Fix OIDC endpoints detection (#657)

## What changes are proposed in this pull request?

Fix getOidcEndpoints() method. The method was incorrectly returning
Azure OIDC when `ARM_CLIENT_ID` is set, but `getOidcEndpoints()` is
never called for Azure OIDC.

This logic actually caused Databricks M2M to use the wrong endpoint when
the user set the `ARM_CLIENT_ID` for other purposes as can be seen in
#656

NOTE: The new logic **matches the behavior of the Go SDK**.

  ## How is this tested?
- Before this change, M2M authentication would fail (see
#656)
  - Add new tests and rerun existing ones.
  
NO_CHANGELOG=true

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: hectorcast-db

databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java

@@ -796,18 +796,6 @@ private OpenIDConnectEndpoints fetchDefaultOidcEndpoints() throws IOException {
     if (getHostType() == HostType.UNIFIED) {
       return getUnifiedOidcEndpoints(getAccountId());
     }
-
-    if (isAzure() && getAzureClientId() != null) {
-      Request request = new Request("GET", getHost() + "/oidc/oauth2/v2.0/authorize");
-      request.setRedirectionBehavior(false);
-      Response resp = getHttpClient().execute(request);
-      String realAuthUrl = resp.getFirstHeader("location");
-      if (realAuthUrl == null) {
-        return null;
-      }
-      return new OpenIDConnectEndpoints(
-          realAuthUrl.replaceAll("/authorize", "/token"), realAuthUrl);
-    }
     if (isAccountClient() && getAccountId() != null) {
       String prefix = getHost() + "/oidc/accounts/" + getAccountId();
       return new OpenIDConnectEndpoints(prefix + "/v1/token", prefix + "/v1/authorize");

databricks-sdk-java/src/test/java/com/databricks/sdk/integration/DatabricksOidcAccountIT.java

@@ -0,0 +1,73 @@
+package com.databricks.sdk.integration;
+
+import com.databricks.sdk.AccountClient;
+import com.databricks.sdk.core.DatabricksConfig;
+import com.databricks.sdk.integration.framework.EnvContext;
+import com.databricks.sdk.integration.framework.EnvOrSkip;
+import com.databricks.sdk.integration.framework.EnvTest;
+import com.databricks.sdk.service.iam.ListAccountServicePrincipalsRequest;
+import com.databricks.sdk.service.iam.ServicePrincipal;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@ExtendWith(EnvTest.class)
+@EnvContext("account")
+public class DatabricksOidcAccountIT {
+  private static final Logger LOG = LoggerFactory.getLogger(DatabricksOidcAccountIT.class);
+
+  @Test
+  void testAccountOAuthM2MAuth(
+      @EnvOrSkip("CLOUD_ENV") String cloudEnv,
+      @EnvOrSkip("DATABRICKS_HOST") String host,
+      @EnvOrSkip("DATABRICKS_ACCOUNT_ID") String accountId,
+      @EnvOrSkip("TEST_DATABRICKS_CLIENT_ID") String clientId,
+      @EnvOrSkip("TEST_DATABRICKS_CLIENT_SECRET") String clientSecret) {
+    LOG.info("Cloud environment: {}", cloudEnv);
+
+    // Create account client with OAuth M2M authentication
+    DatabricksConfig config =
+        new DatabricksConfig()
+            .setHost(host)
+            .setAccountId(accountId)
+            .setClientId(clientId)
+            .setClientSecret(clientSecret)
+            .setAuthType("oauth-m2m");
+
+    AccountClient ac = new AccountClient(config);
+
+    // List service principals to verify authentication works
+    Iterable<ServicePrincipal> servicePrincipals =
+        ac.servicePrincipals().list(new ListAccountServicePrincipalsRequest());
+    servicePrincipals.iterator().next();
+  }
+
+  @Test
+  void testAccountAzureClientSecretAuth(
+      @EnvOrSkip("CLOUD_ENV") String cloudEnv,
+      @EnvOrSkip("DATABRICKS_HOST") String host,
+      @EnvOrSkip("DATABRICKS_ACCOUNT_ID") String accountId,
+      @EnvOrSkip("ARM_CLIENT_ID") String azureClientId,
+      @EnvOrSkip("ARM_CLIENT_SECRET") String azureClientSecret,
+      @EnvOrSkip("ARM_TENANT_ID") String azureTenantId) {
+    LOG.info("Cloud environment: {}", cloudEnv);
+
+    // Create account client with Azure client secret authentication
+    DatabricksConfig config =
+        new DatabricksConfig()
+            .setHost(host)
+            .setAccountId(accountId)
+            .setAzureClientId(azureClientId)
+            .setAzureClientSecret(azureClientSecret)
+            .setAzureTenantId(azureTenantId)
+            .setAuthType("azure-client-secret");
+
+    AccountClient ac = new AccountClient(config);
+
+    // List service principals to verify authentication works
+    Iterable<ServicePrincipal> servicePrincipals =
+        ac.servicePrincipals().list(new ListAccountServicePrincipalsRequest());
+    servicePrincipals.iterator().next();
+  }
+}

databricks-sdk-java/src/test/java/com/databricks/sdk/integration/DatabricksOidcWorkspaceIT.java

@@ -0,0 +1,72 @@
+package com.databricks.sdk.integration;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+import com.databricks.sdk.WorkspaceClient;
+import com.databricks.sdk.core.DatabricksConfig;
+import com.databricks.sdk.integration.framework.EnvContext;
+import com.databricks.sdk.integration.framework.EnvOrSkip;
+import com.databricks.sdk.integration.framework.EnvTest;
+import com.databricks.sdk.service.iam.User;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@ExtendWith(EnvTest.class)
+@EnvContext("ucws")
+public class DatabricksOidcWorkspaceIT {
+  private static final Logger LOG = LoggerFactory.getLogger(DatabricksOidcWorkspaceIT.class);
+
+  @Test
+  void testWorkspaceOAuthM2MAuth(
+      @EnvOrSkip("CLOUD_ENV") String cloudEnv,
+      @EnvOrSkip("DATABRICKS_HOST") String host,
+      @EnvOrSkip("TEST_DATABRICKS_CLIENT_ID") String clientId,
+      @EnvOrSkip("TEST_DATABRICKS_CLIENT_SECRET") String clientSecret) {
+    LOG.info("Cloud environment: {}", cloudEnv);
+
+    // Create workspace client with OAuth M2M authentication
+    DatabricksConfig config =
+        new DatabricksConfig()
+            .setHost(host)
+            .setClientId(clientId)
+            .setClientSecret(clientSecret)
+            .setAuthType("oauth-m2m");
+
+    WorkspaceClient ws = new WorkspaceClient(config);
+
+    // Call the "me" API
+    User me = ws.currentUser().me();
+
+    // Verify we got a valid response
+    assertNotNull(me.getUserName(), "Expected non-empty UserName");
+  }
+
+  @Test
+  void testWorkspaceAzureClientSecretAuth(
+      @EnvOrSkip("CLOUD_ENV") String cloudEnv,
+      @EnvOrSkip("DATABRICKS_HOST") String host,
+      @EnvOrSkip("ARM_CLIENT_ID") String azureClientId,
+      @EnvOrSkip("ARM_CLIENT_SECRET") String azureClientSecret,
+      @EnvOrSkip("ARM_TENANT_ID") String azureTenantId) {
+    LOG.info("Cloud environment: {}", cloudEnv);
+
+    // Create workspace client with Azure client secret authentication
+    DatabricksConfig config =
+        new DatabricksConfig()
+            .setHost(host)
+            .setAzureClientId(azureClientId)
+            .setAzureClientSecret(azureClientSecret)
+            .setAzureTenantId(azureTenantId)
+            .setAuthType("azure-client-secret");
+
+    WorkspaceClient ws = new WorkspaceClient(config);
+
+    // Call the "me" API
+    User me = ws.currentUser().me();
+
+    // Verify we got a valid response
+    assertNotNull(me.getUserName(), "Expected non-empty UserName");
+  }
+}