Closed ivica3730k closed 10 months ago
Hi @ivica3730k, thanks for the report. The issue here is that the various MODIS-061 collections store assets in multiple storage account containers. The collection metadata lists two attributes, msft:storage_account
and msft:container
and this combination is what determines the SAS token target when using the .../sas/v1/token/modis-64A1-061
endpoint. If you inspect the URL of the asset file, it's actually in the modis-061-cogs
container, which is out of scope for the previously generated token.
There are two other SAS methods you can use to generate the correct token. If you know the storage + container combination ahead of time, use
https://planetarycomputer.microsoft.com/api/sas/v1/token/modiseuwest/modis-061-cogs
Alternatively, there is an endpoint that accepts a URL to a blob store asset, and it determines the account/container to target:
The first method may be preferable as you can limit the number of SAS call by caching the container token up to its expiry, but the second method may be convenient based on the mix of assets your reading.
Hope this helps!
perfect, thank you very much. I did not know about the third endpoint. Passing a URL would do for my use case.
Thanks
Hello, we have noticed a problem with the sas token endpoint returning invalid tokens for some collections. In our example, visiting https://planetarycomputer.microsoft.com/api/sas/v1/token/modis-64A1-061 to get the token for modis-64A1-061 collection is returning:
Then, trying to download asset from the following item: https://planetarycomputer.microsoft.com/api/stac/v1/collections/modis-64A1-061/items/MCD64A1.A2023213.h35v10.061.2023284122045
with URL: https://modiseuwest.blob.core.windows.net/modis-061-cogs/MCD64A1/35/10/2023213/MCD64A1.A2023213.h35v10.061.2023284122045_QA.tif?st=2023-11-21T12%3A03%3A50Z&se=2023-11-22T12%3A48%3A50Z&sp=rl&sv=2021-06-08&sr=c&skoid=c85c15d6-d1ae-42d4-af60-e2ca0f81359b&sktid=72f988bf-86f1-41af-91ab-2d7cd011db47&skt=2023-11-22T00%3A01%3A26Z&ske=2023-11-29T00%3A01%3A26Z&sks=b&skv=2021-06-08&sig=JUJmeZrj9vQXE8Vxzhs1pe5fQ3Zu%2B0n4cHmNvzGBoXY%3D
results in error:
Is it possible that the storage containers names changed without changing the container name in the sas obtaining service or something like that?
first spotted by https://github.com/james-hinton :)