[FEATURE REQ] Get user delegation SAS with a BlobBaseClient without providing user delegation key

[yifanz7]

Library name

Azure.Storage.Blobs

Feature Description

Get a user delegation SAS for a BlobBaseClient (OAuth credentials) without providing a delegation key.

Why the current SDK is not sufficient

We noticed this recently merged PR #45646 that .NET SDK now supports GenerateUserDelegationSasUri() for BlobBaseClient. However, this method requires inputting a delegation key, which can only be created on the service client level, not just by the blob client itself. With only a BlobBaseClient, we're not able to get a delegation key. Therefore, this newly added method is not sufficient

Why we need this feature

This is blocking PowerShell cmdlets migrating from v11 SDK to v12 SDK that we are working on recently.

The cmdlet being blocked is Start-AzStorageFileCopy (and start-azstorageblobcopy ). The scenario is copying from a source blob with oauth credential. In this case, customer can input a blob object with Oauth Authentication， and PSH will generate a blob SAS URL as copy source.

• With V11 SDK, when user input a V11 blob object (CloudBlob) with Oauth, PowerShell can generate user delegation SAS and use it as copy source .
• With v12 SDK ,when user input a V12 blob object (BlobBaseClient) with Oauth, PowerShell can't get a user delegation SAS just with the BlobBaseClient object, since :

1. BlobBaseClient doesn't have an API support generate user delegation SAS without providing user delegation key
2. We can't get user delegation key from BlobBaseClient, since we can't get Blob Service Client from BlobBaseClient , and only Blob Service Client support get user delegation key.

Currently we have to leave v11 SDK blob object in the cmdlet Start-AzStorageFileCopy as a workaround.
In order to finish the migration, we will need this feature supported by .net SDK and then can remove the references of v11 SDK completely.

When we need the feature

We would like the feature to be released by Feb 2025.

This feature is needed in order to completely remove the reference to v11 SDK, and removing the v11 SDK reference will be a breaking change. For PSH modules, breaking changes are only allowed in major releases, and the next major release will be around May 2025 for Build. As breaking change warnings should be announced 2 releases prior to the major release, we should be ready for the breaking change by Feb 2025.

Potential solutions

There could be two options:

1. BlobBaseClient has API to generate a user delegation SAS without providing user delegation key
2. SDK support get the Blob service client from a BlobBaseClient (Get parent container Client from BlobBlobBaseClient, and get blob service client from container client ), and then we can get a user delegation key which can be used to generate a user delegation SAS

[github-actions]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage.