client` with `endpoint`, `hub`, and `credential`. 
+
+    ```Java
+    package com.webpubsub.tutorial;
+
+    import com.azure.core.credential.TokenCredential;
+    import com.azure.identity.DefaultAzureCredentialBuilder;
+    import com.azure.messaging.webpubsub.WebPubSubServiceClient;
+    import com.azure.messaging.webpubsub.WebPubSubServiceClientBuilder;
+
+    public class App {
+        public static void main(String[] args) {
+
+            TokenCredential credential = new DefaultAzureCredentialBuilder().build();
+
+            // create the service client
+            WebPubSubServiceClient client = new WebPubSubServiceClientBuilder()
+                    .endpoint("<endpoint>")
+                    .credential(credential)
+                    .hub("<hub>")
+                    .buildClient();
+        }
+    }
+    ```
+
+3. Learn how to use this client, see [Azure Web PubSub service client library for Java](/java/api/overview/azure/messaging-webpubsub-readme)
+
+## Complete sample
+
+- [Simple chatroom with AAD Auth](https://github.com/Azure/azure-webpubsub/tree/main/samples/java/chatapp-aad)