为了便于工作负荷开发人员访问 Fabric 公共 API,我们提供了提取调用的 FabricPlatformAPIClient 客户端。 此客户端主要通过 On-Behalf-Of(OBO)流,利用当前用户的凭据和权限来访问 Fabric API。
主要身份验证方法:代表(OBO)流
扩展性工具包围绕 On-Behalf-Of(OBO)流设计,这是访问 Fabric API 的建议和主要方法。 此流:
- 使用用户凭据:使用当前登录用户的权限进行作
- 维护安全上下文:确保用户只能访问他们有权访问的资源
- 简化开发:无需管理服务主体凭据
- 遵循最佳做法:与 Microsoft Fabric 的安全模型保持一致
创建 FabricPlatformAPIClient
使用代理流(推荐)
import { getWorkloadClient } from "../controller/WorkloadClient";
import { FabricPlatformAPIClient } from "../clients/FabricPlatformAPIClient";
// Create the client using the workload client (uses current user's credentials via OBO flow)
const client = FabricPlatformAPIClient.create(getWorkloadClient());
使用服务主体(仅限高级场景)
注释
只需在高级方案中使用服务主体身份验证,无需用户上下文(例如后台处理或自动化工作流)即可访问 Fabric API。 对于大多数扩展性工具包工作负载,请改用 OBO 流。
import { FabricPlatformAPIClient } from "../clients/FabricPlatformAPIClient";
// Create with service principal authentication (advanced scenarios)
const client = FabricPlatformAPIClient.createWithServicePrincipal(
"your-client-id",
"your-client-secret",
"your-tenant-id"
);
示例:创建新项
下面是如何使用 OBO 流创建新笔记本项的示例(建议):
import { FabricPlatformAPIClient } from "../clients/FabricPlatformAPIClient";
import { getWorkloadClient } from "../controller/WorkloadClient";
async function createNewNotebook() {
try {
// Create the client using OBO flow with current user's credentials
const client = FabricPlatformAPIClient.create(getWorkloadClient());
// Get the current workspace ID
const workspace = await client.workspaces.getCurrentWorkspace();
const workspaceId = workspace.id;
// Create a new notebook item
const newItem = await client.items.createItem(workspaceId, {
displayName: "My New Notebook",
description: "Created via FabricPlatformAPIClient",
type: "Notebook", // Item type code
// Optional: Specify folder ID if you want to create in a specific folder
// folderId: "your-folder-id",
// Optional: Add item-specific creation properties
creationPayload: {
notebookDefaultLanguage: "python"
}
});
console.log("Created new item:", newItem);
return newItem;
} catch (error) {
console.error("Error creating item:", error);
throw error;
}
}
示例:创建具有定义的项目
对于需要定义(如 Lakehouse)的更复杂的项,可以使用 OBO 流包括定义:
async function createLakehouse() {
// Create the client using OBO flow with current user's credentials
const client = FabricPlatformAPIClient.create(getWorkloadClient());
const workspace = await client.workspaces.getCurrentWorkspace();
const newLakehouse = await client.items.createItem(workspace.id, {
displayName: "My New Lakehouse",
description: "Sample Lakehouse created programmatically",
type: "Lakehouse",
definition: {
format: "json",
parts: [
{
path: "definition/settings.json",
content: JSON.stringify({
schemaVersion: "1.0",
// Lakehouse-specific settings
settings: {
defaultDatabase: "MyDatabase"
}
})
}
]
}
});
return newLakehouse;
}
}
与其他 Fabric 资源一起工作
FabricPlatformAPIClient 使用 OBO 流提供对各种 Fabric 资源的访问:
// Create the client using OBO flow with current user's credentials
const client = FabricPlatformAPIClient.create(getWorkloadClient());
// List all workspaces the user has access to
const workspaces = await client.workspaces.listWorkspaces();
// Get workspace capacities
const capacities = await client.capacities.listCapacities();
// Work with OneLake (with user's permissions)
const tables = await client.oneLake.listTables(workspaceId, lakehouseId);
// Work with connections (scoped to user's access)
const connections = await client.connections.listConnections(workspaceId);
将 FabricPlatformAPIClient 与 OBO Flow 配合使用的主要优势
- 安全性:所有作都遵循当前用户的权限和安全上下文
- 简单性:无需管理服务主体凭据或身份验证流
- 一致性:与扩展性工具包的前端专用架构无缝兼容地工作
- 可审核性:所有操作均在实际用户帐户下执行并记录
- 最佳做法:遵循 Microsoft 针对扩展性方案中 Fabric API 访问推荐的模式