Can't Get Service SAS To Work

[ptiseo-tegria]

Here's the code:

generator = Azure::Storage::Common::Core::Auth::SharedAccessSignature.new(
  Config.azure_storage_account_name, 
  Config.azure_storage_account_key
)

start_time = Time.now.utc
sas_options = {
  service: "b",
  resource: "b",
  permissions: "r",
  start: (start_time - 5.minutes).iso8601(4),
  expiry: (start_time + 10.minutes).iso8601(4),
  protocol: "https",
}

@result = "#{medium.storageurl}?#{generator.generate_service_sas_token(medium.storageurl, sas_options)}"

In this example, medium is a record where medium.storageurl = https://[account name].blob.core.windows.net/media/Q4LGSLJ63LG9

When I use the URL in @result, the response is that the authentication failed.

<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:[redacted] Time:2022-05-09T18:53:03.4659072Z</Message>
<AuthenticationErrorDetail>Signature did not match. String to sign used was r 2022-05-09T18:47:45Z 2022-05-09T19:02:45Z /blob/[account name]/media/Q4LGSLJ63LG9 https 2018-11-09 b </AuthenticationErrorDetail>
</Error>

What am I doing wrong?

[ptiseo-tegria]

Looks like it was a clock skew issue. Adding a few minutes to start and expiry cleared the issue.