Closed peombwa closed 4 years ago
Is the intent to completely wrap the MSAL library?
Using the 1.0.0-preview0 release, the following works for me:
var pca = PublicClientApplicationBuilder
.Create(clientId)
.WithTenantId(tenantId)
.Build();
var ap = new DeviceCodeProvider(pca, scopes);
var graphServiceClient = new GraphServiceClient(ap);
This issue only applies to ClientCredentialProvider
which at the moment doesn't allow our customers to set additional scopes beyond the pre-configured https://graph.microsoft.com/.default
scope. We had made the assumption that the provider will only use https://graph.microsoft.com/.default
as its scope, but we've now gotten requests to support additional scopes such as https://management.azure.com/.default
or even https://graph.microsoft.de/.default
The change would involve adding an additional optional parameter to ClientCredentialProvider's constructor as such :
var cca = onfidentialClientApplicationBuilder
.Create(clientId)
.WithTenantId(tenantID)
.WithClientSecret(clientSecret)
.Build();
var ap = new ClientCredentialProvider(cca, "https://management.azure.com/.default");
var graphServiceClient = new GraphServiceClient(ap);
Currently, the client credential provider uses
https://graph.microsoft.com/.default
as it's default scope and it doesn't expose/provide a mechanism for a customer to set their own scope. e.g. To call Azure Resource Manager (ARM), you need to usehttps://management.azure.com/.default
as your scope. The same applies when using the provider to target other national clouds.