azure_rm_resourcegroup does work in azure cloud shell but not locallyq

I am able to create a resource group with the following ansible playbook in the azure cloud shell, but not from my local pc. Why? I tried to recreate the application/secrets multiple times but nothing worked.

- name: Create Azure Kubernetes Service
  hosts: localhost
  connection: local
  vars:
    resource_group: birdy71
    location: westeurope
    aks_name: birdy7-cluster
    username: birdy7
    ssh_key: "ssh-rsa xxxxxxxx"
    client_id: "xxxx"
    client_secret: "xxx"
    tenant: "xxx"
    subscription_id: "xxx"
  tasks:
  - name: Create resource group
    azure_rm_resourcegroup:
      name: "{{ resource_group }}"
      location: "{{ location }}"
      client_id: "{{ client_id }}"
      secret: "{{ client_secret }}"
      subscription_id: "{{ subscription_id }}"
      tenant: "{{ tenant }}"

In the azure cloud shell I removed the ~/.azure folder completely but it works nonetheless. On my local pc I get this error: AADSTS7000215: Invalid client secret is provided.

But how can that be? The secret works well if it is used from within the azure cloud shell.

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: Timestamp: 2019-03-20 13: 34: 02Z
fatal: [localhost
]: FAILED! => {
  "changed": false,
  "module_stderr": "Traceback (most recent call last):\n  File \"/Users/tobias/.ansible/tmp/ansible-tmp-1553088840.81-75656009010434/AnsiballZ_azure_rm_resourcegroup.py\", line 113, in <module>\n    _ansiballz_main()\n  File \"/Users/tobias/.ansible/tmp/ansible-tmp-1553088840.81-75656009010434/AnsiballZ_azure_rm_resourcegroup.py\", line 105, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/Users/tobias/.ansible/tmp/ansible-tmp-1553088840.81-75656009010434/AnsiballZ_azure_rm_resourcegroup.py\", line 48, in invoke_module\n    imp.load_module('__main__', mod, module, MOD_DESC)\n  File \"/var/folders/fl/pps_zz4s3lx6569226xr_2bh0000gn/T/ansible_azure_rm_resourcegroup_payload_CeouHT/__main__.py\", line 256, in <module>\n  File \"/var/folders/fl/pps_zz4s3lx6569226xr_2bh0000gn/T/ansible_azure_rm_resourcegroup_payload_CeouHT/__main__.py\", line 252, in main\n  File \"/var/folders/fl/pps_zz4s3lx6569226xr_2bh0000gn/T/ansible_azure_rm_resourcegroup_payload_CeouHT/__main__.py\", line 136, in __init__\n  File \"/var/folders/fl/pps_zz4s3lx6569226xr_2bh0000gn/T/ansible_azure_rm_resourcegroup_payload_CeouHT/ansible_azure_rm_resourcegroup_payload.zip/ansible/module_utils/azure_rm_common.py\", line 301, in __init__\n  File \"/var/folders/fl/pps_zz4s3lx6569226xr_2bh0000gn/T/ansible_azure_rm_resourcegroup_payload_CeouHT/ansible_azure_rm_resourcegroup_payload.zip/ansible/module_utils/azure_rm_common.py\", line 1021, in __init__\n  File \"/Users/tobias/.venv/azure2/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\", line 453, in __init__\n    self.set_token()\n  File \"/Users/tobias/.venv/azure2/lib/python2.7/site-packages/msrestazure/azure_active_directory.py\", line 480, in set_token\n    raise_with_traceback(AuthenticationError, \"\", err)\n  File \"/Users/tobias/.venv/azure2/lib/python2.7/site-packages/msrest/exceptions.py\", line 48, in raise_with_traceback\n    raise error\nmsrest.exceptions.AuthenticationError: , InvalidClientError: (invalid_client) AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: c7fab593-93e7-415f-a3e8-5ba973e81e00\r\nCorrelation ID: 5ee1181d-f0ac-4c08-a0e7-dfba9c722073\r\nTimestamp: 2019-03-20 13:34:02Z\n",
  "module_stdout": "",
  "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
  "rc": 1
}