Allow custom scopes to be passed to Client Credential Provider

[peombwa]

Currently, the client credential provider uses https://graph.microsoft.com/.default as it's default scope and it doesn't expose/provide a mechanism for a customer to set their own scope. e.g. To call Azure Resource Manager (ARM), you need to use https://management.azure.com/.default as your scope. The same applies when using the provider to target other national clouds.

[pschaeflein]

Is the intent to completely wrap the MSAL library?

Using the 1.0.0-preview0 release, the following works for me:

var pca = PublicClientApplicationBuilder
            .Create(clientId)
            .WithTenantId(tenantId)
            .Build();
var ap = new DeviceCodeProvider(pca, scopes);
var graphServiceClient = new GraphServiceClient(ap);

[peombwa]

This issue only applies to ClientCredentialProvider which at the moment doesn't allow our customers to set additional scopes beyond the pre-configured https://graph.microsoft.com/.default scope. We had made the assumption that the provider will only use https://graph.microsoft.com/.default as its scope, but we've now gotten requests to support additional scopes such as https://management.azure.com/.default or even https://graph.microsoft.de/.default

The change would involve adding an additional optional parameter to ClientCredentialProvider's constructor as such :

var cca = onfidentialClientApplicationBuilder
                .Create(clientId)
                .WithTenantId(tenantID)
                .WithClientSecret(clientSecret)
                .Build();

var ap = new ClientCredentialProvider(cca, "https://management.azure.com/.default");
var graphServiceClient = new GraphServiceClient(ap);