[Storage] Investigate OAuth2 scopes for storage clients #5097
Comments
jeremymeng
added
Client
|
It probably should be an array of strings that users can customize. |
|
@jeremymeng Link seems broken "https://github.com/azure/azure-sdk-for-js/blob/feature%2Fstorage/sdk/storage/storage-blob/src/Pipeline.ts#L232". Why scope value has to be defined in storage SDK? |
|
@XiaoningLiu It was moved to . It looks specific to storage. I saw some sample C# code that has it as a string array. |
|
I was thinking that there might be other possible values for the scope. If not we can close this issue. |
|
I'm thinking scope variables should be provided by customer when creating token credentials. Is this limitation from @azure/identity? if (!isAnonymousCreds) {
factories[2] = isTokenCredential(credential) factories[2] = isTokenCredential(credential)
? bearerTokenAuthenticationPolicy(credential, "https://storage.azure.com/.default") ? bearerTokenAuthenticationPolicy(credential, DefaultStorageScope)
: credential; : credential;
} } |
@daviwil do you have more insights? |
|
@XiaoningLiu In the future we might provide a global preset of known default settings in @azure/identity to be used by various SDK libraries. At this point it is better to have a option on the client to specify the default one for storage and allow customization later. |
so they can be customized for different Azure stacks. Resolves Azure#5097.
so they can be customized for different Azure stacks. Resolves #5097.
Currently we use a scope of
https://storage.azure.com/.defaultfor storage clientsexample: https://github.com/azure/azure-sdk-for-js/blob/feature%2Fstorage/sdk/storage/storage-blob/src/Pipeline.ts#L232
Is it possible to have other scopes (e.g., for different Azure stack).
The text was updated successfully, but these errors were encountered: