| title | description | name | thirdParty | alias | image | tags | |||
|---|---|---|---|---|---|---|---|---|---|
Auth0 Azure Blob Storage Tutorial |
This tutorial will show you how to use the Auth0 to authenticate and authorize Azure Blob Storage. |
Azure Blob Storage |
true |
|
/media/platforms/azure.png |
|
${include('./_thirdPartyApi')}
Here's a sample call to the delegation endpoint to get the SAS:
POST https://${account.namespace}/delegation
Content-Type: 'application/json'
{
"client_id": "${account.clientId}",
"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
"id_token": "{YOUR_ID_TOKEN}",
"target": "${account.clientId}",
"api_type": "azure_blob",
"scope": "openid"
}
- The
client_idvalue identifies the requesting app (e.g. your website) and{YOUR_ID_TOKEN}identifies the user you are requesting this on behalf-of. (Notice that theid_tokenis signed with theclient_idcorrespondingclientSecret). - The
targetparameter identifies this API endpoint in Auth0 (often the same as{CLIENT ID}. This is theclient_idof the app where this add-on has been enabled. api_typemust beazure_blob.scopemust beopenid.
The result of calling the delegation endpoint will be something like:
{
"azure_blob_sas": "st=2015-01-08T18%3A45%3A14Z&se=2015-01-08T18%3A50%3A14Z&sp=r&sv=2014-02-14&sr=b&sig=13ABC456..."
}You can use the blob SAS token either by appending it to a url directly or by passing it to one of the Azure Storage SDKs.
GET https://{STORAGEACCOUNT}.blob.core.windows.net/mycontainer/myblob.txt?st=2015-01-08T18%3A45%3A14Z&se=2015-01-08T18%3A50%3A14Z&sp=r&sv=2014-02-14&sr=b&sig=13ABC456...