Azure-storage-azcopy: Getting no SAS token or OAuth token is present error while executing azcopy

I'm getting the same issue when trying to copy a single file. It's like the oauth token isn't getting set correctly when trying to use that as the authentication mechanism.

Hey @dinesh1393 ,

Every request made by the user to access/modify data from a storage account must be authenticated/authorized unless the resource being accessed is public resource.

Now there are two broad categories of Authn/AuthZ we support :-

1. Signature Based Auth:- Shared Key and Shared Access Signature (SAS).
   SAS avoids authentication as a specific user and grants restricted access rights to the resource. So the user gets granular level resource access in storage account without hampering security. You can create a SAS key for a resource from Azure_Portal/Storage_Explorer/REST_API etc. So, your copy request will look like
   azcopy cp "/path/to/file.txt" "https://[account].blob.core.windows.net/[container]/[path/to/blob]?[SAS]
   Please read this for more information.

2. Identity Based Auth:- Azure AD and Anonymous(Public) Access.
   Azure AD is OAuth 2.0 based token used for AuthN. A user can identify itself by running azcopy login command (OAuth Token). A user is assigned roles which essentially control access-rights such as read, modify, delete etc. Please read
   this for more information.

Please reach out to me if my explanation doesn't answer your query.
@dinesh1393 @jmcshane

I get the same error from azcopy, after I did az login successfully.
But I do have access, and az storage blob list works well on the same container.

Hey @oren-nonamesecurity ,

Thanks for reaching out!
az login is used to login into Azure CLI. Azure CLI is different application from AzCopy. AzCopy is also a command-line application but to login you should use azcopy login command and not az login.

Please refer to azcopy help command for more info. Alternatively you can check out this link

If the explanation doesn't answer your question, please feel free to reach out for more clarification. :)

Sorry, I didn't write accurately.
I did use azcopy login and copied the code to the browser. This finished successfully.
And after that I tried to run azcopy list and got the mentioned error.

But az login and then az storage blob list worked well, on same environment with same account.

There was a small difference - in az login it automatically opened web browser and set the credentials and in azcopy login it didn't open the browser, I had to click the link in the terminal and copy the code to the browser. Does it matter? Does it help to understand the problem?

Edit: My issue was addressed by the Linux session keyring workaround identified in #452

This should not have been closed. The original poster is using Windows and @edwinsummers and the workaround he used is for Linux.
I am also getting this error.

I have the same issue on linux:

azcopy login --tenant-id=xxxx
azcopy list http://.....

The list command fails with

failed to obtain credential info: Login Credentials missing. No SAS token or OAuth token is present and the resource is not public

I'm 100% I should have access.

The workaround mentioned here https://github.com/Azure/azure-storage-azcopy/issues/452 worked for me as well.