address feedback

Author: Matthew Boentoro

sdk/postgresql/postgresql-auth/CHANGELOG.md

@@ -4,8 +4,8 @@
 
 ### Features Added
 
-- Added `getEntraTokenPassword` function for acquiring Entra ID tokens as PostgreSQL passwords.
-- Added `configureEntraIdAuth` function for automatic Sequelize Entra ID authentication via `beforeConnect` hook.
+- Added `entraTokenProvider` function for acquiring Entra ID tokens as PostgreSQL passwords.
+- Added `configureEntraAuthentication` function for automatic Sequelize Entra ID authentication via `beforeConnect` hook.
 - Support for `pg` (node-postgres) and Sequelize clients as optional peer dependencies.
 
 ### Breaking Changes

sdk/postgresql/postgresql-auth/README.md

@@ -42,37 +42,37 @@ npm install @azure/identity sequelize pg
 
 This library provides two functions for integrating Entra ID authentication with PostgreSQL:
 
-- **`getEntraTokenPassword`** — Acquires an Entra ID access token and returns it as a string suitable for use as a PostgreSQL password. Use this with `pg.Pool` or `pg.Client`.
-- **`configureEntraIdAuth`** — Registers a `beforeConnect` hook on a Sequelize instance that automatically acquires a fresh token and sets the username/password before each new connection.
+- **`entraTokenProvider`** — Acquires an Entra ID access token and returns it as a string suitable for use as a PostgreSQL password. Use this with `pg.Pool` or `pg.Client`.
+- **`configureEntraAuthentication`** — Registers a `beforeConnect` hook on a Sequelize instance that automatically acquires a fresh token and sets the username/password before each new connection.
 
 Both functions accept an Azure `TokenCredential` (from `@azure/identity`) and handle token acquisition against the Azure Database for PostgreSQL scope.
 
 ## Examples
 
 ### Using with node-postgres (`pg`)
 
-```ts snippet:GetEntraTokenPassword
+```ts snippet:entraTokenProvider
 import { DefaultAzureCredential } from "@azure/identity";
 
-const { getEntraTokenPassword } = await import("@azure/postgresql-auth");
+const { entraTokenProvider } = await import("@azure/postgresql-auth");
 const pg = await import("pg");
 const credential = new DefaultAzureCredential();
 const pool = new pg.Pool({
   host: process.env.PGHOST,
   port: Number(process.env.PGPORT || 5432),
   database: process.env.PGDATABASE,
   user: process.env.PGUSER,
-  password: () => getEntraTokenPassword(credential),
+  password: () => entraTokenProvider(credential),
   ssl: { rejectUnauthorized: true },
 });
 ```
 
 ### Using with Sequelize
 
-```ts snippet:ConfigureEntraIdAuth
+```ts snippet:configureEntraAuthentication
 import { DefaultAzureCredential } from "@azure/identity";
 
-const { configureEntraIdAuth } = await import("@azure/postgresql-auth");
+const { configureEntraAuthentication } = await import("@azure/postgresql-auth");
 const { Sequelize } = await import("sequelize");
 const sequelize = new Sequelize({
   dialect: "postgres",
@@ -81,7 +81,7 @@ const sequelize = new Sequelize({
   database: process.env.PGDATABASE,
 });
 const credential = new DefaultAzureCredential();
-configureEntraIdAuth(sequelize, credential);
+configureEntraAuthentication(sequelize, credential);
 await sequelize.authenticate();
 ```
 

sdk/postgresql/postgresql-auth/review/postgresql-auth-node.api.md

@@ -7,15 +7,15 @@
 import type { TokenCredential } from '@azure/core-auth';
 
 // @public
-export function configureEntraIdAuth(sequelizeInstance: SequelizeBeforeConnectHook, credential: TokenCredential, options?: ConfigureEntraIdAuthOptions): typeof sequelizeInstance;
+export function configureEntraAuthentication(sequelizeInstance: SequelizeBeforeConnectHook, credential: TokenCredential, options?: ConfigureEntraIdAuthOptions): typeof sequelizeInstance;
 
 // @public
 export interface ConfigureEntraIdAuthOptions {
     fallbackUsername?: string;
 }
 
 // @public
-export function getEntraTokenPassword(credential: TokenCredential, options?: GetEntraTokenPasswordOptions): Promise<string>;
+export function entraTokenProvider(credential: TokenCredential, options?: GetEntraTokenPasswordOptions): Promise<string>;
 
 // @public
 export interface GetEntraTokenPasswordOptions {

sdk/postgresql/postgresql-auth/samples/v1-beta/javascript/pgConnection.js

@@ -8,7 +8,7 @@
 
 const pg = require("pg");
 const { DefaultAzureCredential } = require("@azure/identity");
-const { getEntraTokenPassword } = require("@azure/postgresql-auth");
+const { entraTokenProvider } = require("@azure/postgresql-auth");
 const dotenv = require("dotenv");
 
 dotenv.config();
@@ -26,7 +26,7 @@ async function main() {
     port: Number(process.env.PGPORT || 5432),
     database: process.env.PGDATABASE,
     user: process.env.PGUSER,
-    password: () => getEntraTokenPassword(credential),
+    password: () => entraTokenProvider(credential),
     ssl: { rejectUnauthorized: true },
     connectionTimeoutMillis: 20000,
     idleTimeoutMillis: 30000,

sdk/postgresql/postgresql-auth/samples/v1-beta/javascript/sequelizeConnection.js

@@ -8,7 +8,7 @@
 
 const { Sequelize } = require("sequelize");
 const { DefaultAzureCredential } = require("@azure/identity");
-const { configureEntraIdAuth } = require("@azure/postgresql-auth");
+const { configureEntraAuthentication } = require("@azure/postgresql-auth");
 const dotenv = require("dotenv");
 
 dotenv.config();
@@ -28,7 +28,7 @@ async function main() {
 
   // Register the Entra ID `beforeConnect` hook.
   // This automatically sets the username and password on each new connection.
-  configureEntraIdAuth(sequelize, credential);
+  configureEntraAuthentication(sequelize, credential);
 
   try {
     console.log("Connecting to Azure Database for PostgreSQL via Sequelize...");

sdk/postgresql/postgresql-auth/samples/v1-beta/typescript/src/pgConnection.ts

@@ -8,7 +8,7 @@
 
 import pg from "pg";
 import { DefaultAzureCredential } from "@azure/identity";
-import { getEntraTokenPassword } from "@azure/postgresql-auth";
+import { entraTokenProvider } from "@azure/postgresql-auth";
 import dotenv from "dotenv";
 
 dotenv.config();
@@ -26,7 +26,7 @@ async function main(): Promise<void> {
     port: Number(process.env.PGPORT || 5432),
     database: process.env.PGDATABASE,
     user: process.env.PGUSER,
-    password: () => getEntraTokenPassword(credential),
+    password: () => entraTokenProvider(credential),
     ssl: { rejectUnauthorized: true },
     connectionTimeoutMillis: 20000,
     idleTimeoutMillis: 30000,

sdk/postgresql/postgresql-auth/samples/v1-beta/typescript/src/sequelizeConnection.ts

@@ -8,7 +8,7 @@
 
 import { Sequelize } from "sequelize";
 import { DefaultAzureCredential } from "@azure/identity";
-import { configureEntraIdAuth } from "@azure/postgresql-auth";
+import { configureEntraAuthentication } from "@azure/postgresql-auth";
 import dotenv from "dotenv";
 
 dotenv.config();
@@ -28,7 +28,7 @@ async function main(): Promise<void> {
 
   // Register the Entra ID `beforeConnect` hook.
   // This automatically sets the username and password on each new connection.
-  configureEntraIdAuth(sequelize, credential);
+  configureEntraAuthentication(sequelize, credential);
 
   try {
     console.log("Connecting to Azure Database for PostgreSQL via Sequelize...");

sdk/postgresql/postgresql-auth/src/entraConnection.ts

@@ -5,7 +5,7 @@ import type { TokenCredential } from "@azure/core-auth";
 import { logger } from "./logger.js";
 
 /**
- * Options for {@link getEntraTokenPassword}.
+ * Options for {@link entraTokenProvider}.
  */
 export interface GetEntraTokenPasswordOptions {
   /**
@@ -104,10 +104,10 @@ function decodeJwtToken(token: string): DecodedJwtPayload | null {
  * @returns The same Sequelize instance, for chaining.
  *
  * @example
- * ```ts snippet:ConfigureEntraIdAuth
+ * ```ts snippet:configureEntraAuthentication
  * import { DefaultAzureCredential } from "@azure/identity";
  *
- * const { configureEntraIdAuth } = await import("@azure/postgresql-auth");
+ * const { configureEntraAuthentication } = await import("@azure/postgresql-auth");
  * const { Sequelize } = await import("sequelize");
  * const sequelize = new Sequelize({
  *   dialect: "postgres",
@@ -116,11 +116,11 @@ function decodeJwtToken(token: string): DecodedJwtPayload | null {
  *   database: process.env.PGDATABASE,
  * });
  * const credential = new DefaultAzureCredential();
- * configureEntraIdAuth(sequelize, credential);
+ * configureEntraAuthentication(sequelize, credential);
  * await sequelize.authenticate();
  * ```
  */
-export function configureEntraIdAuth(
+export function configureEntraAuthentication(
   sequelizeInstance: SequelizeBeforeConnectHook,
   credential: TokenCredential,
   options: ConfigureEntraIdAuthOptions = {},
@@ -133,7 +133,7 @@ export function configureEntraIdAuth(
   // Runs before every new connection is created by Sequelize
   sequelizeInstance.beforeConnect(async (config: { username?: string; password?: string }) => {
     logger.info("Fetching Entra ID access token...");
-    const token = await getEntraTokenPassword(credential);
+    const token = await entraTokenProvider(credential);
 
     // Derive username from token if you want (optional):
     const claims = decodeJwtToken(token);
@@ -163,23 +163,23 @@ export function configureEntraIdAuth(
  * @returns A promise that resolves to the access token string.
  *
  * @example
- * ```ts snippet:GetEntraTokenPassword
+ * ```ts snippet:entraTokenProvider
  * import { DefaultAzureCredential } from "@azure/identity";
  *
- * const { getEntraTokenPassword } = await import("@azure/postgresql-auth");
+ * const { entraTokenProvider } = await import("@azure/postgresql-auth");
  * const pg = await import("pg");
  * const credential = new DefaultAzureCredential();
  * const pool = new pg.Pool({
  *   host: process.env.PGHOST,
  *   port: Number(process.env.PGPORT || 5432),
  *   database: process.env.PGDATABASE,
  *   user: process.env.PGUSER,
- *   password: () => getEntraTokenPassword(credential),
+ *   password: () => entraTokenProvider(credential),
  *   ssl: { rejectUnauthorized: true },
  * });
  * ```
  */
-export async function getEntraTokenPassword(
+export async function entraTokenProvider(
   credential: TokenCredential,
   options: GetEntraTokenPasswordOptions = {},
 ): Promise<string> {

sdk/postgresql/postgresql-auth/src/index.ts

@@ -10,7 +10,7 @@
  *
  * @packageDocumentation
  */
-export { configureEntraIdAuth, getEntraTokenPassword } from "./entraConnection.js";
+export { configureEntraAuthentication, entraTokenProvider } from "./entraConnection.js";
 export type {
   ConfigureEntraIdAuthOptions,
   GetEntraTokenPasswordOptions,

sdk/postgresql/postgresql-auth/test/public/configureEntraIdAuth.spec.ts

@@ -2,7 +2,7 @@
 // Licensed under the MIT License.
 
 import { describe, it, expect, vi, afterEach } from "vitest";
-import { configureEntraIdAuth } from "@azure/postgresql-auth";
+import { configureEntraAuthentication } from "@azure/postgresql-auth";
 import {
   createValidJwtToken,
   createJwtTokenWithAppId,
@@ -17,14 +17,14 @@ afterEach(() => {
   vi.unstubAllEnvs();
 });
 
-describe("configureEntraIdAuth", () => {
+describe("configureEntraAuthentication", () => {
   describe("hook registration", () => {
     it("should register a beforeConnect callback on the sequelize instance", () => {
       const mock = createMockSequelizeInstance();
       const token = createValidJwtToken(TEST_USERS.ENTRA_USER);
       const credential = new TestTokenCredential(token);
 
-      configureEntraIdAuth(mock, credential);
+      configureEntraAuthentication(mock, credential);
 
       expect(mock.capturedCallback).toBeDefined();
       expect(typeof mock.capturedCallback).toBe("function");
@@ -35,7 +35,7 @@ describe("configureEntraIdAuth", () => {
       const token = createValidJwtToken(TEST_USERS.ENTRA_USER);
       const credential = new TestTokenCredential(token);
 
-      const result = configureEntraIdAuth(mock, credential);
+      const result = configureEntraAuthentication(mock, credential);
 
       expect(result).toBe(mock);
     });
@@ -44,7 +44,7 @@ describe("configureEntraIdAuth", () => {
       const mock = createMockSequelizeInstance();
 
       // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      expect(() => configureEntraIdAuth(mock, null as any)).toThrow("credential is required");
+      expect(() => configureEntraAuthentication(mock, null as any)).toThrow("credential is required");
     });
   });
 
@@ -54,7 +54,7 @@ describe("configureEntraIdAuth", () => {
       const token = createValidJwtToken(TEST_USERS.ENTRA_USER);
       const credential = new TestTokenCredential(token);
 
-      configureEntraIdAuth(mock, credential);
+      configureEntraAuthentication(mock, credential);
 
       const config: { username?: string; password?: string } = {};
       await mock.capturedCallback!(config);
@@ -68,7 +68,7 @@ describe("configureEntraIdAuth", () => {
       const token = createValidJwtToken(TEST_USERS.ENTRA_USER);
       const credential = new TestTokenCredential(token);
 
-      configureEntraIdAuth(mock, credential);
+      configureEntraAuthentication(mock, credential);
 
       const config = { username: "old-user", password: "old-password" };
       await mock.capturedCallback!(config);
@@ -86,7 +86,7 @@ describe("configureEntraIdAuth", () => {
       const token = createJwtTokenWithAppId(TEST_USERS.MANAGED_IDENTITY_APP_ID);
       const credential = new TestTokenCredential(token);
 
-      configureEntraIdAuth(mock, credential);
+      configureEntraAuthentication(mock, credential);
 
       const config: { username?: string; password?: string } = {};
       await mock.capturedCallback!(config);
@@ -108,7 +108,7 @@ describe("configureEntraIdAuth", () => {
       const credential = new TestTokenCredential(token);
       const mock = createMockSequelizeInstance();
 
-      configureEntraIdAuth(mock, credential, {
+      configureEntraAuthentication(mock, credential, {
         fallbackUsername: TEST_USERS.FALLBACK_USER,
       });
 
@@ -132,7 +132,7 @@ describe("configureEntraIdAuth", () => {
       const credential = new TestTokenCredential(token);
       const mock = createMockSequelizeInstance();
 
-      configureEntraIdAuth(mock, credential);
+      configureEntraAuthentication(mock, credential);
 
       const config: { username?: string; password?: string } = {};
       await mock.capturedCallback!(config);
@@ -153,7 +153,7 @@ describe("configureEntraIdAuth", () => {
       const credential = new TestTokenCredential(token);
       const mock = createMockSequelizeInstance();
 
-      configureEntraIdAuth(mock, credential);
+      configureEntraAuthentication(mock, credential);
 
       const config: { username?: string; password?: string } = {};
       await expect(mock.capturedCallback!(config)).rejects.toThrow(
@@ -167,7 +167,7 @@ describe("configureEntraIdAuth", () => {
       const mock = createMockSequelizeInstance();
       const credential = new FailingTokenCredential("Simulated auth failure");
 
-      configureEntraIdAuth(mock, credential);
+      configureEntraAuthentication(mock, credential);
 
       const config: { username?: string; password?: string } = {};
       await expect(mock.capturedCallback!(config)).rejects.toThrow("Simulated auth failure");
@@ -181,7 +181,7 @@ describe("configureEntraIdAuth", () => {
       const credential = new TestTokenCredential(badToken);
       const mock = createMockSequelizeInstance();
 
-      configureEntraIdAuth(mock, credential);
+      configureEntraAuthentication(mock, credential);
 
       const config: { username?: string; password?: string } = {};
       // With no upn/appid/fallback, this should fail to determine a username
@@ -197,7 +197,7 @@ describe("configureEntraIdAuth", () => {
       const token = createValidJwtToken(TEST_USERS.ENTRA_USER);
       const credential = new TestTokenCredential(token);
 
-      configureEntraIdAuth(mock, credential);
+      configureEntraAuthentication(mock, credential);
 
       const config1: { username?: string; password?: string } = {};
       await mock.capturedCallback!(config1);