[Key Vault] Remove stale no-op insecure_domain_change pop for parity with azure-core #45518

sdk/keyvault/azure-keyvault-administration/CHANGELOG.md

@@ -10,6 +10,8 @@
 
 ### Other Changes
 
+- Removed a stale, no-op line from the internal challenge authentication policy for parity with the `azure-core` fix in [#45518](https://github.com/Azure/azure-sdk-for-python/pull/45518). This is an internal cleanup with no functional impact.
+
 ## 4.8.0b1 (2026-05-29)
 
 ### Features Added

sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/async_challenge_auth_policy.py

@@ -135,10 +135,6 @@ async def handle_challenge_flow(
 
             request_authorized = await self.on_challenge(request, response)
             if request_authorized:
-                # if we receive a challenge response, we retrieve a new token
-                # which matches the new target. In this case, we don't want to remove
-                # token from the request so clear the 'insecure_domain_change' tag
-                request.context.options.pop("insecure_domain_change", False)
                 try:
                     response = await self.next.send(request)
                 except Exception:  # pylint:disable=broad-except

sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/challenge_auth_policy.py

@@ -148,10 +148,6 @@ def handle_challenge_flow(
 
             request_authorized = self.on_challenge(request, response)
             if request_authorized:
-                # if we receive a challenge response, we retrieve a new token
-                # which matches the new target. In this case, we don't want to remove
-                # token from the request so clear the 'insecure_domain_change' tag
-                request.context.options.pop("insecure_domain_change", False)
                 try:
                     response = self.next.send(request)
                 except Exception:  # pylint:disable=broad-except

sdk/keyvault/azure-keyvault-certificates/CHANGELOG.md

@@ -10,6 +10,8 @@
 
 ### Other Changes
 
+- Removed a stale, no-op line from the internal challenge authentication policy for parity with the `azure-core` fix in [#45518](https://github.com/Azure/azure-sdk-for-python/pull/45518). This is an internal cleanup with no functional impact.
+
 ## 4.11.1 (2026-04-29)
 
 ### Bugs Fixed

sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/async_challenge_auth_policy.py

@@ -138,10 +138,6 @@ async def handle_challenge_flow(
 
             request_authorized = await self.on_challenge(request, response)
             if request_authorized:
-                # if we receive a challenge response, we retrieve a new token
-                # which matches the new target. In this case, we don't want to remove
-                # token from the request so clear the 'insecure_domain_change' tag
-                request.context.options.pop("insecure_domain_change", False)
                 try:
                     response = await self.next.send(request)
                 except Exception:  # pylint:disable=broad-except

sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/challenge_auth_policy.py

@@ -148,10 +148,6 @@ def handle_challenge_flow(
 
             request_authorized = self.on_challenge(request, response)
             if request_authorized:
-                # if we receive a challenge response, we retrieve a new token
-                # which matches the new target. In this case, we don't want to remove
-                # token from the request so clear the 'insecure_domain_change' tag
-                request.context.options.pop("insecure_domain_change", False)
                 try:
                     response = self.next.send(request)
                 except Exception:  # pylint:disable=broad-except

sdk/keyvault/azure-keyvault-keys/CHANGELOG.md

@@ -10,6 +10,8 @@
 
 ### Other Changes
 
+- Removed a stale, no-op line from the internal challenge authentication policy for parity with the `azure-core` fix in [#45518](https://github.com/Azure/azure-sdk-for-python/pull/45518). This is an internal cleanup with no functional impact.
+
 ## 4.12.0b2 (2026-05-29)
 
 ### Features Added

sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/async_challenge_auth_policy.py

@@ -135,10 +135,6 @@ async def handle_challenge_flow(
 
             request_authorized = await self.on_challenge(request, response)
             if request_authorized:
-                # if we receive a challenge response, we retrieve a new token
-                # which matches the new target. In this case, we don't want to remove
-                # token from the request so clear the 'insecure_domain_change' tag
-                request.context.options.pop("insecure_domain_change", False)
                 try:
                     response = await self.next.send(request)
                 except Exception:  # pylint:disable=broad-except

sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/challenge_auth_policy.py

@@ -148,10 +148,6 @@ def handle_challenge_flow(
 
             request_authorized = self.on_challenge(request, response)
             if request_authorized:
-                # if we receive a challenge response, we retrieve a new token
-                # which matches the new target. In this case, we don't want to remove
-                # token from the request so clear the 'insecure_domain_change' tag
-                request.context.options.pop("insecure_domain_change", False)
                 try:
                     response = self.next.send(request)
                 except Exception:  # pylint:disable=broad-except

sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/async_challenge_auth_policy.py

@@ -138,10 +138,6 @@ async def handle_challenge_flow(
 
             request_authorized = await self.on_challenge(request, response)
             if request_authorized:
-                # if we receive a challenge response, we retrieve a new token
-                # which matches the new target. In this case, we don't want to remove
-                # token from the request so clear the 'insecure_domain_change' tag
-                request.context.options.pop("insecure_domain_change", False)
                 try:
                     response = await self.next.send(request)
                 except Exception:  # pylint:disable=broad-except

sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/challenge_auth_policy.py

@@ -148,10 +148,6 @@ def handle_challenge_flow(
 
             request_authorized = self.on_challenge(request, response)
             if request_authorized:
-                # if we receive a challenge response, we retrieve a new token
-                # which matches the new target. In this case, we don't want to remove
-                # token from the request so clear the 'insecure_domain_change' tag
-                request.context.options.pop("insecure_domain_change", False)
                 try:
                     response = self.next.send(request)
                 except Exception:  # pylint:disable=broad-except

sdk/keyvault/azure-keyvault-securitydomain/CHANGELOG.md

@@ -14,6 +14,8 @@
 
 ### Other Changes
 
+- Removed a stale, no-op line from the internal challenge authentication policy for parity with the `azure-core` fix in [#45518](https://github.com/Azure/azure-sdk-for-python/pull/45518). This is an internal cleanup with no functional impact.
+
 - Key Vault API version `2025-07-01` is now the default
 
 ## 1.0.0b1 (2025-05-07)

sdk/keyvault/azure-keyvault-securitydomain/azure/keyvault/securitydomain/_internal/async_challenge_auth_policy.py

@@ -135,10 +135,6 @@ async def handle_challenge_flow(
 
             request_authorized = await self.on_challenge(request, response)
             if request_authorized:
-                # if we receive a challenge response, we retrieve a new token
-                # which matches the new target. In this case, we don't want to remove
-                # token from the request so clear the 'insecure_domain_change' tag
-                request.context.options.pop("insecure_domain_change", False)
                 try:
                     response = await self.next.send(request)
                 except Exception:  # pylint:disable=broad-except

sdk/keyvault/azure-keyvault-securitydomain/azure/keyvault/securitydomain/_internal/challenge_auth_policy.py

@@ -148,10 +148,6 @@ def handle_challenge_flow(
 
             request_authorized = self.on_challenge(request, response)
             if request_authorized:
-                # if we receive a challenge response, we retrieve a new token
-                # which matches the new target. In this case, we don't want to remove
-                # token from the request so clear the 'insecure_domain_change' tag
-                request.context.options.pop("insecure_domain_change", False)
                 try:
                     response = self.next.send(request)
                 except Exception:  # pylint:disable=broad-except