TsgcWSPClient_AMQP1 › Methods › CreateAzureCbsJWT
Performs an Azure Active Directory OAuth 2.0 authorisation-code flow and pushes the resulting JWT bearer token to $cbs.
function CreateAzureCbsJWT(const aName, aNameSpace, aEntityName, aTenant, aApplicationId, aSecret: string; aListeningPort: Integer = 8080; const aExpiration: Integer = 3600; aTimeout: Integer = 10000; aRaiseIfError: Boolean = False): Boolean;| Name | Type | Description |
|---|---|---|
aName | const string | Identifier of the $cbs link previously attached with CreateCBSLink. |
aNameSpace | const string | Service Bus namespace host, e.g. contoso.servicebus.windows.net, used as the AAD resource / audience. |
aEntityName | const string | Entity path the bearer token should authorise (queue, topic or Event Hub); may be blank for namespace-wide tokens. |
aTenant | const string | Azure AD tenant id (GUID) or verified domain name the authority endpoint is targeted at. |
aApplicationId | const string | Client id of the registered Azure AD application (appId). |
aSecret | const string | Client secret configured on the registered application, used to exchange the authorisation code for a token. |
aListeningPort | Integer | Local TCP port the method opens to receive the OAuth 2.0 redirect that carries the authorisation code. Default 8080; must match the redirect URI registered in AAD (http://localhost:<port>). |
aExpiration | const Integer | Expiration (seconds) pushed to $cbs with the token. Default 3600; AAD also stamps its own exp claim. |
aTimeout | Integer | Milliseconds to wait for both the AAD round-trip and the $cbs put-token reply. Default 10000. |
aRaiseIfError | Boolean | When True the method raises if AAD or $cbs return an error; when False only the Boolean return reports failure. |
True when AAD issued a bearer token and $cbs accepted it with status-code 200, False on any failure. (Boolean)
This method wraps the interactive AAD flow: it opens the default browser at https://login.microsoftonline.com/<tenant>/oauth2/v2.0/authorize for the https://servicebus.azure.net/.default scope, spins up a tiny HTTP listener on aListeningPort to capture the authorisation code, exchanges the code at the token endpoint using aApplicationId/aSecret, then pushes the returned JWT to the $cbs management node with token-type servicebus.windows.net:jwt against the sb://NameSpace/EntityName audience. Use this variant when the Service Bus namespace is configured for Azure AD role-based authorisation instead of SAS keys — for pure SAS authorisation use CreateAzureCbsSasToken.
oAMQP1.CreateCBSLink('cbs_1', 'session_1');
oAMQP1.CreateAzureCbsJWT('cbs_1',
'contoso.servicebus.windows.net',
'orders',
'11111111-2222-3333-4444-555555555555',
'aaaa-bbbb-cccc-dddd',
'your-app-secret',
8080, 3600, 10000, True);