TsgcWSPClient_AMQP1 › Methods › PutCBSToken
Sends a Claims-Based Security (CBS) put-token request to the $cbs management link, authorising the given audience with the supplied token.
function PutCBSToken(const aLink: TsgcAMQP1SenderLink; const aName, aTokenType, aToken: string; const aExpiration: Integer = 3600; aTimeout: Integer = 10000): Boolean;| Name | Type | Description |
|---|---|---|
aLink | const TsgcAMQP1SenderLink | The $cbs sender link previously returned by CreateCBSLink. |
aName | const string | Audience / resource URI the token authorises (for Azure Service Bus: sb://ns.servicebus.windows.net/entity). |
aTokenType | const string | Token format advertised in the message type application-property — typically servicebus.windows.net:sastoken or servicebus.windows.net:jwt. |
aToken | const string | The actual token string (SAS signature or JWT) carried in the message body. |
aExpiration | const Integer | Token lifetime in seconds used to compute the expiration application-property and to schedule renewal. Default 3600. |
aTimeout | Integer | How long to wait (ms) for the $cbs management peer to reply with status-code 200 before returning false. Default 10000. |
True when $cbs returned status-code 200 (token accepted), False on timeout or any other reply status. (Boolean)
CBS is the authorisation mechanism Azure Service Bus and Event Hubs layer on top of AMQP 1.0: instead of embedding credentials in the SASL handshake, the client attaches a pair of links to the reserved $cbs management node and pushes a "put-token" message containing a SAS signature or AAD JWT. The broker answers with a reply message whose status-code application-property is 200 on success. Call this method once per audience before attaching working links to the same entity — the token must be renewed before aExpiration elapses or future operations on that audience will be rejected.
oCbs := oAMQP1.CreateCBSLink('cbs_1', 'session_1');
oAMQP1.PutCBSToken(oCbs,
'sb://contoso.servicebus.windows.net/orders',
'servicebus.windows.net:sastoken',
sSasToken, 3600, 10000);