-
Notifications
You must be signed in to change notification settings - Fork 303
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bearer Challenge Support for Azurite #2360
Comments
To implement the 401 bearer Challenge, you can:
Azurite welcome contribution! |
@blueww Once the PR is raised for these changes, is it possible to have another release branch, and hence another npm release separately for this? Basically we wanted a way to use those changes for our local testing before we push any changes. If not, then is there a way to publish this to Azure DevOps, and we can consume that build of Azurite from there? |
We can consider taking the PR after the feature is public GA released in storage server in all regions. |
Which service(blob, file, queue, table) does this issue concern?
Blob
Which version of the Azurite was used?
v3.29.0
Where do you get Azurite? (npm, DockerHub, NuGet, Visual Studio Code Extension)
npm
What's the Node.js version?
20.11.0
This is a feature request.
I'm from Azure Archive Storage, and we have a feature where we obtain a token from dSTS (which is a token issuing authority), and one crucial step before obtaining the token is to perform a bearer challenge on the blob, so that we know which authority to call.
For Azurite to be integrated into our functional tests, we need to be able to perform the bearer challenge on Azurite blobs as well.
For more context, if we want to be able to get a token so that we can perform Blob API calls on the blob, then first we need to perform a bearer challenge on the blob. Bearer challenge is basically a HTTP request made to the blob, with some special headers, in order to discover the authority which we should obtain the token from, and the scope that the token should contain.
If suppose we have a blob, say "https://account1.blob.core.windows.net/blob1", and we want to get the bearer challenge response for this blob. Suppose the authority from where we should get the DSTS Token is say "https://region1-dsts.dsts.core.windows.net", and the scope included in the token should be "https://stamp1.stamp-fe.store.preprod.core.windows.net/"
Then, following is the contract for bearer challenge:
RequestUrl: https://account1.blob.core.windows.net/blob1
Headers for request (additional ones):
Authorization-dSTS=Challenge
x-ms-version=2021-08-06
Response Status Code: 401 Unauthorized
Response Headers (additional ones):
WWW-Authenticate-dSTS="Bearer authorization_uri=https://region1-dsts.dsts.core.windows.net/[/dstsv2/7a433bfc-2514-4697-b467-e0933190487f](https://uswest-passive-dsts.dsts.core.windows.net/dstsv2/7a433bfc-2514-4697-b467-e0933190487f) resource_id=https://stamp1.stamp-fe.store.preprod.core.windows.net/"
Is there a way for this contract to be implemented in Azurite?
The text was updated successfully, but these errors were encountered: