Azure
diff --git a/‎src/azure-cli/azure/cli/command_modules/appconfig/_credential.py‎
Lines changed: 17 additions & 0 deletions b/‎src/azure-cli/azure/cli/command_modules/appconfig/_credential.py‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎src/azure-cli/azure/cli/command_modules/appconfig/_utils.py‎
Lines changed: 9 additions & 1 deletion b/‎src/azure-cli/azure/cli/command_modules/appconfig/_utils.py‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_appconfig_to_appconfig_import_export.yaml‎
Lines changed: 1533 additions & 1398 deletions b/‎src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_appconfig_to_appconfig_import_export.yaml‎
Lines changed: 1533 additions & 1398 deletions
diff --git a/‎src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_aad_auth.yaml‎
Lines changed: 1196 additions & 897 deletions b/‎src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_aad_auth.yaml‎
Lines changed: 1196 additions & 897 deletions
diff --git a/‎src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_credential.yaml‎
Lines changed: 733 additions & 577 deletions b/‎src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_credential.yaml‎
Lines changed: 733 additions & 577 deletions
diff --git a/‎src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_feature_filter.yaml‎
Lines changed: 6506 additions & 5213 deletions b/‎src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_feature_filter.yaml‎
Lines changed: 6506 additions & 5213 deletions
diff --git a/‎src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_identity.yaml‎
Lines changed: 210 additions & 160 deletions b/‎src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_identity.yaml‎
Lines changed: 210 additions & 160 deletions
diff --git a/‎src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_import_export.yaml‎
Lines changed: 12147 additions & 9170 deletions b/‎src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_import_export.yaml‎
Lines changed: 12147 additions & 9170 deletions
diff --git a/‎src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_import_export_naming_conventions.yaml‎
Lines changed: 2870 additions & 2312 deletions b/‎src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_import_export_naming_conventions.yaml‎
Lines changed: 2870 additions & 2312 deletions
diff --git a/‎src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_import_export_new_fm_schema.yaml‎
Lines changed: 3122 additions & 2500 deletions b/‎src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_import_export_new_fm_schema.yaml‎
Lines changed: 3122 additions & 2500 deletions
@@ -0,0 +1,17 @@
+from azure.core.credentials import TokenCredential
+from azure.cli.core.auth.util import resource_to_scopes
+
+# Enable passing in custom token audience that takes precedence over SDK's hardcoded audience.
+# Users can configure an audience based on their cloud.
+class AppConfigurationCliCredential(TokenCredential):
+
+    def __init__(self, credential: TokenCredential, resource: str = None):
+        self._impl = credential
+        self._resource = resource
+    
+    def get_token(self, *scopes, **kwargs):
+
+        if self._resource is not None:
+            scopes = resource_to_scopes(self._resource)
+
+        return self._impl.get_token(*scopes, **kwargs)
@@ -177,10 +177,18 @@ def get_appconfig_data_client(cmd, name, connection_string, auth_mode, endpoint)
                 raise CLIError(str(ex) + "\nYou may be able to resolve this issue by providing App Configuration endpoint instead of name.")
 
         from azure.cli.core._profile import Profile
+        from azure.cli.core.cloud import get_active_cloud
+        from ._credential import AppConfigurationCliCredential
         profile = Profile(cli_ctx=cmd.cli_ctx)
         cred, _, _ = profile.get_login_credentials()
+
+        current_cloud = get_active_cloud(cmd.cli_ctx)
+        token_audience = None
+        if hasattr(current_cloud.endpoints, "appconfig_auth_token_audience"):
+            token_audience = current_cloud.endpoints.appconfig_auth_token_audience
+
         try:
-            azconfig_client = AzureAppConfigurationClient(credential=cred,
+            azconfig_client = AzureAppConfigurationClient(credential=AppConfigurationCliCredential(cred._credential, token_audience),
                                                           base_url=endpoint,
                                                           user_agent=HttpHeaders.USER_AGENT)
         except (ValueError, TypeError) as ex: