@@ -413,7 +413,7 @@ def get_login_credentials(self, resource=None, client_id=None, subscription_id=N
413413 credential = self ._create_credential (account , client_id = client_id )
414414 external_credentials = []
415415 for external_tenant in external_tenants :
416- external_credentials .append (self ._create_credential (account , external_tenant , client_id = client_id ))
416+ external_credentials .append (self ._create_credential (account , tenant_id = external_tenant ))
417417 from azure .cli .core .auth .credential_adaptor import CredentialAdaptor
418418 cred = CredentialAdaptor (credential ,
419419 auxiliary_credentials = external_credentials ,
@@ -460,7 +460,7 @@ def get_raw_token(self, resource=None, scopes=None, subscription=None, tenant=No
460460 scopes_to_resource (scopes ))
461461
462462 else :
463- cred = self ._create_credential (account , tenant )
463+ cred = self ._create_credential (account , tenant_id = tenant )
464464
465465 sdk_token = cred .get_token (* scopes )
466466 # Convert epoch int 'expires_on' to datetime string 'expiresOn' for backward compatibility
@@ -655,7 +655,7 @@ def _try_parse_msi_account_name(account):
655655 return parts [0 ], (None if len (parts ) <= 1 else parts [1 ])
656656 return None , None
657657
658- def _create_credential (self , account , tenant_id = None , client_id = None ):
658+ def _create_credential (self , account , tenant_id = None ):
659659 """Create a credential object driven by MSAL
660660
661661 :param account:
@@ -665,8 +665,8 @@ def _create_credential(self, account, tenant_id=None, client_id=None):
665665 """
666666 user_type = account [_USER_ENTITY ][_USER_TYPE ]
667667 username_or_sp_id = account [_USER_ENTITY ][_USER_NAME ]
668- tenant_id = tenant_id if tenant_id else account [_TENANT_ID ]
669- identity = _create_identity_instance (self .cli_ctx , self ._authority , tenant_id = tenant_id , client_id = client_id )
668+ tenant_id = tenant_id or account [_TENANT_ID ]
669+ identity = _create_identity_instance (self .cli_ctx , self ._authority , tenant_id = tenant_id )
670670
671671 # User
672672 if user_type == _USER :
@@ -694,7 +694,7 @@ def refresh_accounts(self):
694694 tenant = s [_TENANT_ID ]
695695 subscriptions = []
696696 try :
697- identity_credential = self ._create_credential (s , tenant )
697+ identity_credential = self ._create_credential (s , tenant_id = tenant )
698698 if is_service_principal :
699699 subscriptions = subscription_finder .find_using_specific_tenant (tenant , identity_credential )
700700 else :
@@ -938,7 +938,7 @@ def _transform_subscription_for_multiapi(s, s_dict):
938938 s_dict [_MANAGED_BY_TENANTS ] = [{_TENANT_ID : t .tenant_id } for t in s .managed_by_tenants ]
939939
940940
941- def _create_identity_instance (cli_ctx , * args , ** kwargs ):
941+ def _create_identity_instance (cli_ctx , authority , tenant_id = None ):
942942 """Lazily import and create Identity instance to avoid unnecessary imports."""
943943 from .auth .identity import Identity
944944 from .util import should_encrypt_token_cache
@@ -955,9 +955,11 @@ def _create_identity_instance(cli_ctx, *args, **kwargs):
955955 # PREVIEW: In Azure Stack environment, use core.instance_discovery=false to disable MSAL's instance discovery.
956956 instance_discovery = cli_ctx .config .getboolean ('core' , 'instance_discovery' , True )
957957
958- return Identity (* args , encrypt = encrypt , use_msal_http_cache = use_msal_http_cache ,
958+ return Identity (authority , tenant_id = tenant_id ,
959+ encrypt = encrypt ,
960+ use_msal_http_cache = use_msal_http_cache ,
959961 enable_broker_on_windows = enable_broker_on_windows ,
960- instance_discovery = instance_discovery , ** kwargs )
962+ instance_discovery = instance_discovery )
961963
962964
963965def _on_azure_arc_windows ():
0 commit comments