Describe the bug--scopes should be optional since consented scopes are attached to an application after the first auth consent by Microsoft Identity Platform. Customers should be able to use mg login, minus --scopes, and still be authenticated using the scopes they had previously consent to. --scopes should ideally be used for incremental scope consent.
Microsoft Identity Platform will always return previously consented scopes whenever you authenticate. The example below shows this in action:
Example
I only requested user.read yet Identity returned all the scopes I had previously consented to for this application:
To Reproduce
Steps to reproduce the behavior:
Run mg login.
You get the following error mg login: error: the following arguments are required: --scopes,
Expected behaviormg login should authenticate me using the scopes I had previously consent to. This is the same behavior for Connect-MgGraph in PowerShell.
Screenshots
Additional context
Consider having a safe default scope like user.read or /.default for --Scopes.
AB#9567
Describe the bug
--scopesshould be optional since consented scopes are attached to an application after the first auth consent byMicrosoft Identity Platform. Customers should be able to usemg login, minus--scopes, and still be authenticated using the scopes they had previously consent to.--scopesshould ideally be used for incremental scope consent.Microsoft Identity Platformwill always return previously consented scopes whenever you authenticate. The example below shows this in action:Example
I only requested
user.readyetIdentityreturned all the scopes I had previously consented to for this application:To Reproduce Steps to reproduce the behavior:
mg login.mg login: error: the following arguments are required: --scopes,Expected behavior
mg loginshould authenticate me using the scopes I had previously consent to. This is the same behavior forConnect-MgGraphin PowerShell.Screenshots
Additional context
user.reador/.defaultfor--Scopes. AB#9567