How to create user delegation SAS after getting User Delegation key

Question

I want to generate User Delegation SAS Token to read the Azure BLOB I know we have to follow below step to get it.

1. Get the oAuth Token from Azure Ad
2. Generate user delegation key using oAuth Token
3. Generate SAS Token using user delegation key

I am able to find the Rest service for step 1 & 2, I don't find any Rest service for step 3.

Is any Rest service is available to get the SAS Token using user delegation key

Thanks in Advance.

I am able to generate the delegation key and now I want to get SAS Token by using this user delegation key.

Note :- I have to use only Rest service for it

Answer 1

AFAIK, there is no REST API to create a User Delegation SAS Token/URL.

Once you get the User Delegation Key which should contain the parameters needed to create User Delegation SAS, you will need to follow the instructions specified here: https://learn.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas#construct-a-user-delegation-sas.

UPDATE:

For signing purpose, you would need to use the Value returned when you acquired the User Delegation Key.

This is what the response should be for getting the User Delegation Key:

<?xml version="1.0" encoding="utf-8"?>
<UserDelegationKey>
    <SignedOid>String containing a GUID value</SignedOid>
    <SignedTid>String containing a GUID value</SignedTid>
    <SignedStart>String formatted as ISO date</SignedStart>
    <SignedExpiry>String formatted as ISO date</SignedExpiry>
    <SignedService>b</SignedService>
    <SignedVersion>String specifying REST api version to use to create the user delegation key</SignedVersion>
    <Value>String containing the user delegation key</Value>
</UserDelegationKey>

You would use the <Value> attribute's value. Please see the code here. This is how .Net SDK calculates the signature.