Azure File Share with OAuth2 credentials

Question

Using the Azure Blob Storage SDK for Java, I can create a service client using OAuth2 credentials:

BlobServiceClientBuilder builder = new BlobServiceClientBuilder();
builder.endpoint("https://" + account.abs_account_name + ".blob.core.windows.net");
ClientSecretCredentialBuilder credBuilder = new ClientSecretCredentialBuilder();
credBuilder.clientSecret(account.abs_client_secret);
credBuilder.tenantId(account.abs_tenant_id);
credBuilder.clientId(account.abs_client_id);
builder.credential(credBuilder.build());
return builder.buildClient();

However, I am not finding a similar method for Azure FileShare:

ShareServiceClientBuilder serviceClientBuilder = new ShareServiceClientBuilder()
   .endpoint("https://" + account.afs_account_name + ".file.core.windows.net/");
ClientSecretCredentialBuilder credBuilder = new ClientSecretCredentialBuilder();
credBuilder.clientSecret(account.afs_client_secret);
credBuilder.tenantId(account.afs_tenant_id);
credBuilder.clientId(account.afs_application_id);
serviceClientBuilder.credential(credBuilder.build());   // COMPILE ERROR!

Is it possible to use OAuth2 credentials with Azure FileShare API for java?

score 0 · Accepted Answer · answered Aug 01 '22 at 09:48

• I don’t think this is possible with OAuth2 credentials for Azure file share as there is no provision for it currently as Azure file share is supposed to be a cloud version of Network File share on-premises. Thus, there seems to be a provision for applying the ACLs to it like on-premises but not access it through an application via a managed identity registered in Azure AD. Also, in on-premises, the permissions to access files through an application requires domain wide administrator level access and the systems on development or access is needed must be domain joined for the access to be valid.

Thus, OAuth2 credential authentication directly on Azure file share is currently not possible. Instead, you can access the Azure file share through OAuth2.0 authentication indirectly by storing the SAS token or the connection string for the storage account in key vault and then assigning managed identity permissions to the Azure key vault for accessing the connection string or SAS token and use it accordingly to access the file share.

• An example of it is as follows: -

 SecretClient secretClient = new SecretClientBuilder()
.vaultUrl("<your-key-vault-url>")
.credential(new DefaultAzureCredentialBuilder().build())
.buildClient();

 String shareURL = String.format("https://%s.file.core.windows.net", ACCOUNT_NAME);
 ShareClient shareClient = new ShareClientBuilder().endpoint(shareURL)
.sasToken(SAS_TOKEN).shareName(shareName).buildClient();

For more information, kindly refer to the below documentation links: -

https://learn.microsoft.com/en-us/java/api/overview/azure/storage-file-share-readme?view=azure-java-stable#share

https://azuresdkdocs.blob.core.windows.net/$web/java/azure-storage-file-share/12.2.0/index.html

Thanks! Not the answer I had hoped for but that's how it goes. — Wheezil, Aug 02 '22 at 00:50

Azure File Share with OAuth2 credentials

1 Answers1