[Az.Accounts]: ambiguity in clientfactory.CreateArmClient #18634
Labels
Accounts
Issues in Az.Accounts except authentication related
Authentication
feature-request
This issue requires a new behavior in the product in order be resolved.
Milestone
Description
To create track1 SDK client, we use method
the endpoint passed in will be used to
var baseUri = context.Environment.GetEndpointAsUri(endpoint);
)var creds = AzureSession.Instance.AuthenticationFactory.GetServiceClientCredentials(context, endpoint);
)there are two part of authenticate flow:
RenewingTokenCredential(new ExternalAccessToken(GetEndpointToken(context.Account, targetEndpoint), () => GetEndpointToken(context.Account, targetEndpoint)));
for flow 1, the targetEndpoint is actually irrelevant to the actual access token (in context.account.extendedproperties, key: Microsoft.Azure.Commands.Common.Authentication.Constants.MicrosoftGraphAccessToken, value: msgraph access token)
When create MSGraph client , as the "CreateArmClient" method suggested, we passed in the endpoint "MicrosoftGraphUrl", however this cannot be matched in flow 1 :
which returned the ARM accesstoken instead.
I made a work around #18414 to let it match both MSGraph ResourceId and MSGraph endpoint. A better fix would be use ResourceId for both flow 1 and 2, separate endpoint and resourceId in:
and in flow 1:
The text was updated successfully, but these errors were encountered: