feat: Add Microsoft Entra ID authentication support for Redis and Azure OpenAI

- Implement Entra ID authentication mechanism for Redis connections
- Add dynamic support for Azure OpenAI authentication via Entra ID
- Create EntraIDConfiguration for automatic JedisConnectionFactory creation
- Add Azure Identity dependency for Entra ID integration
- Refactor Azure client properties under a unified structure
- Improve OpenAI configuration with response timeout setting
- Centralize Spring AI properties and embedding model creation
- Update Spring Boot auto-configuration
- Preserve TDigest implementation compatibility

Author: Luigi Fugaro

redis-om-spring/pom.xml

@@ -7,7 +7,7 @@
 
     <groupId>com.redis.om</groupId>
     <artifactId>redis-om-spring</artifactId>
-    <version>0.9.12-SNAPSHOT</version>
+    <version>0.9.13-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <name>redis-om-spring</name>

redis-om-spring/src/main/java/com/redis/om/spring/EntraIDConfiguration.java

@@ -0,0 +1,162 @@
+package com.redis.om.spring;
+
+import com.azure.core.credential.AccessToken;
+import com.azure.core.credential.TokenCredential;
+import com.azure.core.credential.TokenRequestContext;
+import com.azure.core.util.CoreUtils;
+import com.azure.identity.DefaultAzureCredential;
+import com.azure.identity.DefaultAzureCredentialBuilder;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisStandaloneConfiguration;
+import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
+import redis.clients.jedis.Jedis;
+
+import java.time.Duration;
+import java.time.OffsetDateTime;
+import java.util.Timer;
+import java.util.TimerTask;
+import java.util.concurrent.ThreadLocalRandom;
+
+@Configuration(proxyBeanMethods = false)
+@EnableConfigurationProperties({ RedisOMProperties.class })
+@ConditionalOnProperty(name = "redis.om.spring.authentication.entra-id.enabled", havingValue = "true", matchIfMissing = false)
+public class EntraIDConfiguration {
+
+  private static final Log logger = LogFactory.getLog(EntraIDConfiguration.class);
+
+  @Value("${spring.data.redis.host}")
+  private String host;
+  @Value("${spring.data.redis.port}")
+  private int port;
+  @Value("${redis.om.spring.authentication.entra-id.enabled}")
+  private String clientType;
+
+  public EntraIDConfiguration() {
+    logger.info("EntraIDConfiguration initialized");
+    logger.info("Redis host: " + host);
+    logger.info("Redis port: " + port);
+    logger.info("Redis client type: " + clientType);
+  }
+
+  @Bean
+  public JedisConnectionFactory jedisConnectionFactory() {
+    logger.info("Creating JedisConnectionFactory for Entra ID authentication");
+    
+    // Create DefaultAzureCredential
+    DefaultAzureCredential defaultAzureCredential = new DefaultAzureCredentialBuilder().build();
+    TokenRequestContext trc = new TokenRequestContext().addScopes("https://redis.azure.com/.default");
+    TokenRefreshCache tokenRefreshCache = new TokenRefreshCache(defaultAzureCredential, trc);
+    AccessToken accessToken = tokenRefreshCache.getAccessToken();
+
+    boolean useSsl = true;
+    String token = accessToken.getToken();
+    logger.trace("Token obtained successfully: \n" + token);
+    String username = extractUsernameFromToken(token);
+    logger.debug("Username extracted from token: " + username);
+
+    JedisConnectionFactory jedisConnectionFactory = new JedisConnectionFactory(getRedisStandaloneConfiguration(username, token, useSsl));
+    jedisConnectionFactory.setConvertPipelineAndTxResults(false);
+    jedisConnectionFactory.setUseSsl(useSsl);
+    logger.info("JedisConnectionFactory for EntraID created successfully");
+    return jedisConnectionFactory;
+  }
+
+  private RedisStandaloneConfiguration getRedisStandaloneConfiguration(String username, String token, boolean useSsl) {
+    RedisStandaloneConfiguration redisStandaloneConfiguration = new RedisStandaloneConfiguration();
+    redisStandaloneConfiguration.setHostName(host);
+    redisStandaloneConfiguration.setPort(port);
+    redisStandaloneConfiguration.setUsername(username);
+    redisStandaloneConfiguration.setPassword(token);
+    return redisStandaloneConfiguration;
+  }
+
+  private String extractUsernameFromToken(String token) {
+    // The token is a JWT, and the username is in the "sub" claim
+    String[] parts = token.split("\\.");
+    if (parts.length != 3) {
+      throw new IllegalArgumentException("Invalid JWT token");
+    }
+
+    String payload = new String(java.util.Base64.getUrlDecoder().decode(parts[1]));
+    com.google.gson.JsonObject jsonObject = com.google.gson.JsonParser.parseString(payload).getAsJsonObject();
+    return jsonObject.get("sub").getAsString();
+  }
+
+  /**
+   * The token cache to store and proactively refresh the access token.
+   */
+  private class TokenRefreshCache {
+    private final TokenCredential tokenCredential;
+    private final TokenRequestContext tokenRequestContext;
+    private final Timer timer;
+    private volatile AccessToken accessToken;
+    private final Duration maxRefreshOffset = Duration.ofMinutes(5);
+    private final Duration baseRefreshOffset = Duration.ofMinutes(2);
+    private Jedis jedisInstanceToAuthenticate;
+    private String username;
+
+    /**
+     * Creates an instance of TokenRefreshCache
+     * @param tokenCredential the token credential to be used for authentication.
+     * @param tokenRequestContext the token request context to be used for authentication.
+     */
+    public TokenRefreshCache(TokenCredential tokenCredential, TokenRequestContext tokenRequestContext) {
+      this.tokenCredential = tokenCredential;
+      this.tokenRequestContext = tokenRequestContext;
+      this.timer = new Timer();
+    }
+
+    /**
+     * Gets the cached access token.
+     * @return the AccessToken
+     */
+    public AccessToken getAccessToken() {
+      if (accessToken != null) {
+        return  accessToken;
+      } else {
+        TokenRefreshTask tokenRefreshTask = new TokenRefreshTask();
+        accessToken = tokenCredential.getToken(tokenRequestContext).block();
+        timer.schedule(tokenRefreshTask, getTokenRefreshDelay());
+        return accessToken;
+      }
+    }
+
+    private class TokenRefreshTask extends TimerTask {
+      // Add your task here
+      public void run() {
+        accessToken = tokenCredential.getToken(tokenRequestContext).block();
+        username = extractUsernameFromToken(accessToken.getToken());
+        System.out.println("Refreshed Token with Expiry: " + accessToken.getExpiresAt().toEpochSecond());
+
+        if (jedisInstanceToAuthenticate != null && !CoreUtils.isNullOrEmpty(username)) {
+          jedisInstanceToAuthenticate.auth(username, accessToken.getToken());
+          System.out.println("Refreshed Jedis Connection with fresh access token, token expires at : "
+                  + accessToken.getExpiresAt().toEpochSecond());
+        }
+        timer.schedule(new TokenRefreshTask(), getTokenRefreshDelay());
+      }
+    }
+
+    private long getTokenRefreshDelay() {
+      return ((accessToken.getExpiresAt()
+              .minusSeconds(ThreadLocalRandom.current().nextLong(baseRefreshOffset.getSeconds(), maxRefreshOffset.getSeconds()))
+              .toEpochSecond() - OffsetDateTime.now().toEpochSecond()) * 1000);
+    }
+
+    /**
+     * Sets the Jedis to proactively authenticate before token expiry.
+     * @param jedisInstanceToAuthenticate the instance to authenticate
+     * @return the updated instance
+     */
+    public TokenRefreshCache setJedisInstanceToAuthenticate(Jedis jedisInstanceToAuthenticate) {
+      this.jedisInstanceToAuthenticate = jedisInstanceToAuthenticate;
+      return this;
+    }
+  }
+}

redis-om-spring/src/main/java/com/redis/om/spring/RedisOMAiProperties.java

@@ -13,8 +13,7 @@ public class RedisOMAiProperties {
   private int embeddingBatchSize = 1000;
   private final Djl djl = new Djl();
   private final OpenAi openAi = new OpenAi();
-  private final AzureOpenAi azureOpenAi = new AzureOpenAi();
-  private final AzureEntraId azureEntraId = new AzureEntraId();
+  private final AzureClients azure = new AzureClients();
   private final VertexAi vertexAi = new VertexAi();
   private final Aws aws = new Aws();
   private final Ollama ollama = new Ollama();
@@ -35,12 +34,8 @@ public OpenAi getOpenAi() {
     return openAi;
   }
 
-  public AzureOpenAi getAzureOpenAi() {
-    return azureOpenAi;
-  }
-
-  public AzureEntraId getAzureEntraId() {
-    return azureEntraId;
+  public AzureClients getAzure() {
+    return azure;
   }
 
   public VertexAi getVertexAi() {
@@ -252,6 +247,27 @@ public void setBaseUrl(String baseUrl) {
     }
   }
 
+  public static class AzureClients {
+    private AzureOpenAi openAi;
+    private AzureEntraId entraId;
+
+    public AzureOpenAi getOpenAi() {
+      return openAi;
+    }
+
+    public void setOpenAi(AzureOpenAi openAi) {
+      this.openAi = openAi;
+    }
+
+    public AzureEntraId getEntraId() {
+      return entraId;
+    }
+
+    public void setEntraId(AzureEntraId entraId) {
+      this.entraId = entraId;
+    }
+  }
+
   public static class AzureOpenAi {
     private String apiKey;
     private String endpoint;

redis-om-spring/src/main/java/com/redis/om/spring/RedisOMProperties.java

@@ -10,13 +10,20 @@
     prefix = "redis.om.spring", ignoreInvalidFields = true
 )
 public class RedisOMProperties {
-  public static final String ROMS_VERSION = "0.9.11-SNAPSHOT";
+  public static final String ROMS_VERSION = "0.9.13-SNAPSHOT";
   public static final int MAX_SEARCH_RESULTS = 10000;
   public static final double DEFAULT_DISTANCE = 0.0005;
   public static final Metrics DEFAULT_DISTANCE_METRIC = Metrics.MILES;
   // repository properties
   private final Repository repository = new Repository();
   private final References references = new References();
+  // Entra ID Authentication
+  private final Authentication authentication = new Authentication();
+
+  public Authentication getAuthentication() {
+    return authentication;
+  }
+
 
   public Repository getRepository() {
     return repository;
@@ -26,6 +33,39 @@ public References getReferences() {
     return references;
   }
 
+  public static class Authentication {
+    private EntraId entraId = new EntraId();
+
+    public EntraId getEntraId() {
+      return entraId;
+    }
+
+    public void setEntraId(EntraId entraId) {
+      this.entraId = entraId;
+    }
+  }
+
+  public static class EntraId {
+    private boolean enabled = false;
+    private String tenantId;
+
+    public boolean isEnabled() {
+      return enabled;
+    }
+
+    public void setEnabled(boolean enabled) {
+      this.enabled = enabled;
+    }
+
+    public String getTenantId() {
+      return tenantId;
+    }
+
+    public void setTenantId(String tenantId) {
+      this.tenantId = tenantId;
+    }
+  }
+
   public static class Repository {
     private final Query query = new Query();
     private boolean dropAndRecreateIndexOnDeleteAll = false;

redis-om-spring/src/main/java/com/redis/om/spring/client/RedisModulesClient.java

@@ -17,6 +17,7 @@
 import redis.clients.jedis.bloom.commands.TopKFilterCommands;
 import redis.clients.jedis.json.commands.RedisJsonCommands;
 import redis.clients.jedis.search.RediSearchCommands;
+import redis.clients.jedis.bloom.commands.TDigestSketchCommands;
 
 import java.util.Objects;
 import java.util.Optional;
@@ -61,6 +62,10 @@ public CuckooFilterCommands clientForCuckoo() {
   public TopKFilterCommands clientForTopK() {
     return unifiedJedis;
   }
+  
+  public TDigestSketchCommands clientForTDigest() {
+    return unifiedJedis;
+  }
 
   private UnifiedJedis getUnifiedJedis() {
 

redis-om-spring/src/main/java/com/redis/om/spring/ops/RedisModulesOperations.java

@@ -35,4 +35,8 @@ public CuckooFilterOperations<K> opsForCuckoFilter() {
   public TopKOperations<K> opsForTopK() {
     return new TopKOperationsImpl<>(client);
   }
+
+  public TDigestOperations<K> opsForTDigest() {
+    return new TDigestOperationsImpl<>(client);
+  }
 }