Description
I would like to question the promotion of using the subscription key as the primary method of authentication in this repo. Our development team dig into the Azure Maps documentation. The documentation does provide a tutorial with the use of the subscription key, but they do not clearly state that it's actually wrong to use it in a production application, as it can be picked up by anyone who can look into your source code, and used in their application. CORS options do something to prevent this, but this is not promoted anywhere.
I will reference some other tutorials. Here is one that Azure Maps Samples links to, and has a small note below the code example.
This quickstart uses the Shared Key authentication approach for demonstration purposes, but the preferred approach for any production environment is to use Azure Active Directory authentication.
There are multiple different authentication paths for applications to use and using the subscription key is the fastest but most unsecure one and should never be pushed to a production application.
My recommendation is to fix the documentation to promote other authentication methods, telling users that using the subscription key is for development purposes only.