Add Entra ID token provider for Npgsql to authenticate managed identities in Azure

tjementum · tjementum · commit 53c36e96102b · 2026-03-16T19:41:00.000+01:00
diff --git a/application/shared-kernel/SharedKernel/Configuration/SharedInfrastructureConfiguration.cs b/application/shared-kernel/SharedKernel/Configuration/SharedInfrastructureConfiguration.cs
@@ -7,6 +7,7 @@
 using Microsoft.ApplicationInsights.Extensibility;
 using Microsoft.AspNetCore.Http;
 using Microsoft.EntityFrameworkCore;
+using Npgsql;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
@@ -85,8 +86,20 @@ private IHostApplicationBuilder ConfigureDatabaseContext<T>(string connectionNam
                 ? Environment.GetEnvironmentVariable("DATABASE_CONNECTION_STRING")
                 : builder.Configuration.GetConnectionString(connectionName);
 
+            var dataSourceBuilder = new NpgsqlDataSourceBuilder(connectionString);
+            if (IsRunningInAzure)
+            {
+                var credential = new DefaultAzureCredential();
+                dataSourceBuilder.UsePeriodicPasswordProvider(async (_, cancellationToken) =>
+                {
+                    var token = await credential.GetTokenAsync(new Azure.Core.TokenRequestContext(["https://ossrdbms-aad.database.windows.net/.default"]), cancellationToken);
+                    return token.Token;
+                }, TimeSpan.FromMinutes(30), TimeSpan.FromSeconds(5));
+            }
+
+            var dataSource = dataSourceBuilder.Build();
             builder.Services.AddDbContext<T>(options =>
-                options.UseNpgsql(connectionString, o => o.MigrationsHistoryTable("__ef_migrations_history")).UseSnakeCaseNamingConvention()
+                options.UseNpgsql(dataSource, o => o.MigrationsHistoryTable("__ef_migrations_history")).UseSnakeCaseNamingConvention()
             );
 
             return builder;
