azure cosmos db : How to manage users'tokens and connection string for cosmos db

0
votes

On Azure cosmos DB, I want to have a user with access only to DATA plane (no CONTROL plane). Following the REST API (https://docs.microsoft.com/en-us/rest/api/cosmos-db/create-a-user) I am able to create a user then to grant him permissions. Now, I'm stuck with control of the Token. I can get it automatically when setting the permissions. But no more. Besides, why should it be included in the connection string Getting a permit, enables me to get the Token for example

"_token": "type=resource&ver=1&sig=/l3kOULV1Vjk+ZnBqUmzow==;dkMrrNO/x8YperU6omZmUmNcwPCXPmpWUFtB3HFFNlqxvGCJsx0tk2IjOPVYf/jV53fAxaBq9vrB7eXG5dgGAJWCTzm1A0L1Hi5FMeo5uxrDn3be3ySifJxKe0uby6eAQ4XrQUKHwGz14y9fkBxuHt8GoZlFEWo5hZHyuSv/hOvvxeM7N4BBIbEiToGiZjt+g6Gx5qvipGMd16X//EpvWs8EXHMUBqf4x0KR4WODiBs=;"

1
azuretokenazure-cosmosdbconnection-stringazure-rbac

1 Answers

0
votes

Tokens are only valid for an hour but you can override this and extend for up to five hours. Permissions

If you will be using resource tokens to manage access to Cosmos you will need to implement a token broker to manage this. There are two examples I can point you to.

Token broker for a Xamarin mobile app

Token broker created by Citrix in Java

Hope this is helpful.