[Identity] Evaluate expires_on field in AzureCLICredential

[scottaddie]

As of Azure CLI v2.54.0, the az account get-access-token command returns a new expires_on field containing a POSIX timestamp. This behavior is a departure from previous versions, in which the local datetime was returned in an expiresOn field. Update AzureCliCredential to also consider the new expires_on field.

Related links:

• Azure-Core: If no timezone information is present in string, assume local time and convert to UTC azure-sdk-for-cpp#5076 (comment)
• [Profile] az account get-access-token: Return expires_on as POSIX timestamp azure-cli#27476

[scottaddie]

Marking as blocked until the az cli release ships.

[antkmsft]

Marking as blocked until the az cli release ships.

Az CLI v.2.54.0 has shipped, I was able to obtain it via Winget.

[ahsonkhan]

Office hour discussion conclusion across languages:
Azure/azure-sdk-for-cpp#5116 (comment)

[ahsonkhan]

This change is addressed in C++, and similar changes can be made in other languages.

The gist is:

• We want to parse and use the new expires_on field if it exists, as is, as a Posix time (seconds since UTC). In this case, we don't use the existing field at all.
• If that new field doesn't exist, use the existing expiresOn field as a fallback, parsed as local time.
  • The existing expiresOn field deviates a bit from RFC 3339 and doesn't have the timezone info in the string to indicate the local time offset (no Z or +XX:XX), so we assume it is considered local time.

Test example:
https://github.com/Azure/azure-sdk-for-cpp/blob/cb73bbd62cb825171cd598bfc1936aea40ebbaa0/sdk/identity/azure-identity/test/ut/azure_cli_credential_test.cpp#L229-L277

PRs in C++ for inspiration, if relevant:
Azure/azure-sdk-for-cpp#5179
Azure/azure-sdk-for-cpp#5180