[storage] Add browser support for User Delegation key

[jeremymeng]

Since the user delegation key can be created using the AAD token.

A desire scenario is that logged in users can directly access a blob (pdf, image, etc.) that they have permission to, using its url + SAS token from a user delegation key in the browser.

We'd need to enable this for browsers

There are already existing packages that do hmac computation in browsers. core-util also provides computeSha256Hmac

azure-sdk-for-js/sdk/core/core-util/src/index.ts

Line 9 in 6259284

export { computeSha256Hash, computeSha256Hmac } from "./sha256";

[jeremymeng]

@XiaoningLiu has a good point on security concern:

Note that, delegation key has longer life time (max 7 days) than a token (several hours). We treat tokens are safe in browser sessions because they are short and need to refresh permission to get new tokens. Leaking a token is controllable. However, leaking a delegation key makes the impact longer to max 7 days.

[jeremymeng]

Could there be a way that we enforce an expiration date that is sooner for browser version?

[github-actions]

Hi @jeremymeng, we deeply appreciate your input into this project. Regrettably, this issue has remained unresolved for over 2 years and inactive for 30 days, leading us to the decision to close it. We've implemented this policy to maintain the relevance of our issue queue and facilitate easier navigation for new contributors. If you still believe this topic requires attention, please feel free to create a new issue, referencing this one. Thank you for your understanding and ongoing support.