AI-Gateway icon indicating copy to clipboard operation
AI-Gateway copied to clipboard

Published 20 hours ago verified publisher icon Azure-Samples

Lab 'access-controlling' -- Adding additional scope does not work (only replacing `User.Read`

Open ulkeba opened this issue 5 months ago • 0 comments

The instruction says:

Then, copy the full scope (app:///scope) and add it to the scopes array below.

(By the way, markdown will not render the <id> here, so that it shows as "app:///scope" instead of app://<id>/scope...)

However, I tried

flow = app.initiate_device_flow(scopes=["api://<id>/the-scope", "User.Read"])

as well as

flow = app.initiate_device_flow(scopes=["User.Read", "api://<id>/the-scope"])

but both did not work -- no clain roles and the scope in JWT was only:

{
  ...
  "scp": "openid profile User.Read email",
}

Only when I replaced User.Read, the token contained the app roles:

flow = app.initiate_device_flow(scopes=["api://<id>/the-scope"])

{
  ...
  "roles": [
    "OpenAI.ChatCompletion"
  ],
  "scp": "the-scope",
}

ulkeba avatar Aug 31 '24 15:08 ulkeba