I have an app running on Azure that was not setup by me, I just need to use its API.

If I use the code below, it works just fine.

import os
import requests
from msal import PublicClientApplication


connection_data = {
    "url": "url",
    "username": "username",
    "password": "password",
    "clientid": "clientid",
    "tenant": "tenant",
}

_app = PublicClientApplication(
    connection_data["clientid"],
    # single-tenant application
    authority=f"/{connection_data['tenant']}",
)
_token = None
_scopes = ["User.Read"]

accounts = _app.get_accounts()
if accounts:
    _token = _app.acquire_token_silent(_scopes, account=accounts[0])["access_token"]

if not _token:
    result = _app.acquire_token_by_username_password(
        connection_data["username"], connection_data["password"], scopes=_scopes
    )
    if "access_token" in result:
        _token = result["access_token"]
    else:
        raise ValueError("Something went wrong when acquiring token.")

headers = {
    "Authorization": f"Bearer {_token}",
    "X-Client-Type": "FOOBAR",
}
request_url = f"{connection_data['url']}/api/ts/read/some/endpoint/B747"

response = requests.get(request_url, headers=headers)
print(response)
# 200

The issue is when I try to do the same operation using requests.PreparedRequest and Session, it fails. Example from here: .PreparedRequest

from requests import Request, Session

request_ = Request("GET", request_url, headers=headers).prepare()

session = Session()
response = session.send(request_)
print(response)
# requests.exceptions.SSLError: HTTPSConnectionPool(host='foobar', port=443): 
# Max retries exceeded with url: /api/ts/read/some/endpoint/B747
# (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: 
# self-signed certificate in certificate chain (_ssl.c:1006)')))

My certificate is specified in REQUESTS_CA_BUNDLE environment variable.

Is this issue related to the application I am trying to reach or am I doing something wrong?