AzureStor icon indicating copy to clipboard operation
AzureStor copied to clipboard
verified publisher icon Azure

Add signed encryption scope field to string-to-sign for authorization for SAS

Open psolymos opened this issue 2 years ago • 2 comments

Helo, I have encountered an issue with SAS and this PR represents a fix referencing Azure SAS spec changes:

  1. https://learn.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas#version-2020-12-06-and-later
  2. https://learn.microsoft.com/en-us/rest/api/storageservices/create-service-sas#version-2020-12-06-and-later (actually the docs are also wrong there omitting the rsct field)

Here is how the user delegation SAS fields lined up:

spec pkg
signedPermissions permissions
signedStart dates$start
signedExpiry dates$expiry
canonicalizedResource resource
signedKeyObjectId key$SignedOid
signedKeyTenantId key$SignedTid
signedKeyStart key$SignedStart
signedKeyExpiry key$SignedExpiry
signedKeyService key$SignedService
signedKeyVersion key$SignedVersion
signedAuthorizedUserObjectId
signedUnauthorizedUserObjectId
signedCorrelationId
signedIP ip
signedProtocol protocol
signedVersion auth_api_version
signedResource resource_type
signedSnapshotTime snapshot_time
signedEncryptionScope MISSING
rscc
rscd
rsce
rscl
rsct

Because of this, I was getting Signature did not match. String to sign used was ... error. Installing from my fork resolved the issue.

Cheers!

psolymos avatar Apr 20 '23 02:04 psolymos

Hmm, I don't recall running into problems with SAS, but this was some time ago

hongooi73 avatar Apr 22 '23 05:04 hongooi73

@hongooi73 any plans for merging this for a new CRAN release? Thanks.

psolymos avatar Sep 17 '23 15:09 psolymos