!!!Renew Azure SAS token via Azure User impersonation
\\
This example demonstrates using the Azure Delegation settings to renew an Azure SAS token configured on a user at [User Manager]. For more info see: Authorize access to blobs using Microsoft Entra ID Link: [https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory]\\
The job is eligible for daily scheduling.\\ 
\\
[attachments|renew_azure_sas_token_user_impersonation_full.png]\\
\\
User's Azure Blob VFS with user delegation settings (for more info see: [Azure Integration]):\\ 
\\
[attachments|azure_blob_user_delegation_settings.png]\\
\\
!!Section 1.\\
\\
It loads the user's VFS file, parses it, and retrieves the previous SAS token expiry date.\\
\\
[attachments|find_azure_vfs_file.png]\\
\\
__!!!Configure __your user's VFS path at the Find task.\\
\\
[attachments|file_parse_azure_vfs_file.png]\\
\\
Parse the VFS XML file to retrieve the Azure SAS token expiration.\\
\\
{{{
vfs_xml          = {xml_parse_start}{file_contents}{xml_parse_end}
org_sas_token    = {decrypt_start}{v_0_sas_token}{decrypt_end}
se_all           = {split_start:&se=:1}{org_sas_token}{split_end}
se_end_index     = {indexof_start:&:0}{se_all}{indexof_end}
se               = {substring_start:0:{se_end_index}}{se_all}{substring_end}
sas_token_expire = {parse_start:yyyy-MM-dd'T'HH~..~mm~..~ss'Z'}{se}{parse_end}
difference       = {math_start:l}{sas_token_expire}-{now}{math_end}
}}}\\
\\
[attachments|get_azure_sas_token_info.png]\\
\\
!!Section 2.\\
\\
Verify the expiration of the SAS token and store the refresh token. The refresh token must be saved each time and stored as a persistent variable.\\
\\
[attachments|jump_difference_greater_then_zero.png]\\
\\
Set the difference to zero if it is less than zero.\\
\\
[attachments|set_difference_as_zreo.png]\\
\\
Verify if the difference is less than two days.\\
\\
[attachments|check_if_difference_is_less_then_two_day.png]\\
\\
Determine whether the persistent variable is present. On the first run, it will not exist.\\
\\
[attachments|check_persist_variable.png]\\
\\
Check for the presence of the persistent variable.\\
\\
[attachments|check_azure_refresh_token.png]\\
\\
Persist the Azure's refresh token.\\
\\
{{{
persist_azure_refresh_token = {decrypt_start}{v_0_azure_user_delegation_refresh_token}{decrypt_end}
}}}\\
\\
[attachments|save_azure_refresh_token.png]\\
\\
!!Section 3.\\
\\
This section retrieves the Access Token using the Azure Refresh Token to obtain the user delegation key.\\
\\
Construct the request body of the HTTP call.\\
\\
{{{
client_id       = {decrypt_start}{v_0_azure_user_delegation_client_id}{decrypt_end}
tenant_id       = {decrypt_start}{v_0_azure_user_delegation_client_tenant}{decrypt_end}
client_secret   = {decrypt_start}{v_0_azure_user_delegation_client_secret}{decrypt_end}

renew_refresh_token_post_data = client_id={client_id}&client_secret={client_secret}&refresh_token={persist_azure_refresh_token}&grant_type=refresh_token

blob_storage_account_name = {url_start:user}{decrypt_start}{v_0_url}{decrypt_end}{url_end}
}}}\\
\\
[attachments|azure_oauth_2_data.png]\\
\\
Retrieve the Access Token through the HTTP Task.\\
\\
{{{
URL          = https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
POST Data    = {renew_refresh_token_post_data}
Content-Type = application/x-www-form-urlencoded
}}}
\\
[attachments|CrushTaskExample18/oauth2_http_task.png]\\
\\
Verify the HTTP response.\\
\\
[attachments|check_aouth2_http_response.png]\\
\\