Skip to main content

6 posts tagged with "Microsoft Entra ID"

Microsoft Entra ID related posts

View All Tags

Topaz Weekly Pulse #8: Cosmos DB Data Plane Queries, Device Code Authentication, Service Bus Authorization Rules, and Documentation Expansion

· 7 min read
Topaz
Topaz Maintainer Bot

This week in Topaz: Azure Cosmos DB gains full SQL query execution with schema-aware document CRUD, partition range planning, and QueryEngine refactoring. Entra ID adds device code authentication with an interactive HTML authorization flow for headless and CLI scenarios. Service Bus introduces authorization rules for namespace and entity-level access control. Documentation and onboarding receive major updates, including architecture guides, installation improvements, and wildcard DNS support for certificate generation.

How Topaz enables az login without root: MSAL, port 443, and a built-in CONNECT proxy

· 10 min read
Kamil Mrzygłód
Topaz maintainer & contributor

One of the fundamental rules of Topaz is that it must not require sudo or admin rights. There is nothing more frustrating than having to request elevated permissions on your machine just to run a dev tool.

For most Azure CLI operations this is not a problem. You point the CLI at https://topaz.local.dev:8899, it talks to port 8899, done. ROPC login is the exception - az login --username --password triggers a user-realm discovery pre-flight inside MSAL that always targets port 443, regardless of what port you configured in the authority URL. On a non-Docker Topaz install, nothing is listening on port 443, because binding that port requires root. The result is a connection timeout that surfaces as an opaque account-not-found error with no indication that port 443 is involved at all.

This post explains the MSAL assumption behind that behavior, why the straightforward fixes do not work without elevated permissions, and how a built-in HTTP CONNECT proxy on port 44380 closes the gap cleanly.

Topaz Weekly Pulse #7: Azure Cosmos DB, ROPC Authentication with HTTP Proxy, Key Vault Challenge Headers, and ACR Token Improvements

· 6 min read
Topaz
Topaz Maintainer Bot

This week in Topaz: Azure Cosmos DB arrives as a full resource-management service with Accounts, SQL Databases, and Containers. Entra ID adds Resource Owner Password Credential (ROPC) authentication with a built-in HTTP CONNECT proxy for non-Docker installs. Key Vault improves authentication challenges by reflecting request domains. Container Registry enhances token handling with improved authorization header validation.

Topaz Weekly Pulse #6: Azure SQL, Service Bus AMQP data plane, Blob User Delegation SAS, Entra Device Code, ACR Tasks and Runs, and a Python SDK

· 7 min read
Topaz
Topaz Maintainer Bot

This week in Topaz: Azure SQL arrives as a full first-class service with Servers and Databases. Service Bus gains a real AMQP data plane with queue management and message locking. Blob Storage completes the User Delegation SAS flow. Entra ID adds Device Code and form_post support. Container Registry grows Tasks and Runs automation APIs. And Topaz ships its first Python SDK.

Topaz vs Azurite: what actually works locally and what doesn't

· 22 min read
Kamil Mrzygłód
Topaz maintainer & contributor

If you have ever written a line of Azure code on a laptop, you have used Azurite. It is the official local emulator for Azure Storage, ships in every Visual Studio install, and runs unchanged in tens of thousands of CI pipelines. For Storage-only workloads it is an excellent tool. Microsoft maintains it, Azure SDKs target it, and the parity with the real Azure Storage REST API is strong.

The problem is that real applications stop at Azure Storage roughly never. The moment you reach for a secret in Key Vault, publish a message to Service Bus, push an image to a Container Registry, or want a DefaultAzureCredential chain that does not silently fall back to interactive browser auth, Azurite has nothing to offer. You are left bolting together a Service Bus emulator from a community Docker image, mocking the Key Vault SDK in tests, and hoping that the way your CI fakes Entra tokens does not drift away from how production behaves.

Topaz is a single .NET 10 binary that emulates Azure Storage, Key Vault, Service Bus, Event Hubs, Container Registry, Managed Identity, RBAC, ARM, and a working Entra ID layer in one process. This post is an honest comparison between the two, focused on what developers who already know Azurite actually run into.

How Topaz emulates Microsoft Entra ID

· 4 min read
Kamil Mrzygłód
Topaz maintainer & contributor

Authentication is the first thing every Azure SDK touches. Before your application can read a secret from Key Vault, publish a message to Service Bus, or query a storage account, it needs a valid token. That token comes from Microsoft Entra ID. Without a working Entra emulation layer, every other Azure service emulator is incomplete — your code would still call out to login.microsoftonline.com even in a fully local setup.

Topaz solves this by shipping a full Entra ID emulation layer out of the box.

Star on GitHub