[BUG] Azure Databricks audience blocked in MSI #109
Description
To Reproduce
curl http://localhost:50342/oauth2/token --data "resource=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d" -H Metadata:true -s
curl http://localhost:50342/oauth2/token --data "resource=https://azuredatabricks.net/" -H Metadata:true -s
Observed Behavior
{"error":{"code":"AudienceNotSupported","message":"Audience 2ff814a6-3304-4ab8-85cb-cd0e6f879c1d is not a supported MSI token audience. Supported audiences: https://management.core.windows.net/,https://management.azure.com/,https://graph.windows.net/,https://vault.azure.net,https://datalake.azure.net/,https://outlook.office365.com/,https://graph.microsoft.com/,https://batch.core.windows.net/,https://analysis.windows.net/powerbi/api,https://storage.azure.com/,https://rest.media.azure.net,https://api.loganalytics.io,https://ossrdbms-aad.database.windows.net,https://www.yammer.com,https://digitaltwins.azure.net,0b07f429-9f4b-4714-9392-cc5e8e80c8b0,822c8694-ad95-4735-9c55-256f7db2f9b4,https://dev.azuresynapse.net,https://database.windows.net,https://quantum.microsoft.com,https://iothubs.azure.net"}}
Expected behavior
Both commands should have returned an access token. I am guessing this is also the reason calling az account get-access-token trying to get an access token for Azure Databricks fails (while the same command ran on my dev machine succeeds):
matthieu@Azure:~$ az account get-access-token --resource https://azuredatabricks.net/
Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned: <Response [400]>
Is this specific to Cloud Shell?
Yes. No MSI on my local dev machine, but az account get-access-token --resource https://azuredatabricks.net/ does fail in Cloud Shell and succeeds on my local machine.
Interface information
https://shell.azure.com from Chrome on Windows 10