azure-sdk-for-python: TLS error when using HTTPS/TLS URL (not permitted for non-TLS protected (non-https) URLs.)

Ubuntu 19.10 Linux rio-t460p 5.3.0-26-generic #28-Ubuntu SMP Wed Dec 18 05:37:46 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux Python 3.7.5 azure-core==1.2.0 azure-identity==1.2.0 azure-storage-blob==12.1.0

Describe the bug When trying to do a batch delete blob using a blob client created using a HTTPS URL the code errors with:

“Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.” azure.core.exceptions.ServiceRequestError: Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.

This same blob client connection can successfully be used to list blobs in a container. The credentials used to create the client are service principal with rbac (client/secret/tenant) and the role is set to “Storage Blob Data Owner”.

Steps to reproduce Here is some example code to reproduce the error:

STORAGE_URL = 'https://' + STORAGE_ACCOUNT + '.blob.core.windows.net'
client_credentials = ClientSecretCredential(client_id=AZURE_CLIENT, client_secret=AZURE_SECRET, tenant_id=AZURE_TENANT)
blob_service_client = BlobServiceClient(account_url=STORAGE_URL, credential=client_credentials)
container_client = blob_service_client.get_container_client(STORAGE_CONTAINER)
def run_azure_blob_list():
  result = []
  blob_list = container_client.list_blobs(name_starts_with=STORAGE_FOLDER)
  for blob in blob_list:
    if blob.last_modified < IGNORE_DATE: 
      result.append([blob.name, blob.last_modified])
  return result
blob_list = run_azure_blob_list()
container_client.delete_blobs(*blob_list)

Container endpoint: print(container_client.primary_endpoint)

https://REDACTED.blob.core.windows.net/uploads