{Core} AdalAuthentication doesn't honor `scopes` for Track 2 SDK

**Describe the bug**

In Track 2 SDK, `scopes` (`resource`) is managed by SDK, instead of Azure CLI. For example, in [`AzureAppConfigurationClient`](https://github.com/Azure/azure-sdk-for-python/blob/022bc80f2bc645d8d82d647620376fcea2229522/sdk/appconfiguration/azure-appconfiguration/azure/appconfiguration/_azure_appconfiguration_client.py#L128):

```py
if aad_mode:
    scope = base_url.strip("/") + "/.default"
```

But in `get_token`, `scopes` is not honored (discarded), resulting in getting a token for a wrong `scopes` (ARM `https://management.core.windows.net/` by default):

https://github.com/Azure/azure-cli/blob/c2b9a2c5cfe34b108b52b49ac50c6802ac4d729f/src/azure-cli-core/azure/cli/core/adal_authentication.py#L61-L67


	# This method is exposed for Azure Core.
	def get_token(self, scopes, *kwargs): # pylint:disable=unused-argument
	_, token, full_token, _ = self._get_token()
	try:
	return AccessToken(token, int(full_token['expiresIn'] + time.time()))
	except KeyError: # needed to deal with differing unserialized MSI token payload
	return AccessToken(token, int(full_token['expires_on']))

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

{Core} AdalAuthentication doesn't honor `scopes` for Track 2 SDK #15179

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

{Core} AdalAuthentication doesn't honor scopes for Track 2 SDK #15179

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

{Core} AdalAuthentication doesn't honor `scopes` for Track 2 SDK #15179