Disallow space character when validating tenant id and scopes as input for AzureCliCredential. (#5085)

* Disallow space character when validating tenant id and scopes as input
for AzureCliCredential.

* Address PR feedback.

sdk/identity/azure-identity/CHANGELOG.md

@@ -8,6 +8,8 @@
 
 ### Bugs Fixed
 
+- Disallow space character when validating tenant id and scopes as input for `AzureCliCredential`.
+
 ### Other Changes
 
 ## 1.6.0-beta.3 (2023-10-12)

sdk/identity/azure-identity/src/azure_cli_credential.cpp

@@ -68,7 +68,6 @@ void AzureCliCredential::ThrowIfNotSafeCmdLineInput(
       case '.':
       case '-':
       case '_':
-      case ' ':
         break;
 
       default:

sdk/identity/azure-identity/test/ut/azure_cli_credential_test.cpp

@@ -344,6 +344,33 @@ TEST(AzureCliCredential, UnsafeChars)
   }
 }
 
+TEST(AzureCliCredential, SpaceNotAllowed)
+{
+  std::string const invalid = "space character";
+
+  {
+    AzureCliCredentialOptions options;
+    options.TenantId = "01234567-89AB-CDEF-0123-456789ABCDEF";
+    options.TenantId += invalid;
+    AzureCliCredential azCliCred(options);
+
+    TokenRequestContext trc;
+    trc.Scopes.push_back(std::string("https://storage.azure.com/.default"));
+    EXPECT_THROW(static_cast<void>(azCliCred.GetToken(trc, {})), AuthenticationException);
+  }
+
+  {
+    AzureCliCredentialOptions options;
+    options.CliProcessTimeout = std::chrono::hours(24);
+    AzureCliCredential azCliCred(options);
+
+    TokenRequestContext trc;
+    trc.Scopes.push_back(std::string("https://storage.azure.com/.default") + invalid);
+
+    EXPECT_THROW(static_cast<void>(azCliCred.GetToken(trc, {})), AuthenticationException);
+  }
+}
+
 TEST(AzureCliCredential, StrictIso8601TimeFormat)
 {
   constexpr auto Token = "{\"accessToken\":\"ABCDEFGHIJKLMNOPQRSTUVWXYZ\","