Closed anch2150 closed 1 year ago
So, did you end up seeing this exception?
What if you use scopes=['<YOUR_CLIENT_ID>']
alone?
Here is my experiments:
scopes=['<YOUR_CLIENT_ID>', 'offline_access']
: Exception as you mentionedscopes=['<YOUR_CLIENT_ID> offline_access']
: can get all three tokens, but cannot get token from cache using same scopes. It's expected as multiple scopes always fail.scopes=[]
or scopes=['<YOUR_CLIENT_ID>']
: cannot get access_token.list((set(scopes) | {'openid', 'offline_access'}) - <EXCLUDES>)
: everything incl. cache works!@anch2150 , thanks again for bringing this to our attention. We worked out a PR for it. You may want to test it out, because the implementation is slightly different than the last bullet point that you mentioned above. Hope we can hear back from you within a day or two, before we proceed to merge in that PR.
According to Azure B2C documentation, to get an access_token, client id must be added to scopes, i.e.
scopes=['openid', 'offline_access', '<CLIENT_ID>']
.However,
_decorate_scope
will replace client id with['openid', 'profile', 'offline_access']
, which does not generate access_token.https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/545e856124985da4758530ab811d2c137fa8e333/msal/application.py#L591