Extract blob client creation into AzureBlobClientFactory - because there's some more logic needed now to check how the blob client should be created (using a connection string vs AzureDefaultCredentials)
Add an AuthenticationMode property in the AzureBlobTusStoreOptions to specify how we should authenticate with the storage account. It's set to ConnectionString as default, to preserve backwards compatibility.
The connectionString argument in AzureBlobTusStore should be set to just the URI of the blob storage account in the case of managed identity authentication.
Bump to version 2.1 because of the introduction of new functionality.
We implemented this in our fork, and wanted to contribute it back in hopes it can be of use for the project. If you feel any improvements are needed, please let me know and I'll be happy to oblige.
Using managed identities allows Azure resources to use Azure AD for authenticating and RBAC for authorizing requests to the blob storage account, instead of using a connection string. See https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview
Changes introduced in this PR:
We implemented this in our fork, and wanted to contribute it back in hopes it can be of use for the project. If you feel any improvements are needed, please let me know and I'll be happy to oblige.