Adding parameter to disable instance discovery

pkg/internal/pop/msal_confidential.go

@@ -12,6 +12,7 @@ import (
 // AcquirePoPTokenConfidential acquires a PoP token using MSAL's confidential login flow.
 // This flow does not require user interaction as the credentials for the request have
 // already been provided
+// instanceDisovery is to be false only in disconnected clouds to disable instance discovery and authoority validation
 func AcquirePoPTokenConfidential(
 	context context.Context,
 	popClaims map[string]string,
@@ -20,6 +21,7 @@ func AcquirePoPTokenConfidential(
 	authority,
 	clientID,
 	tenantID string,
+	instanceDiscovery bool,
 	options *azcore.ClientOptions,
 	popKeyFunc func() (*SwKey, error),
 ) (string, int64, error) {
@@ -43,13 +45,15 @@ func AcquirePoPTokenConfidential(
 			cred,
 			confidential.WithHTTPClient(options.Transport.(*http.Client)),
 			confidential.WithX5C(),
+			confidential.WithInstanceDiscovery(instanceDiscovery),
 		)
 	} else {
 		client, err = confidential.New(
 			authority,
 			clientID,
 			cred,
 			confidential.WithX5C(),
+			confidential.WithInstanceDiscovery(instanceDiscovery),
 		)
 	}
 	if err != nil {

pkg/internal/pop/msal_confidential_test.go

@@ -115,6 +115,7 @@ func TestAcquirePoPTokenConfidential(t *testing.T) {
 				authority,
 				tc.p.clientID,
 				tc.p.tenantID,
+				true,
 				&clientOpts,
 				GetSwPoPKey,
 			)

pkg/internal/token/serviceprincipaltokencertificate.go

@@ -90,6 +90,7 @@ func (p *servicePrincipalToken) getPoPTokenWithClientCert(
 		p.cloud.ActiveDirectoryAuthorityHost,
 		p.clientID,
 		p.tenantID,
+		true,
 		options,
 		pop.GetSwPoPKey,
 	)

pkg/internal/token/serviceprincipaltokensecret.go

@@ -69,6 +69,7 @@ func (p *servicePrincipalToken) getPoPTokenWithClientSecret(
 		p.cloud.ActiveDirectoryAuthorityHost,
 		p.clientID,
 		p.tenantID,
+		true,
 		options,
 		pop.GetSwPoPKey,
 	)