Some old Track 2 SDKs may have 2 issues when calling get_token:
Empty scopes
Multiple scopes
Both are incorrect logic. The correct credential_scopes handling logic is that Track 2 SDK should maintain one and only one scope as credential_scopes.
Please take the correct azure-mgmt-resource resource SDK as an example and make sure all vendored SDK comply with this logic:
⚠ Although for now the erroneous SDKs work because CLI has added some workarounds to handle these issues, after migrating to Azure Identity and MSAL, these workarounds will fail. The old erroneous SDKs MUST be regenerated to comply with the correct credential_scopes handling logic.
yonzhan
commented
4 years ago
Derived from https://github.com/Azure/azure-cli/pull/15806
Some old Track 2 SDKs may have 2 issues when calling
get_token:Both are incorrect logic. The correct
credential_scopeshandling logic is that Track 2 SDK should maintain one and only one scope ascredential_scopes.Please take the correct
azure-mgmt-resourceresource SDK as an example and make sure all vendored SDK comply with this logic:https://github.com/Azure/azure-sdk-for-python/blob/27e4203818e227ba2604ff52dcf55ce2293c4c37/sdk/resources/azure-mgmt-resource/azure/mgmt/resource/subscriptions/_configuration.py#L41
⚠ Although for now the erroneous SDKs work because CLI has added some workarounds to handle these issues, after migrating to Azure Identity and MSAL, these workarounds will fail. The old erroneous SDKs MUST be regenerated to comply with the correct
credential_scopeshandling logic.