.NET Azure AD Oauth require Identity Pool Id on client-side

Clients Non-Java Clients
1

Anybody that have experience with .NET Azure AD oauth clients.

I have a working sample, and are wondering why client need to present the Identity pool id. This seems like an unnecessary cupling between Azure Identities and Confluent Identity pool. Especially when it in the Confluent Identity Pool, is possible to setup token claims filtering.

Anybody know of a way to do oauth with suppling the IdentityPoolId??
Or alternative have a good approach of enriching Azure AD Tokens with the IdentityPoolId

using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using Azure.Core;
using Confluent.Kafka;
using Azure.Identity;

var topicName = "Oauthtopic-test";

var consumerConfig = new ConsumerConfig()
{
    GroupId = "OuathTest",
    BootstrapServers = "xxx.westeurope.azure.confluent.cloud:9092",
    SaslOauthbearerConfig = "logicalCluster=lkc-xxx,identityPoolId=pool-zzz",
    SaslMechanism = SaslMechanism.OAuthBearer,
    SecurityProtocol = SecurityProtocol.SaslSsl
};

using (var consumer = new ConsumerBuilder<string, string>(consumerConfig)
                        .SetOAuthBearerTokenRefreshHandler(DynamicAadToken).Build())
{
    Console.WriteLine("\n-----------------------------------------------------------------------");
    Console.WriteLine($"Consumer {consumer.Name} consuming from topic {topicName}.");
    Console.WriteLine("-----------------------------------------------------------------------");
    Console.WriteLine("Ctrl-C to quit.\n");

    consumer.Subscribe(topicName);
    CancellationTokenSource cts = new CancellationTokenSource();
    Console.CancelKeyPress += (_, e) =>
    {
        e.Cancel = true; // prevent the process from terminating.
        cts.Cancel();
    };

    try
    {
        while (!cts.IsCancellationRequested)
        {
            try
            {
                var consumeResult = consumer.Consume(cts.Token);

                Console.WriteLine($"Received message at {consumeResult.TopicPartitionOffset}: {consumeResult.Message.Value}");
                try
                {
                    consumer.StoreOffset(consumeResult);
                }
                catch (KafkaException e)
                {
                    Console.WriteLine($"Store Offset error: {e.Error.Reason}");
                }
            }
            catch (ConsumeException e)
            {
                Console.WriteLine($"Consume error: {e.Error.Reason}");
            }
        }
    }
    catch (OperationCanceledException)
    {
        Console.WriteLine("Closing consumer.");
        consumer.Close();
    }
}

static Dictionary<string, string> ParseOauthConfig(string oauthConfig)
{
    var result = oauthConfig.Split(',')
        .Select(x => x.Split('='))
        .ToDictionary(x => x[0], x => x[1]);

    return result;
}

void DynamicAadToken(IClient client, string cfg)
{
    try
    {
        var cred = new ChainedTokenCredential(new AzureCliCredential());
        AccessToken token = cred.GetToken(new TokenRequestContext(new[] { "api://core-confluent-kafka/.default" }));
        
        JwtSecurityToken? jwt = new JwtSecurityTokenHandler().ReadJwtToken(token.Token);
;       
        Claim? preferredUsernameClaim = jwt.Claims.FirstOrDefault(c => c.Type == "preferred_username");
        var oauthConfig = ParseOauthConfig(cfg);
        

        client.OAuthBearerSetToken(token.Token, token.ExpiresOn.ToUnixTimeMilliseconds(), preferredUsernameClaim?.Value, oauthConfig);
    }
    catch (Exception e)
    {
        client.OAuthBearerSetTokenFailure(e.ToString());
    }
}