Use a token to connect to a container #16792
Labels
Client
This issue points to a problem in the data-plane of the library.
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
needs-author-feedback
Workflow: More information is needed from author to address the issue.
no-recent-activity
There has been no recent activity on this issue.
question
The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Storage
Storage Service (Queues, Blobs, Files)
I'm trying to connect to a blobstorage using a token that I get like this:
cred, err := azidentity.NewClientSecretCredential(tenantID, clientID, clientSecret, nil)
I can use this function and see that return me a token:
policy := policy.TokenRequestOptions{ Scopes: []string{clientID + "/.default"}, } resp, err := ced.GetToken(context.Background(), policy)
In the program I call to this function
conn, err := azblob.NewContainerClient(containerURL, cred, nil)
When I try to write using this connection to the container I have the follow error:
===== RESPONSE ERROR (ErrorCode=AuthorizationPermissionMismatch) ===== Description=This request is not authorized to perform this operation using this permission. RequestId:19f268a9-301e-0027-28c1-06fd6a000000 Time:2022-01-11T08:03:07.6493384Z, Details: (none)
The devops tell me that the problem is I have to get the token using scopes, but what I see in NewContainerClient is that use this constant:
const tokenScope untyped string = "https://storage.azure.com/.default"
There is any way to pass scopes to NewContainerClient or I should use other way?
The text was updated successfully, but these errors were encountered: