From b5c3c4971ded3bcf656f4c0cc88785b19372e994 Mon Sep 17 00:00:00 2001
From: Ahson Khan <ahson_ahmedk@yahoo.com>
Date: Thu, 5 Oct 2023 13:31:29 -0700
Subject: [PATCH] Do not throw an exception during `AzureCliCredential`
 construction, but rather delay it on GetToken() call. (#4979)

* Do not throw an exception during `AzureCliCredential` construction, but rather delay it on GetToken() call.

* Update az cli unsafe chars test.
---
 sdk/identity/azure-identity/src/azure_cli_credential.cpp    | 3 +--
 .../azure-identity/test/ut/azure_cli_credential_test.cpp    | 6 ++++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/sdk/identity/azure-identity/src/azure_cli_credential.cpp b/sdk/identity/azure-identity/src/azure_cli_credential.cpp
index d9a1f49d0..27448822b 100644
--- a/sdk/identity/azure-identity/src/azure_cli_credential.cpp
+++ b/sdk/identity/azure-identity/src/azure_cli_credential.cpp
@@ -92,8 +92,6 @@ AzureCliCredential::AzureCliCredential(
 {
   static_cast<void>(options);
 
-  ThrowIfNotSafeCmdLineInput(m_tenantId, "TenantID");
-
   IdentityLog::Write(
       IdentityLog::Level::Informational,
       GetCredentialName()
@@ -123,6 +121,7 @@ std::string AzureCliCredential::GetAzCommand(std::string const& scopes, std::str
     const
 {
   ThrowIfNotSafeCmdLineInput(scopes, "Scopes");
+  ThrowIfNotSafeCmdLineInput(m_tenantId, "TenantID");
   std::string command = "az account get-access-token --output json --scope \"" + scopes + "\"";
 
   if (!tenantId.empty())
diff --git a/sdk/identity/azure-identity/test/ut/azure_cli_credential_test.cpp b/sdk/identity/azure-identity/test/ut/azure_cli_credential_test.cpp
index 57b42c4f5..b8870b937 100644
--- a/sdk/identity/azure-identity/test/ut/azure_cli_credential_test.cpp
+++ b/sdk/identity/azure-identity/test/ut/azure_cli_credential_test.cpp
@@ -325,9 +325,11 @@ TEST(AzureCliCredential, UnsafeChars)
     AzureCliCredentialOptions options;
     options.TenantId = "01234567-89AB-CDEF-0123-456789ABCDEF";
     options.TenantId += Exploit;
+    AzureCliCredential azCliCred(options);
 
-    EXPECT_THROW(
-        static_cast<void>(std::make_unique<AzureCliCredential>(options)), AuthenticationException);
+    TokenRequestContext trc;
+    trc.Scopes.push_back(std::string("https://storage.azure.com/.default"));
+    EXPECT_THROW(static_cast<void>(azCliCred.GetToken(trc, {})), AuthenticationException);
   }
 
   {