New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
blob/azureblob: No way to refresh a user delegation credential when using OAuth client credentials token provider #3007
Comments
TBH I'm not sure how to do this. If you have an idea, send a PR. |
Yeah this is what I was thinking as a workaround. But not sure that would work well in practice even as a workaround. I'll try send a PR for this. |
I think this might be stale after #3156. |
I think so too. It seems that the Azure SDK for Go accepts an implementation of the
If a user constructs a Note: My investigation in this comment was done in a browser looking at the changes #3156 and also referencing the Azure SDK for Go repo, so please excuse me if I overlooked something and also take what I said with caution. |
Fixed by #3156. |
Is your feature request related to a problem? Please describe.
Yes it is.
With #2681 the ability to specify a
UserDelegationCredential
for thecredential
property. However, there is no way to refresh that key. User delegation keys have a maximum expiration time of 7 days (seeExpiry
request property in docs).Describe the solution you'd like
I am looking for a way to pass a "user delegation refresher" func similar to how a token refresher func can be passed to
NewTokenCredential
(a feature of theazure-storage-blob-go
SDK). Basically, some way for theSignedURL
to refresh the user delegation credential and only if the credential it has is of that type. It's not applicable for a shared key credential.Describe alternatives you've considered
N/A
Additional context
UserDelegationCredential
toOpenBucket
'soptions.credentials
property:By contrast, if the auth mechanism used is MSI, then
SignedURL
does have a refresh mechanism for that.The text was updated successfully, but these errors were encountered: