| addon | title | thirdParty | public | url | alias | image | topics | articles | contentType | description | useCase | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Azure Blob Storage |
Azure Blob Storage Add-on |
true |
false |
/addons/azure-blob-storage |
|
/media/platforms/azure.png |
|
|
how-to |
Learn how to use Auth0 to authenticate and authorize Azure Blob Storage. |
integrate-third-party-apps |
<%= include('../_includes/_uses-delegation') %>
Here's a sample call to the delegation endpoint to get the Shared Access Signature (SAS):
POST https://${account.namespace}/delegation
Content-Type: 'application/json'
{
"client_id": "${account.clientId}",
"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
"id_token": "YOUR_ID_TOKEN",
"target": "${account.clientId}",
"api_type": "azure_blob",
"scope": "openid"
}
- The
client_idvalue identifies the requesting app (such as your website) andYOUR_ID_TOKENidentifies the user you are requesting this on behalf-of. (Notice that theid_tokenis signed with theclient_idcorrespondingclientSecret). - The
targetparameter identifies this API endpoint in Auth0 (often the same as${account.clientId}. This is theclient_idof the app where this add-on has been enabled. api_typemust beazure_blob.scopemust beopenid.
The result of calling the delegation endpoint will be something like:
{
"azure_blob_sas": "st=2015-01-08T18%3A45%3A14Z&se=2015-01-08T18%3A50%3A14Z&sp=r&sv=2014-02-14&sr=b&sig=13ABC456..."
}You can use the blob SAS token either by appending it to a URL directly or by passing it to one of the Azure Storage SDKs.
GET https://{STORAGEACCOUNT}.blob.core.windows.net/mycontainer/myblob.txt?st=2015-01-08T18%3A45%3A14Z&se=2015-01-08T18%3A50%3A14Z&sp=r&sv=2014-02-14&sr=b&sig=13ABC456...