search

Azure / azure-sdk-for-net

This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.
MIT License
5.35k stars 4.71k forks source link

[BUG] API does not support bearer tokens #44505

Closed digiofficerobin closed 2 months ago

digiofficerobin commented 3 months ago

Library name and version

Azure.Storage.Files.Shares 12.18.0

Describe the bug

I am trying to create an Azure File Share in a backend application, but I get an exception about unsupported bearer tokens. This seems incorrect, because I can do other things, such as adding files and directories, or add Blob containers with the same kind of credentials.

Expected behavior

Azure File Share created, as described in the documentation: https://learn.microsoft.com/en-us/dotnet/api/azure.storage.files.shares.shareclient.createifnotexists?view=azure-dotnet

Actual behavior

I get the following message: Azure.RequestFailedException: This API does not support bearer tokens. For OAuth, use the Storage Resource Provider APIs instead. Learn more: https://aka.ms/azurefiles/restapi.

Reproduction Steps

using Azure.Identity;
using Azure.Storage.Files.Shares;
...
var client = new ShareClient(new Uri(absoluteUrl), new ClientSecretCredential(tenantid,clientid, clientsecret));
client.CreateIfNotExists();

Environment

.NET Framework 4.8 / C#

github-actions[bot] commented 3 months ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage.

digiofficerobin commented 3 months ago

Addition. I've tried creating an Azure File Share with the ShareServiceClient as well, but I get the same exception.

var client = new ShareServiceClient(new Uri(url), new ClientSecretCredential(tenantid, clientid, clientsecret);
var options = new ShareCreateOptions();
options.AccessTier = ShareAccessTier.Hot;
client.CreateShare(name, options);

Error:

Azure.RequestFailedException: This API does not support bearer tokens. For OAuth, use the Storage Resource Provider APIs instead. Learn more: https://aka.ms/azurefiles/restapi.
RequestId:1d541d0c-801a-006f-15ac-bc4bea000000
Time:2024-06-12T09:43:22.7103886Z
Status: 409 (This API does not support bearer tokens. For OAuth, use the Storage Resource Provider APIs instead. Learn more: https://aka.ms/azurefiles/restapi.)
ErrorCode: FileOAuthManagementApiRestrictedToSrp
digiofficerobin commented 3 months ago

Hi, do you guys had time to look into this issue?

seanmcc-msft commented 2 months ago

This is by-design, today the Files service does not support OAuth for all operations - https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory#permissions-for-file-service-operations

Assuming the feature does not get pulled at the last minute, we should be adding support for OAuth for all File operations in the next beta release of the SDK.

digiofficerobin commented 1 month ago

@seanmcc-msft Thanks, could you give the ID of the Pull Request so I can follow up this feature?