[Azure Identity] tenant_id
is not honored by ManagedIdentityCredential.get_token
#23080
Labels
Azure.Identity
Client
This issue points to a problem in the data-plane of the library.
needs-team-triage
Workflow: This issue needs the team to triage.
azure-identity
Describe the bug
#20940 added support for getting an access token from another tenant other than the tenant used in the constructor of the credential, using
get_token(tenant_id=xxx)
API.However, as tested with this script in a VM with system assigned identity:
The access token decoded using https://jwt.ms/ still has
Using this access token will fail to authenticate into resources.
The truth is managed identity doesn't support
tenant_id
and you simply can't get an access token for another tenant. See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-httpAzure Identity should error out in such case, instead of returning the a token for the wrong tenant.
The text was updated successfully, but these errors were encountered: