将承载令牌与azure-sdk-for-js一起使用

根据我的研究，如果我们使用V10版本SDK @ azure / storage-blob，我们可以直接使用Azure AD访问令牌来管理Azure Blob服务。因为sdk提供了类TokenCredential。我们可以使用代码const tokenCredential = new azure.TokenCredential("token")初始化凭据，然后使用它获取Blob。

例如

const azure = require("@azure/storage-blob"); 

async function getBlobContent(){

    const tokenCredential = new azure.TokenCredential("")
    const pipeline =  azure.StorageURL.newPipeline(tokenCredential)
    const serviceURL = new azure.ServiceURL(`https://jimtestperfdiag516.blob.core.windows.net`, pipeline);
    const containerURL = azure.ContainerURL.fromServiceURL(serviceURL, "test");
    const blockBlobURL = azure.BlockBlobURL.fromContainerURL(containerURL, "test.csv");
    const aborter=azure.Aborter.timeout(30* 60 * 1000)
    const downloadResponse = await blockBlobURL.download(aborter, 0);
    const downloadedContent = await streamToString(downloadResponse.readableStreamBody);
    console.log(`Downloaded blob content: "${downloadedContent}"`);



}

async function streamToString(readableStream) {
    return new Promise((resolve, reject) => {
      const chunks = [];
      readableStream.on("data", data => {
        chunks.push(data.toString());
      });
      readableStream.on("end", () => {
        resolve(chunks.join(""));
      });
      readableStream.on("error", reject);
    });
}

getBlobContent()
  .then(() => {
    console.log("Successfully executed sample.");
  })
  .catch((err) => {
    console.log(err.message);
  });

有关更多详细信息，请参阅https://www.npmjs.com/package/@azure/storage-blob/v/10.5.0和https://docs.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-nodejs-legacy。

此外，如果要使用Azure AD访问Azure Blob，我们需要将RABS角色（存储Blob数据所有者，存储Blob数据贡献者或存储Blob数据读取器）分配给用户或服务主体：https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad