[BUG] Unable to Authenticate AzureDocumentIntelligenceClient on AzureGovernment

[coryisakson]

Library name and version

Azure.AI.DocumentIntelligence 1.0.0

Describe the bug

API calls result in an error when deployed to AzureGovernment.

I am using the DocumentIntelligenceClient and DefaultAzureCredential

The SDK client currently uses a hardcoded Scopes value that points to the Public cloud.

https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/documentintelligence/Azure.AI.DocumentIntelligence/src/Generated/DocumentIntelligenceClient.cs#L89

Please provide an option to set the Audience like most other Azure Clients offer in their Options/ConfigureOptions. Alternatively detect which cloud the service is running on and set the Scopes string to match.

Expected behavior

Client operations such as AnalyzeDocumentAsync succeed without 401 authentication errors

Actual behavior

Error Details
Unauthorized. Access token is missing, invalid, audience is incorrect (https://cognitiveservices.azure.us), or have expired. Status: 401 (Unauthorized) Content: { "statusCode": 401, "message": "Unauthorized. Access token is missing, invalid, audience is incorrect (https://cognitiveservices.azure.us), or have expired." }

Reproduction Steps

Deploy Document Intelligence service in AzureGovernment and capture the endpoint.

Execute the following code from an App Service hosted in AzureGovernment

var _client = new DocumentIntelligenceClient(new Uri("https://.cognitiveservices.azure.us/"), new DefaultAzureCredential());

var operation = await _client.AnalyzeDocumentAsync(WaitUntil.Completed, analyzeDocumentOptions, cancellationToken);

Environment

Azure AppService running .net core 8 on Linux

[jsquire]

Thank you for your feedback. Tagging and routing to the team member best able to assist.