AuthenticationFailed: Signature not valid in the specified key time frame #13

pankneo · 2025-01-17T19:35:50Z

pankneo
Jan 17, 2025

Using azure-blob with ActiveRecords[Ruby]
Noticed that upload, download and asset urls works as expected when it is a fresh deploy or the app is restarted on Azure.
However, after the expiry time [7 hours default] is reached the SAS key is expired and not refreshed automatically.
This breaks all the urls pointing to the assets in the app until the app is deployed again or restarted
PS: Using principal_id [Managed Identity]

Am I missing anything here?
Is there any additional config in storage.yml to force refreshing of SAS key after expiration

Was looking into code base
Does this method needs to call refresh?

Answered by JoeDupuis

Jan 17, 2025

Can you try 0.5.6 and confirm your URLs still work after the expiration?

View full answer

JoeDupuis · 2025-01-17T20:05:45Z

JoeDupuis
Jan 17, 2025
Maintainer

Looks like a bug. I'll push a fix. Just to validate, you're not trying to reuse the signed URLs, you can't generate new ones, correct?

1 reply

pankneo Jan 17, 2025
Author

That is correct

JoeDupuis · 2025-01-17T20:26:24Z

JoeDupuis
Jan 17, 2025
Maintainer

Can you try 0.5.6 and confirm your URLs still work after the expiration?

2 replies

pankneo Jan 17, 2025
Author

Will do. Can I set the expiration time to be quicker for testing purpose.
Tried expires_in in storage.yml but not sure if it did the trick
Also really appreciate the promptness on this issue. Will keep you posted

pankneo Jan 22, 2025
Author

Thank you so much 👍

rajraj · 2025-06-30T11:20:41Z

rajraj
Jun 30, 2025

Hello, thanks for the gem. Just similar to the original post, I am getting the AuthenticationFailed error. I am using 0.5.9 (latest) version.

We have 2 VMs connecting to the storage account using principal_id. We have 2 principal_ids configured to access the storage account.

<Error>
  <Code>AuthenticationFailed</Code>
  <Message>Server failed to authenticate the request. Make sure the value of Authorization header is
    formed correctly including the signature. RequestId:xxxxxxxx
    Time:2025-06-30T06:34:14.4690377Z
  </Message>
  <AuthenticationErrorDetail>Signature not valid in the specified key time frame: Key start [Fri, 27
    Jun 2025 08:45:28 GMT] - Key expiry [Fri, 27 Jun 2025 15:45:28 GMT] - Current [Mon, 30 Jun 2025
    06:34:14 GMT]
  </AuthenticationErrorDetail>
</Error>

1 reply

JoeDupuis Jun 30, 2025
Maintainer

Thank you for reporting!
I just pushed a fix + I added a test to prevent regressions.
Should be fixed in 0.5.9.1

AuthenticationFailed: Signature not valid in the specified key time frame #13

Uh oh!

Uh oh!

pankneo Jan 17, 2025

Replies: 3 comments · 4 replies

Uh oh!

Uh oh!

JoeDupuis Jan 17, 2025 Maintainer

Uh oh!

pankneo Jan 17, 2025 Author

Uh oh!

JoeDupuis Jan 17, 2025 Maintainer

Uh oh!

pankneo Jan 17, 2025 Author

Uh oh!

pankneo Jan 22, 2025 Author

Uh oh!

rajraj Jun 30, 2025

Uh oh!

Uh oh!

JoeDupuis Jun 30, 2025 Maintainer

pankneo
Jan 17, 2025

Replies: 3 comments 4 replies

JoeDupuis
Jan 17, 2025
Maintainer

pankneo Jan 17, 2025
Author

JoeDupuis
Jan 17, 2025
Maintainer

pankneo Jan 17, 2025
Author

pankneo Jan 22, 2025
Author

rajraj
Jun 30, 2025

JoeDupuis Jun 30, 2025
Maintainer