[BUG] Unauthorized exceptions

[sebastienros]

Library name and version

Azure.AI.Inference 1.0.0-beta.5

Describe the bug

When creating a ChatCompletionsClient with an Azure AI Foundry model we are getting the following error:

Azure.RequestFailedException: Unauthorized. Access token is missing, invalid, audience is incorrect (https://cognitiveservices.azure.com/ or https://ai.azure.com/), or have expired.
Status: 401 (Unauthorized)
      
Content:
{ "statusCode": 401, "message": "Unauthorized. Access token is missing, invalid, audience is incorrect (https://cognitiveservices.azure.com/ or https://ai.azure.com/), or have expired." }

A mitigation is to add the correct scope manually like so:

var options = new AzureAIInferenceClientOptions();
var credential = new DefaultAzureCredential();

BearerTokenAuthenticationPolicy tokenPolicy = new(credential, ["https://cognitiveservices.azure.com/.default"]);
options.AddPolicy(tokenPolicy, HttpPipelinePosition.PerRetry);

return new ChatCompletionsClient(endpoint, credential, options);

Expected behavior

Works

Actual behavior

Doesn't work

Reproduction Steps

c.f. details

Environment

No response

[github-actions]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @dargilco @glharper @jhakulin @trangevi.

[sebastienros]

Locally we have updated our code to include these two scopes too, I assume they could be added by default in the SDK since using AI Foundry deployed models might be common:

"https://cognitiveservices.azure.com/.default" "https://cognitiveservices.azure.us/.default"

[sebastienros]

@jsquire thanks for fixing the title ;)