Token Refresh removes all claims / scopes initially requested in the ID Token

[Andrew1431]

trafficstars

Library versions

• react-aad-msal: 2.3.5
• msal: 1.3.2

Describe the bug Refresh tokens lose all scopes originally requested from the user: https://github.com/syncweek-react-aad/react-aad/blob/a7205ef20c6f9dafff94afbe276fa8fba46b9ef0/packages/react-aad-msal/src/MsalAuthProvider.ts#L160

Expected behavior When I log in using openid and email as scopes, should they not be included as well in the token refresh?

To Reproduce Steps to reproduce the behavior:

1. Request email scope
2. Wait for token refresh
3. Email scope is no longer in ID token.

Is this expected behaviour? I am new to using external auth libraries so perhaps I am just entirely doing something wrong here.