[BUG] Azure Databricks audience blocked in MSI

[mmaitre314]

To Reproduce

curl http://localhost:50342/oauth2/token --data "resource=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d" -H Metadata:true -s
curl http://localhost:50342/oauth2/token --data "resource=https://azuredatabricks.net/" -H Metadata:true -s

Observed Behavior

{"error":{"code":"AudienceNotSupported","message":"Audience 2ff814a6-3304-4ab8-85cb-cd0e6f879c1d is not a supported MSI token audience. Supported audiences: https://management.core.windows.net/,https://management.azure.com/,https://graph.windows.net/,https://vault.azure.net,https://datalake.azure.net/,https://outlook.office365.com/,https://graph.microsoft.com/,https://batch.core.windows.net/,https://analysis.windows.net/powerbi/api,https://storage.azure.com/,https://rest.media.azure.net,https://api.loganalytics.io,https://ossrdbms-aad.database.windows.net,https://www.yammer.com,https://digitaltwins.azure.net,0b07f429-9f4b-4714-9392-cc5e8e80c8b0,822c8694-ad95-4735-9c55-256f7db2f9b4,https://dev.azuresynapse.net,https://database.windows.net,https://quantum.microsoft.com,https://iothubs.azure.net"}}

Expected behavior

Both commands should have returned an access token. I am guessing this is also the reason calling az account get-access-token trying to get an access token for Azure Databricks fails (while the same command ran on my dev machine succeeds):

matthieu@Azure:~$ az account get-access-token --resource https://azuredatabricks.net/
Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned: <Response [400]>

Is this specific to Cloud Shell?

Yes. No MSI on my local dev machine, but az account get-access-token --resource https://azuredatabricks.net/ does fail in Cloud Shell and succeeds on my local machine.

Interface information

https://shell.azure.com from Chrome on Windows 10

Additional context

[Cheneric95]

New audience added and tested.