Added Optional Scope parameter to ClientCredentialProvider

microsoftgraph / msgraph-sdk-dotnet-auth

Archived - use the TokenCredential classes provided by Azure.Identity. https://docs.microsoft.com/en-us/dotnet/api/overview/azure/identity-readme

https://graph.microsoft.com

MIT License

78 stars 19 forks source link

Added Optional Scope parameter to ClientCredentialProvider #48

Closed FiromsaA closed 5 years ago

FiromsaA commented 5 years ago

Added new parameter to Client Credential Provider to allow custom scopes to be passed in. Issue #44.

msftclas commented 5 years ago

All CLA requirements met.

pschaeflein commented 5 years ago

I would caution against including .default with the user-provided scope.

If the request includes other resources (say SharePoint Online or custom resource), then including .default for Microsoft Graph is not supported. AAD won't issue a token. (AADSTS70011: .default scope can't be combined with resource-specific scopes)

I have a real-world use case where the scopes parameter had to be explicit:

https://[tenant].sharepoint.com/AllSites.FullControl
https://graph.microsoft.com/Mail.Send

darrelmiller commented 5 years ago

@pschaeflein I'm not sure I follow. I don't think we are adding .default to user provided scopes. If you provide an explicit scope(s), we don't touch it.

pschaeflein commented 5 years ago

Then I mis-understood Michael's comment. Never mind. :)