[ISSUE] serving_endpoints.query raises BadRequest error when using azure-client-secret auth

[ericfeunekes]

Description When using azure-client-secret auth, trying to query a model serving endpoint creates the following error (I replaced the actual UUID with <UUID>:

databricks.sdk.errors.platform.BadRequest: io.jsonwebtoken.IncorrectClaimException: Expected aud claim to be: , but was: <UUID>.

Reproduction

1. Use azure-client-secret auth to instantiate a WorkpspaceClient
2. use w.serving_endpoints.query
3. Error is raised

Expected behavior Bad Request error should not be raise

Is it a regression? Don't know

Debug Logs anything in angle braces is something I replaced for privacy

INFO:databricks.sdk:Configured AAD token for Service Principal (<UUID>)
DEBUG:databricks.sdk.oauth:Retrieving token for <UUID>
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): login.microsoftonline.com:443
DEBUG:urllib3.connectionpool:https://login.microsoftonline.com:443 "POST /<UUID>/oauth2/token HTTP/1.1" 200 1437
DEBUG:databricks.sdk.oauth:Retrieving token for <UUID>
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): login.microsoftonline.com:443
DEBUG:urllib3.connectionpool:https://login.microsoftonline.com:443 "POST /<UUID>/oauth2/token HTTP/1.1" 200 1485
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): <databricks-host>:443
DEBUG:urllib3.connectionpool:<databricks-host>:443 "POST /serving-endpoints/<endpoint-name>/invocations HTTP/1.1" 400 492
DEBUG:databricks.sdk:POST /serving-endpoints/<endpoint-name>/invocations

Other Information

• sdk version: 0.28.0

Additional context The SPN has query permission on the endpoint. When I test the exact same endpoint/query with my own PAT, with the same permissions, it works. Also, when I use the same SPN to query a table using the same version of the SDK it works.