FIX use cognitiveservices scope for all Azure AI endpoints

pyrit/auth/azure_auth.py

@@ -6,7 +6,6 @@
 import logging
 import time
 from typing import TYPE_CHECKING, Any, Union, cast
-from urllib.parse import urlparse
 
 import msal
 from azure.core.credentials import AccessToken
@@ -257,25 +256,19 @@ def get_default_azure_scope(endpoint: str) -> str:
     """
     Determine the appropriate Azure token scope based on the endpoint URL.
 
+    The Cognitive Services scope is accepted by all Azure AI endpoints including
+    Azure OpenAI (*.openai.azure.com) and AI Foundry (*.ai.azure.com).
+
     Args:
         endpoint (str): The Azure endpoint URL.
 
     Returns:
-        str: The appropriate token scope for the endpoint.
-            - 'https://ml.azure.com/.default' for AI Foundry endpoints (*.ai.azure.com)
-            - 'https://cognitiveservices.azure.com/.default' for other Azure endpoints
+        str: The token scope 'https://cognitiveservices.azure.com/.default'.
 
     Example:
         >>> scope = get_default_azure_scope('https://myresource.openai.azure.com')
         >>> # Returns 'https://cognitiveservices.azure.com/.default'
     """
-    try:
-        parsed_uri = urlparse(endpoint)
-        if parsed_uri.hostname and parsed_uri.hostname.lower().endswith(".ai.azure.com"):
-            return "https://ml.azure.com/.default"
-    except Exception:
-        pass
-
     return "https://cognitiveservices.azure.com/.default"
 
 

tests/integration/targets/test_entra_auth_targets.py

@@ -42,6 +42,7 @@
         ("AZURE_OPENAI_GPTV_CHAT_ENDPOINT", "AZURE_OPENAI_GPTV_CHAT_MODEL", True),
         ("AZURE_FOUNDRY_DEEPSEEK_ENDPOINT", "", True),
         ("AZURE_FOUNDRY_PHI4_ENDPOINT", "", True),
+        ("AZURE_FOUNDRY_MISTRAL_LARGE_ENDPOINT", "AZURE_FOUNDRY_MISTRAL_LARGE_MODEL", True),
     ],
 )
 async def test_openai_chat_target_entra_auth(sqlite_instance, endpoint, model_name, supports_seed):