'uid'-type SharedAccessSignature won't parse

[erwinkramer]

Bug description

Generating a SAS token like here https://docs.microsoft.com/en-us/rest/api/apimanagement/apimanagementrest/azure-api-management-rest-api-authentication#ProgrammaticallyCreateToken, with this format will not pass:

SharedAccessSignature uid=53dd860e1b72ff0467030003&ex=2014-08-04T22:03:00.0000000Z&sn=ItH6scUyCazNKHULKA0Yv6T+Skk4bdVmLqcPPPdWoxl2n1+rVbhKlplFrqjkoUFRr0og4wjeDz4yfThC82OjfQ==

It doesn't validate over: https://github.com/Azure/api-management-developer-portal/blob/51ec561561a7acbb43d6595e16c40f8118162618/src/authentication/accessToken.ts#L40

SAS token does work for other API calls as it's correctly formatted for the Management API.

Returns Error: SharedAccessSignature token format is not valid.

Related to https://github.com/Azure/api-management-developer-portal/issues/689 but never solved.

Using commit: https://github.com/Azure/api-management-developer-portal/releases/tag/2.19.0

[ghost]

@erwinkramer, thank you for opening this issue. We will triage it within the next few business days.

[ghost]

@erwinkramer, thank you for reporting the bug.

[nahojs]

Any updates on this? I get the same error. Using release 2.22.0

Workaround Creating a "SharedAccessSignature" with format 2 can be done like this. Note that seconds must be set to zero.

private static void AccessToken2()
{
    var id = "";
    var key = "";

    var d = DateTime.UtcNow.AddDays(10);
    var expiry = new DateTime(d.Year, d.Month, d.Day, d.Hour, d.Minute, 0, DateTimeKind.Utc);

    using (var encoder = new HMACSHA512(Encoding.UTF8.GetBytes(key)))
    {
        var dataToSign = id + "\n" + expiry.ToString("O", CultureInfo.InvariantCulture);
    var hash = encoder.ComputeHash(Encoding.UTF8.GetBytes(dataToSign));
    var signature = Convert.ToBase64String(hash);
    var encodedToken = $"SharedAccessSignature {id}&{expiry:yyyyMMddHHmm}&{signature}";

    Console.WriteLine(encodedToken);
    }
}