@azure/postgresql-auth package
Interfaces
| ConfigureEntraAuthenticationOptions |
Options for configuring Entra ID authentication with Sequelize. |
| EntraTokenProviderOptions |
Options for entraTokenProvider. |
| SequelizeBeforeConnectHook |
A structural type representing a Sequelize-like instance that supports
the |
Functions
| configure |
Configures a Sequelize instance to use Entra ID authentication. This function registers a Example |
| entra |
Creates a password provider function that acquires an Entra ID access token suitable for use as a PostgreSQL password. This function returns a callback that, when invoked, requests a token from the
provided <xref:TokenCredential> using the Azure Database for PostgreSQL scope.
The returned callback can be passed directly as the Example |
Function Details
configureEntraAuthentication(SequelizeBeforeConnectHook, TokenCredential, ConfigureEntraAuthenticationOptions)
Configures a Sequelize instance to use Entra ID authentication.
This function registers a beforeConnect hook on the Sequelize instance that
automatically acquires an Entra ID token before each new database connection.
The hook extracts the username from the JWT token claims (upn or appid)
and sets both the username and password on the connection config.
Example
import { DefaultAzureCredential } from "@azure/identity";
const { configureEntraAuthentication } = await import("@azure/postgresql-auth");
const { Sequelize } = await import("sequelize");
const sequelize = new Sequelize({
dialect: "postgres",
host: process.env.PGHOST,
port: Number(process.env.PGPORT || 5432),
database: process.env.PGDATABASE,
});
const credential = new DefaultAzureCredential();
configureEntraAuthentication(sequelize, credential);
await sequelize.authenticate();
function configureEntraAuthentication(sequelizeInstance: SequelizeBeforeConnectHook, credential: TokenCredential, options?: ConfigureEntraAuthenticationOptions)Parameters
- sequelizeInstance
- SequelizeBeforeConnectHook
The Sequelize instance to configure. Must support the
beforeConnect lifecycle hook.
- credential
- TokenCredential
An Azure <xref:TokenCredential> used to acquire tokens
(e.g., DefaultAzureCredential).
Optional configuration for the authentication behavior.
entraTokenProvider(TokenCredential, EntraTokenProviderOptions)
Creates a password provider function that acquires an Entra ID access token suitable for use as a PostgreSQL password.
This function returns a callback that, when invoked, requests a token from the
provided <xref:TokenCredential> using the Azure Database for PostgreSQL scope.
The returned callback can be passed directly as the password option for
pg.Client, pg.Pool, or similar PostgreSQL client configurations.
Example
import { DefaultAzureCredential } from "@azure/identity";
const { entraTokenProvider } = await import("@azure/postgresql-auth");
const pg = await import("pg");
const credential = new DefaultAzureCredential();
const pool = new pg.Pool({
host: process.env.PGHOST,
port: Number(process.env.PGPORT || 5432),
database: process.env.PGDATABASE,
user: process.env.PGUSER,
password: entraTokenProvider(credential),
ssl: { rejectUnauthorized: true },
});
function entraTokenProvider(credential: TokenCredential, options?: EntraTokenProviderOptions): () => Promise<string>Parameters
- credential
- TokenCredential
An Azure <xref:TokenCredential> used to acquire tokens
(e.g., DefaultAzureCredential).
- options
- EntraTokenProviderOptions
Optional settings such as a custom OAuth scope.
Returns
() => Promise<string>
A function that, when called, returns a promise resolving to the access token string.
