Closed FiromsaA closed 5 years ago
I would caution against including .default with the user-provided scope.
If the request includes other resources (say SharePoint Online or custom resource), then including .default for Microsoft Graph is not supported. AAD won't issue a token. (AADSTS70011: .default scope can't be combined with resource-specific scopes)
I have a real-world use case where the scopes parameter had to be explicit:
https://[tenant].sharepoint.com/AllSites.FullControl
https://graph.microsoft.com/Mail.Send
@pschaeflein I'm not sure I follow. I don't think we are adding .default to user provided scopes. If you provide an explicit scope(s), we don't touch it.
Then I mis-understood Michael's comment. Never mind. :)
Added new parameter to Client Credential Provider to allow custom scopes to be passed in. Issue #44.