Share via

Is there a way to create a SAS token for blob storage and Azure Data Lake 2 given Oauth2 credentials in the Java API?

Anonymous
2024-01-06T00:17:08.4966667+00:00

I need a SAS Token to create a Snowflake Stage Location. I thought I had this all understood, I would create a BlobServiceClient using Oauth2 credentials and then use that to generate a SAS token. But at the last step it threw an exception saying that i had to create the BlobServiceClient using storageSharedKeyCredentials.
I looked at the BlobClientBuilder, but it doesn't seem like you can use Oauth2 credentials. Is there any way to do this?

Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,563 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,205 questions
Accepted answer
  1. Ahamed Musthafa Careem 461 Reputation points
    2024-01-06T01:19:18.31+00:00

    Hi, hope the below 2 soluions will help you.

    User Delegation SAS:

    Azure Blob Storage supports User Delegation SAS, which is a type of SAS token that is secured with Azure AD credentials instead of the account key. This allows for better security practices by avoiding the use of account keys. However, the use of User Delegation SAS with Snowflake might have limitations or specific configurations you need to consider.

    or else follow the below method by generating a SAS token using Shared Key credentials:

    Here’s a step-by-step guide to

    Obtain Storage Account Access Keys:

    • Go to the Azure Portal.
    • Navigate to your storage account.
    • In the "Settings" section of the storage account overview, find the "Access keys" option.
    • Here, you can find your account access keys and connection strings.
    1. Create a BlobServiceClient:
    • Use the access key obtained in the previous step to create a BlobServiceClient.
    • The BlobServiceClient allows you to manipulate Azure Blob Storage resources.

    Generate SAS Token:

    • Once you have the BlobServiceClient instantiated with your Shared Key credentials, you can generate a SAS token.
    • Use the generateBlobSas method (or equivalent, depending on the SDK you are using) to create a SAS token. This method will require details like container name, blob name (if applicable), permissions, and the duration for which the SAS token is valid.

    Use SAS Token in Snowflake:

    • With the SAS token generated, you can now use it in Snowflake to create a stage location.
    • The stage location will use the SAS token for authentication to the Azure Blob Storage container.

    If you require OAuth2 for other parts of your application (not for SAS token generation), you can use it for those specific purposes. However, for SAS token generation, switching to Shared Key credentials is necessary.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.