Connect to Eventstream using Microsoft Entra ID authentication

2025-04-11

Custom Endpoint is a special type of Eventstream source or destination that allows your application to send and fetch data from Eventstream. It supports two authentication methods for connecting to your application: SAS Keys and Entra ID authentication.

SAS Key Authentication: Allows you to produce and consume Eventstream data using Shared Access Signature (SAS) keys.
Entra ID Authentication: Enables a security principal (such as a user or a service principal) to produce and consume Eventstream data using Microsoft Entra ID authentication.

This article guides you through creating a Service Principal application, setting up the Java project in Visual Studio Code, and connecting to Eventstream using Microsoft Entra ID authentication.

Prerequisites

Before you begin, make sure the following prerequisites are met:

Your Tenant Admin enabled the following setting in the Admin portal. Learn more
- Service principals can call Fabric public APIs
You have Member or higher permissions in the workspace. This is required to manage workspace access and assign the necessary permissions to your service principal app.
An Eventstream item in your workspace with a Custom Endpoint source. Refer to this guide for instructions on how to add a Custom Endpoint to Eventstream.
Install Visual Studio Code.
Set up VS Code for Java development. Install Coding pack for Java.

Step 1: Create a service principal App

Sign in to the Microsoft Entra admin center.
Browse to Identity > Applications > App registrations, and select New registration.
Enter a display Name for your application.
Open your app, copy the client ID and tenant ID for later use.
Go to Certificates & secrets, add a new client secret and copy the value.
Once completed, you should have the following three information ready:
- Azure Client ID
- Azure Tenant ID
- Azure Client Secret

Step 2: Assign Fabric workspace permission

Go to your Fabric workspace and select Manage access.
Search for the application created in the previous step and assign the Contributor (or higher) to your app.

Step 3: Set up project in VS Code

Open the terminal in VS Code and download the GitHub project or run the following command to clone the project.
```
git clone https://github.com/ruiminwang/eventstream-entra-id-auth-samples.git
```

Install Java and Maven. If you don’t have Java and Maven installed, use Scoop to install them:

# https://scoop.sh/
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
Invoke-RestMethod -Uri https://get.scoop.sh | Invoke-Expression

scoop bucket add java
scoop install oraclejdk-lts
scoop install maven

Set up environment variables. Configure environment variables for your Service Principal app:

$env:AZURE_CLIENT_ID="00001111-aaaa-2222-bbbb-3333cccc4444"
$env:AZURE_TENANT_ID="aaaabbbb-0000-cccc-1111-dddd2222eeee"
$env:AZURE_CLIENT_SECRET="Aa1Bb~2Cc3.-Dd4Ee5Ff6Gg7Hh8Ii9_Jj0Kk1Ll2"

Step 4: Build and run your project

Send data to Eventstream

In Eventstream, add a Custom Endpoint as a source.
Select Custom Endpoint > Entra ID Authentication, copy the following details, and paste them into the ProducerSample.java file:
- Event hub namespace
- Event hub

Run the following command to build and run the project:

mvn clean package

java -cp .\target\EventHubOAuth-1.0-SNAPSHOT-jar-with-dependencies.jar com.microsoft.ProducerSample

If the data is sent successfully, you can go to your eventstream and view the incoming data.

Fetch data from Eventstream

In Eventstream, add a Custom Endpoint as a destination.
Select Custom Endpoint > Entra ID Authentication, copy the following details, and paste them into the ConsumerSample.java file:
- Event hub namespace
- Event hub
- Consumer group

Run the following command to build and run the project:

mvn clean package

java -cp .\target\EventHubOAuth-1.0-SNAPSHOT-jar-with-dependencies.jar com.microsoft.ConsumerSample

After successfully running the project, you can view the incoming data in your application.

Share via