Skip to content

[Auth] Regenerate vendored SDKs to comply with the correct credential_scopes handling logic #2634

Open
Open
[Auth] Regenerate vendored SDKs to comply with the correct credential_scopes handling logic#2634
Assignees
jiasli
Labels
Accountfeature-requestThis issue requires a new behavior in the product in order be resolved.
Milestone
Backlog
@jiasli

Description

@jiasli
jiasli
opened on Nov 6, 2020

Derived from Azure/azure-cli#15806

Some old Track 2 SDKs may have 2 issues when calling get_token:

  1. Empty scopes
  2. Multiple scopes

Both are incorrect logic. The correct credential_scopes handling logic is that Track 2 SDK should maintain one and only one scope as credential_scopes.

Please take the correct azure-mgmt-resource resource SDK as an example and make sure all vendored SDK comply with this logic:

https://github.com/Azure/azure-sdk-for-python/blob/27e4203818e227ba2604ff52dcf55ce2293c4c37/sdk/resources/azure-mgmt-resource/azure/mgmt/resource/subscriptions/_configuration.py#L41

self.credential_scopes = kwargs.pop('credential_scopes', ['https://management.azure.com/.default'])

⚠ Although for now the erroneous SDKs work because CLI has added some workarounds to handle these issues, after migrating to Azure Identity and MSAL, these workarounds will fail. The old erroneous SDKs MUST be regenerated to comply with the correct credential_scopes handling logic.

Metadata

Metadata

Assignees

Labels

Accountfeature-requestThis issue requires a new behavior in the product in order be resolved.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions