-
Notifications
You must be signed in to change notification settings - Fork 231
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AutoRefreshingTokenCredential token override issue #1225
Comments
Thanks for the detailed report. As you suggest, it looks like the problem is that There is no check that the resource matches on subsequent requests when the cached token may be returned: One workaround may be to create separate credentials for your storage client and your other non-storage client. The "proper" fix is to update the SDK's Your managed identity |
Thanks for getting back to me so quickly. If there's anything I can do the help move this forward, please let me know. Regarding the workaround you proposed, I thought about that, but again, I'm still not sure I need As for the |
In the current implementation, the For example, see:
This will clearly impact performance if you are making many API calls. Using the |
|
Hi.
I have a program that streams some data from an http request to azure storage blob as well as accessing some other api's that also needs to authenticate using the same
AutoRefreshingTokenCredential
.This is the logic flow:
put_block
(wait to runput_block_list
for now)get_token("<scope>")
on the sameAutoRefreshingTokenCredential
that the storage client uses)put_block_list
to "finalize" the upload.The problem I'm facing is that, after running
get_token
in step 2, step 3. (put_block_list
) returns the following error:If I skip step 2. then step 3. works.
Another observation I made is that, if I don't use
AutoRefreshingTokenCredential
, all the steps work:I'm not really sure what's going on here, but I suspect
AutoRefreshingTokenCredential
overwrites the current token when I runget_token
to call the API's, then when it gets toput_block_list
, it uses the token from step 2?Another thing I'm not sure about is if I even need
AutoRefreshingTokenCredential
, the documentation is really sparse, all it says is:Does that mean that, if I don't wrap
DefaultAzureCredential
inAutoRefreshingTokenCredential
, the token might expire? Or does it just keep the token "up to date", so the next time I runget_token
or something else, it will be faster?I hope the explanation is clear enough, if not, I can try to put together some example code.
Also, as a side note, not directly related to this. I'm having trouble calling
get_token("<scope>")
using managed identity after updating from0.6.0
to0.10.0
, getting this error message:The code is completely unchanged, all I did was update and rebuild. Downgrading makes it work again.
The text was updated successfully, but these errors were encountered: