Azure · VeryEarly · Aug 11, 2021 · Aug 11, 2021
diff --git a/src/Storage/Storage.Management/ChangeLog.md b/src/Storage/Storage.Management/ChangeLog.md
@@ -18,6 +18,12 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Generate blob sas token with new API version
+    -  `New-AzStorageBlobSASToken` 
+    -  `New-AzStorageContainerSASToken` 
+    -  `New-AzStorageAccountSASToken`
+* Fixed blob copy failure with OAuth credentail when client and server has time difference [#15644]
+    -  `Copy-AzStorageBlob` 
 * Fixed remove datalakegen2 item fail with readonly SAS token
     -  `Remove-AzDataLakeGen2Item` 
 * Revised destination existing check in move datalakegen2 item

diff --git a/src/Storage/Storage/Blob/Cmdlet/NewAzureStorageBlobSasToken.cs b/src/Storage/Storage/Blob/Cmdlet/NewAzureStorageBlobSasToken.cs
@@ -134,11 +134,7 @@ public string Policy
 
         protected override bool UseTrack2Sdk()
         {
-            if (SasTokenHelper.IsTrack2Permission(this.Permission))
-            {
-                return true;
-            }
-            return base.UseTrack2Sdk();
+            return true;
         }
 
         /// <summary>

diff --git a/src/Storage/Storage/Blob/Cmdlet/NewAzureStorageContainerSasToken.cs b/src/Storage/Storage/Blob/Cmdlet/NewAzureStorageContainerSasToken.cs
@@ -91,11 +91,7 @@ public string Policy
         public override int? ConcurrentTaskCount { get; set; }
         protected override bool UseTrack2Sdk()
         {
-            if (SasTokenHelper.IsTrack2Permission(this.Permission))
-            {
-                return true;
-            }
-            return base.UseTrack2Sdk();
+            return true;
         }
 
         /// <summary>

diff --git a/src/Storage/Storage/Common/Cmdlet/NewAzureStorageAccountSasToken.cs b/src/Storage/Storage/Common/Cmdlet/NewAzureStorageAccountSasToken.cs
@@ -58,11 +58,7 @@ public class NewAzureStorageAccountSasTokenCommand : StorageCloudBlobCmdletBase
 
         protected override bool UseTrack2Sdk()
         {
-            if (SasTokenHelper.IsTrack2Permission(this.Permission))
-            {
-                return true;
-            }
-            return base.UseTrack2Sdk();
+            return true;                                                                                                                                                                                                                                                                                              
         }
 
         /// <summary>

diff --git a/src/Storage/Storage/Common/StorageExtensions.cs b/src/Storage/Storage/Common/StorageExtensions.cs
@@ -26,6 +26,10 @@ internal static class StorageExtensions
     {
         private const int CopySASLifeTimeInMinutes = 7 * 24 * 60;
 
+        // The Oauth delegate SAS expire time must be in 7 days. 
+        // As client and server has time difference, to make it more stable, the time will be 1 hour less than 7 days.
+        private const int CopySASLifeTimeInMinutesOauth = 7 * 24 * 60 - 60;
+
         internal static Uri GenerateUriWithCredentials(
             this CloudFile file)
         {
@@ -208,6 +212,10 @@ private static string GetBlobSasToken(CloudBlob blob)
 
             // SAS life time is at least 10 minutes.
             TimeSpan sasLifeTime = TimeSpan.FromMinutes(CopySASLifeTimeInMinutes);
+            if (blob.ServiceClient.Credentials.IsToken)
+            {
+                sasLifeTime = TimeSpan.FromMinutes(CopySASLifeTimeInMinutesOauth);
+            }
 
             SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy()
             {
@@ -253,6 +261,10 @@ private static string GetBlobSasToken(BlobBaseClient blob, AzureStorageContext c
 
             // SAS life time is at least 10 minutes.
             TimeSpan sasLifeTime = TimeSpan.FromMinutes(CopySASLifeTimeInMinutes);
+            if (context.StorageAccount.Credentials.IsToken)
+            {
+                sasLifeTime = TimeSpan.FromMinutes(CopySASLifeTimeInMinutesOauth);
+            }
 
             BlobSasBuilder sasBuilder = new BlobSasBuilder
             {

diff --git a/src/Storage/Storage/Common/Util.cs b/src/Storage/Storage/Common/Util.cs
@@ -295,7 +295,7 @@ public static string GetVersionIdFromBlobUri(Uri BlobUri)
             {
                 if (block.StartsWith(snapshotQueryParameter))
                 {
-                    return DateTimeOffset.Parse(block.Replace(snapshotQueryParameter, "")).ToUniversalTime();
+                    return DateTimeOffset.Parse(System.Web.HttpUtility.UrlDecode(block.Replace(snapshotQueryParameter, ""))).ToUniversalTime();
                 }
             }
             return null;