Merge branch 'v1.12' of https://github.com/dapr/docs into v1.12

daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/_index.md

@@ -3,5 +3,5 @@ type: docs
 title: "Authenticate to Azure"
 linkTitle: "Authenticate to Azure"
 weight: 1600
-description: "Learn about authenticating Azure components using Azure Active Directory or Managed Identities"
+description: "Learn about authenticating Azure components using Microsoft Entra ID or Managed Identities"
 ---

daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/authenticating-azure.md

@@ -2,27 +2,27 @@
 type: docs
 title: "Authenticating to Azure"
 linkTitle: "Overview"
-description: "How to authenticate Azure components using Azure AD and/or Managed Identities"
+description: "How to authenticate Azure components using Microsoft Entra ID and/or Managed Identities"
 aliases:
   - "/operations/components/setup-secret-store/supported-secret-stores/azure-keyvault-managed-identity/"
   - "/reference/components-reference/supported-secret-stores/azure-keyvault-managed-identity/"
 weight: 10000
 ---
 
-Most Azure components for Dapr support authenticating with Azure AD (Azure Active Directory). Thanks to this:
+Most Azure components for Dapr support authenticating with Microsoft Entra ID. Thanks to this:
 
 - Administrators can leverage all the benefits of fine-tuned permissions with Azure Role-Based Access Control (RBAC).
 - Applications running on Azure services such as Azure Container Apps, Azure Kubernetes Service, Azure VMs, or any other Azure platform services can leverage [Managed Identities (MI)](https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview) and [Workload Identity](https://learn.microsoft.com/azure/aks/workload-identity-overview). These offer the ability to authenticate your applications without having to manage sensitive credentials.
 
-## About authentication with Azure AD
+## About authentication with Microsoft Entra ID
 
-Azure AD is Azure's identity and access management (IAM) solution, which is used to authenticate and authorize users and services.
+Microsoft Entra ID is Azure's identity and access management (IAM) solution, which is used to authenticate and authorize users and services.
 
-Azure AD is built on top of open standards such OAuth 2.0, which allows services (applications) to obtain access tokens to make requests to Azure services, including Azure Storage, Azure Service Bus, Azure Key Vault, Azure Cosmos DB, Azure Database for Postgres, Azure SQL, etc. 
+Microsoft Entra ID is built on top of open standards such OAuth 2.0, which allows services (applications) to obtain access tokens to make requests to Azure services, including Azure Storage, Azure Service Bus, Azure Key Vault, Azure Cosmos DB, Azure Database for Postgres, Azure SQL, etc. 
 
 > In Azure terminology, an application is also called a "Service Principal".
 
-Some Azure components offer alternative authentication methods, such as systems based on "shared keys" or "access tokens". Although these are valid and supported by Dapr, you should authenticate your Dapr components using Azure AD whenever possible to take advantage of many benefits, including:
+Some Azure components offer alternative authentication methods, such as systems based on "shared keys" or "access tokens". Although these are valid and supported by Dapr, you should authenticate your Dapr components using Microsoft Entra ID whenever possible to take advantage of many benefits, including:
 
 - [Managed Identities and Workload Identity](#managed-identities-and-workload-identity)
 - [Role-Based Access Control](#role-based-access-control)
@@ -31,7 +31,7 @@ Some Azure components offer alternative authentication methods, such as systems
 
 ### Managed Identities and Workload Identity
 
-With Managed Identities (MI), your application can authenticate with Azure AD and obtain an access token to make requests to Azure services. When your application is running on a supported Azure service (such as Azure VMs, Azure Container Apps, Azure Web Apps, etc), an identity for your application can be assigned at the infrastructure level.
+With Managed Identities (MI), your application can authenticate with Microsoft Entra ID and obtain an access token to make requests to Azure services. When your application is running on a supported Azure service (such as Azure VMs, Azure Container Apps, Azure Web Apps, etc), an identity for your application can be assigned at the infrastructure level.
 
 Once using MI, your code doesn't have to deal with credentials, which:
 
@@ -48,11 +48,11 @@ When using Azure Role-Based Access Control (RBAC) with supported services, permi
 
 ### Auditing
 
-Using Azure AD provides an improved auditing experience for access. Tenant administrators can consult audit logs to track authentication requests.
+Using Microsoft Entra ID provides an improved auditing experience for access. Tenant administrators can consult audit logs to track authentication requests.
 
 ### (Optional) Authentication using certificates
 
-While Azure AD allows you to use MI, you still have the option to authenticate using certificates.
+While Microsoft Entra ID allows you to use MI, you still have the option to authenticate using certificates.
 
 ## Support for other Azure environments
 
@@ -66,7 +66,7 @@ By default, Dapr components are configured to interact with Azure resources in t
 
 ## Credentials metadata fields
 
-To authenticate with Azure AD, you will need to add the following credentials as values in the metadata for your [Dapr component](#example-usage-in-a-dapr-component).
+To authenticate with Microsoft Entra ID, you will need to add the following credentials as values in the metadata for your [Dapr component](#example-usage-in-a-dapr-component).
 
 ### Metadata options
 
@@ -82,7 +82,7 @@ Depending on how you've passed credentials to your Dapr services, you have multi
 
 | Field               | Required | Details                              | Example                                      |
 |---------------------|----------|--------------------------------------|----------------------------------------------|
-| `azureTenantId`     | Y        | ID of the Azure AD tenant            | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"`     |
+| `azureTenantId`     | Y        | ID of the Microsoft Entra ID tenant            | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"`     |
 | `azureClientId`     | Y        | Client ID (application ID)           | `"c7dd251f-811f-4ba2-a905-acd4d3f8f08b"`     |
 | `azureClientSecret` | Y        | Client secret (application password) | `"Ecy3XG7zVZK3/vl/a2NSB+a1zXLa8RnMum/IgD0E"` |
 
@@ -92,7 +92,7 @@ When running on Kubernetes, you can also use references to Kubernetes secrets fo
 
 | Field | Required | Details | Example |
 |--------|--------|--------|--------|
-| `azureTenantId` | Y | ID of the Azure AD tenant | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"` |
+| `azureTenantId` | Y | ID of the Microsoft Entra ID tenant | `"cd4b2887-304c-47e1-b4d5-65447fdd542b"` |
 | `azureClientId` | Y | Client ID (application ID) | `"c7dd251f-811f-4ba2-a905-acd4d3f8f08b"` |
 | `azureCertificate` | One of `azureCertificate` and `azureCertificateFile` | Certificate and private key (in PFX/PKCS#12 format) | `"-----BEGIN PRIVATE KEY-----\n MIIEvgI... \n -----END PRIVATE KEY----- \n -----BEGIN CERTIFICATE----- \n MIICoTC... \n -----END CERTIFICATE-----` |
 | `azureCertificateFile` | One of `azureCertificate` and `azureCertificateFile` | Path to the PFX/PKCS#12 file containing the certificate and private key | `"/path/to/file.pem"` |
@@ -127,7 +127,7 @@ Using this authentication method does not require setting any metadata option.
 
 ### Example usage in a Dapr component
 
-In this example, you will set up an Azure Key Vault secret store component that uses Azure AD to authenticate.
+In this example, you will set up an Azure Key Vault secret store component that uses Microsoft Entra ID to authenticate.
 
 {{< tabs "Self-Hosted" "Kubernetes">}}
 
@@ -279,11 +279,11 @@ To use a **certificate**:
 
 ## Next steps
 
-{{< button text="Generate a new Azure AD application and Service Principal >>" page="howto-aad.md" >}}
+{{< button text="Generate a new Microsoft Entra ID application and Service Principal >>" page="howto-aad.md" >}}
 
 ## References
 
-- [Azure AD app credential: Azure CLI reference](https://docs.microsoft.com/cli/azure/ad/app/credential)
+- [Microsoft Entra ID app credential: Azure CLI reference](https://docs.microsoft.com/cli/azure/ad/app/credential)
 - [Azure Managed Service Identity (MSI) overview](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview)
 - [Secrets building block]({{< ref secrets >}})
 - [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}})

daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/howto-aad.md

@@ -1,9 +1,9 @@
 ---
 type: docs
-title: "How to: Generate a new Azure AD application and Service Principal"
-linkTitle: "How to: Generate Azure AD and Service Principal"
+title: "How to: Generate a new Microsoft Entra ID application and Service Principal"
+linkTitle: "How to: Generate Microsoft Entra ID and Service Principal"
 weight: 30000
-description: "Learn how to generate an Azure Active Directory and use it as a Service Principal"
+description: "Learn how to generate an Microsoft Entra ID and use it as a Service Principal"
 ---
 
 ## Prerequisites
@@ -23,9 +23,9 @@ az login
 az account set -s [your subscription id]
 ```
 
-### Create an Azure AD application
+### Create an Microsoft Entra ID application
 
-Create the Azure AD application with:
+Create the Microsoft Entra ID application with:
 
 ```sh
 # Friendly name for the application / Service Principal
@@ -107,7 +107,7 @@ When adding the returned values to your Dapr component's metadata:
 
 ### Create a Service Principal
 
-Once you have created an Azure AD application, create a Service Principal for that application. With this Service Principal, you can grant it access to Azure resources. 
+Once you have created an Microsoft Entra ID application, create a Service Principal for that application. With this Service Principal, you can grant it access to Azure resources. 
 
 To create the Service Principal, run the following command:
 
@@ -124,7 +124,7 @@ Expected output:
 Service Principal ID: 1d0ccf05-5427-4b5e-8eb4-005ac5f9f163
 ```
 
-The returned value above is the **Service Principal ID**, which is different from the Azure AD application ID (client ID). The Service Principal ID is defined within an Azure tenant and used to grant access to Azure resources to an application  
+The returned value above is the **Service Principal ID**, which is different from the Microsoft Entra ID application ID (client ID). The Service Principal ID is defined within an Azure tenant and used to grant access to Azure resources to an application  
 You'll use the Service Principal ID to grant permissions to an application to access Azure resources. 
 
 Meanwhile, **the client ID** is used by your application to authenticate. You'll use the client ID in Dapr manifests to configure authentication with Azure services.

daprdocs/content/en/developing-applications/integrations/Azure/azure-authentication/howto-mi.md

@@ -10,7 +10,7 @@ description: "Learn how to use Managed Identities"
 
 Using Managed Identities (MI), authentication happens automatically by virtue of your application running on top of an Azure service that has an assigned identity. 
 
-For example, let's say you enable a managed service identity for an Azure VM, Azure Container App, or an Azure Kubernetes Service cluster. When you do, an Azure AD application is created for you and automatically assigned to the service. Your Dapr services can then leverage that identity to authenticate with Azure AD, transparently and without you having to specify any credentials.
+For example, let's say you enable a managed service identity for an Azure VM, Azure Container App, or an Azure Kubernetes Service cluster. When you do, an Microsoft Entra ID application is created for you and automatically assigned to the service. Your Dapr services can then leverage that identity to authenticate with Microsoft Entra ID, transparently and without you having to specify any credentials.
 
 To get started with managed identities, you need to assign an identity to a new or existing Azure resource. The instructions depend on the service use. Check the following official documentation for the most appropriate instructions:
 

daprdocs/content/en/getting-started/quickstarts/cryptography-quickstart.md

@@ -23,7 +23,209 @@ This example uses the Dapr SDK, which leverages gRPC and is **strongly** recomme
 
 Currently, you can experience the cryptography API using the Go SDK.
 
-{{< tabs "Go" >}}
+{{< tabs "JavaScript" "Go" >}}
+
+ <!-- JavaScript -->
+{{% codetab %}}
+
+> This quickstart includes a JavaScript application called `crypto-quickstart`.
+
+### Pre-requisites
+
+For this example, you will need:
+
+- [Dapr CLI and initialized environment](https://docs.dapr.io/getting-started).
+- [Latest Node.js installed](https://nodejs.org/download/).
+<!-- IGNORE_LINKS -->
+- [Docker Desktop](https://www.docker.com/products/docker-desktop)
+<!-- END_IGNORE -->
+- [OpenSSL](https://www.openssl.org/source/) available on your system
+
+### Step 1: Set up the environment
+
+Clone the [sample provided in the Quickstarts repo](https://github.com/dapr/quickstarts/tree/master/cryptography)
+
+```bash
+git clone https://github.com/dapr/quickstarts.git
+```
+
+In the terminal, from the root directory, navigate to the cryptography sample.
+
+```bash
+cd cryptography/javascript/sdk
+```
+
+Navigate into the folder with the source code:
+
+```bash
+cd ./crypto-quickstart
+```
+
+Install the dependencies:
+
+```bash
+npm install
+```
+
+### Step 2: Run the application with Dapr
+
+The application code defines two required keys:
+
+- Private RSA key 
+- A 256-bit symmetric (AES) key
+
+Generate two keys, an RSA key and and AES key using OpenSSL and write these to two files:
+
+```bash
+mkdir -p keys
+# Generate a private RSA key, 4096-bit keys
+openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out keys/rsa-private-key.pem
+# Generate a 256-bit key for AES
+openssl rand -out keys/symmetric-key-256 32
+```
+
+Run the Go service app with Dapr:
+
+```bash
+dapr run --app-id crypto-quickstart --resources-path ../../../components/ -- npm start
+```
+
+**Expected output**
+
+```
+== APP == 2023-10-25T14:30:50.435Z INFO [GRPCClient, GRPCClient] Opening connection to 127.0.0.1:58173
+== APP == == Encrypting message using buffers
+== APP == Encrypted the message, got 856 bytes
+== APP == == Decrypting message using buffers
+== APP == Decrypted the message, got 24 bytes
+== APP == The secret is "passw0rd"
+== APP == == Encrypting message using streams
+== APP == Encrypting federico-di-dio-photography-Q4g0Q-eVVEg-unsplash.jpg to encrypted.out
+== APP == Encrypted the message to encrypted.out
+== APP == == Decrypting message using streams
+== APP == Decrypting encrypted.out to decrypted.out.jpg
+== APP == Decrypted the message to decrypted.out.jpg
+```
+
+### What happened?
+
+#### `local-storage.yaml`
+
+Earlier, you created a directory inside `crypto-quickstarts` called `keys`. In [the `local-storage` component YAML](https://github.com/dapr/quickstarts/tree/master/cryptography/components/local-storage.yaml), the `path` metadata maps to the newly created `keys` directory.
+
+```yml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: localstorage
+spec:
+  type: crypto.dapr.localstorage
+  version: v1
+  metadata:
+    - name: path
+      # Path is relative to the folder where the example is located
+      value: ./keys
+```
+
+#### `index.mjs`
+
+[The application file](https://github.com/dapr/quickstarts/blob/master/cryptography/javascript/sdk/crypto-quickstart/index.mjs) encrypts and decrypts messages and files using the RSA and AES keys that you generated. The application creates a new Dapr SDK client:
+
+```javascript
+async function start() {
+  const client = new DaprClient({
+    daprHost,
+    daprPort,
+    communicationProtocol: CommunicationProtocolEnum.GRPC,
+  });
+
+  // Encrypt and decrypt a message from a buffer
+  await encryptDecryptBuffer(client);
+
+  // Encrypt and decrypt a message using streams
+  await encryptDecryptStream(client);
+}
+```
+
+##### Encrypting and decrypting a string using the RSA key
+
+Once the client is created, the application encrypts a message:
+
+```javascript
+async function encryptDecryptBuffer(client) {
+  // Message to encrypt
+  const plaintext = `The secret is "passw0rd"`
+
+  // First, encrypt the message
+  console.log("== Encrypting message using buffers");
+
+  const encrypted = await client.crypto.encrypt(plaintext, {
+    componentName: "localstorage",
+    keyName: "rsa-private-key.pem",
+    keyWrapAlgorithm: "RSA",
+  });
+
+  console.log("Encrypted the message, got", encrypted.length, "bytes");
+```
+
+The application then decrypts the message:
+
+```javascript
+  // Decrypt the message
+  console.log("== Decrypting message using buffers");
+  const decrypted = await client.crypto.decrypt(encrypted, {
+    componentName: "localstorage",
+  });
+
+  console.log("Decrypted the message, got", decrypted.length, "bytes");
+  console.log(decrypted.toString("utf8"));
+
+  // ...
+}
+``` 
+
+##### Encrypt and decrpyt a large file using the AES key
+
+Next, the application encrypts a large image file:
+
+```javascript
+async function encryptDecryptStream(client) {
+  // First, encrypt the message
+  console.log("== Encrypting message using streams");
+  console.log("Encrypting", testFileName, "to encrypted.out");
+
+  await pipeline(
+    createReadStream(testFileName),
+    await client.crypto.encrypt({
+      componentName: "localstorage",
+      keyName: "symmetric-key-256",
+      keyWrapAlgorithm: "A256KW",
+    }),
+    createWriteStream("encrypted.out"),
+  );
+
+  console.log("Encrypted the message to encrypted.out");
+```
+
+The application then decrypts the large image file:
+
+```javascript
+  // Decrypt the message
+  console.log("== Decrypting message using streams");
+  console.log("Decrypting encrypted.out to decrypted.out.jpg");
+  await pipeline(
+    createReadStream("encrypted.out"),
+    await client.crypto.decrypt({
+      componentName: "localstorage",
+    }),
+    createWriteStream("decrypted.out.jpg"),
+  );
+
+  console.log("Decrypted the message to decrypted.out.jpg");
+}
+```
+
+{{% /codetab %}}
 
  <!-- Go -->
 {{% codetab %}}

daprdocs/content/en/operations/security/oauth.md

@@ -16,7 +16,7 @@ The main difference between the two flows is that the `Authorization Code Grant
 
 Different authorization servers provide different application registration experiences. Here are some samples:
 <!-- IGNORE_LINKS -->
-* [Azure AAD](https://docs.microsoft.com/azure/active-directory/develop/v1-protocols-oauth-code)
+* [Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/v1-protocols-oauth-code)
 * [Facebook](https://developers.facebook.com/apps)
 * [Fitbit](https://dev.fitbit.com/build/reference/web-api/oauth2/)
 * [GitHub](https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app/)
@@ -37,7 +37,7 @@ Authorization/Token URLs of some of the popular authorization servers:
 <!-- IGNORE_LINKS -->
 | Server  | Authorization URL | Token URL |
 |---------|-------------------|-----------|
-|Azure AAD|<https://login.microsoftonline.com/{tenant}/oauth2/authorize>|<https://login.microsoftonline.com/{tenant}/oauth2/token>|
+|Microsoft Entra ID|<https://login.microsoftonline.com/{tenant}/oauth2/authorize>|<https://login.microsoftonline.com/{tenant}/oauth2/token>|
 |GitHub|<https://github.com/login/oauth/authorize>|<https://github.com/login/oauth/access_token>|
 |Google|<https://accounts.google.com/o/oauth2/v2/auth>|<https://accounts.google.com/o/oauth2/token> <https://www.googleapis.com/oauth2/v4/token>|
 |Twitter|<https://api.twitter.com/oauth/authorize>|<https://api.twitter.com/oauth2/token>|