I would suspect the problem to be google/go-cloud. Azure Storage APIs (im assuming here) shouldn’t care as long as the token is valid. My thoughts is maybe the something in google/go-cloud is modifying the token in a way that azure storage api is rejecting it