Prevent consistent 401 errors when listing key vault keys / secrets

[ndowmon]

I did some more digging and uncovered the mystery of the 401 response.

1. When the SecretClient is created, it apparently is not fetching an auth token before attempting to access the resource. See the first screenshot, a request to https://example-key-vault-1.vault.azure.net/secrets?api-version=7.2, that has no authorization header. It returns 401: Unauthorized.

   

2. The SecretClient seems to have some retry logic built in, so it sees 401 and goes on to fetch a token from /oauth2/v2.0/token

   

3. Then the SecretClient tries to list the secrets again (this time with an authorization header, and succeeds with 200: Success

   

If you review the recording, you’ll see that the secrets from dhaiwat-vault are going through the same process, although it receives a 403 rather than a 200 (which the code appropriately handles): 401 > /oauth2/v2.0/token > 403.

Basically, this means that every time we try to list keys or secrets, we’re going to hit a 401, then try to fetch a new token, then get an actual response (200, 403, etc). I’m going to open a ticket to fix the behavior and I’ll assign to you for some future PR. But now that the confusion is resolved i’m ready to get this one merged.

Originally posted by @ndowmon in #435 (comment)