AzureCLICredential: Windows shell quoting bug when passing subscription ID

[EronWright]

Bug Report

Describe the bug

AzureCLICredential fails on Windows when a subscription ID is passed via AzureCLICredentialOptions.Subscription. The subscription ID gets wrapped in literal quotes, causing authentication to fail with: ERROR: Subscription '"UUID"' not found

Reproduction

Environment: Windows 10/11, any Go version, azidentity v1.11.0

Code:

options := &azidentity.AzureCLICredentialOptions{
    Subscription: "12345678-1234-1234-1234-123456789abc",
}
cred, _ := azidentity.NewAzureCLICredential(options)
token, err := cred.GetToken(context.Background(), /* ... */)
// Fails with: Subscription '"12345678-1234-1234-1234-123456789abc"' not found

Expected: Successfully authenticate using the specified subscription.

Actual: Error includes literal quote characters around the UUID.

Root Cause

The command string passed to cmd.exe /c in developer_credential_util.go includes escaped quotes (\") that Windows interprets as literal characters rather than string delimiters. Unix shells handle this correctly, so the issue only affects Windows.

Command built in azure_cli_credential.go:

command += ` --subscription "` + c.opts.Subscription + `"`

Executed as:

cmd.exe /c "az account get-access-token ... --subscription \"UUID\""

Impact

Affects Windows users who explicitly set a non-default subscription in AzureCLICredentialOptions. Authentication fails entirely for these users.

Additional Context

• Related issue: Subscription not found when creating a resourceGroup pulumi/pulumi-azure-native#4319
• Affects sdk/azidentity/azure_cli_credential.go and developer_credential_util.go
• Workaround: Use the default subscription (don't set Subscription field)