default valid hostnames values and default scope value in the access token provider should be defined in graph core

[baywet]

default valid hostnames values and default scope value in the access token provider should be defined in graph core

Originally posted by @baywet in https://github.com/microsoft/kiota/pull/1051#r791026894

We should move https://graph.microsoft.com/.default and graph.microsoft.com

[nikithauc]

I will incorporate the typescript changes for the core part as I am already working on the auth part in core. And marking this issue in the Graph core for JavaScript

[ddyett]

@baywet is this tracking work each team needs to cover or general kiota work.

[baywet]

I'm not sure anything needs to happen in Kiota itself anymore at this point. Maybe a little change in behaviour, if there are no valid hostnames, all the host names are valid (instead of nothing valid)? For the scopes, maybe we could set a generic OpenId scope here as a default? And then the work that needs to happen is to set the defaults in Graph cores instead.

[baywet]

After some additional research the best course of actions is probably:

• To have a default scope of <scheme>://<host>/.default used in the GetAuthorizationTokenAsync method of the azure access token provider. This way it'll also work for national clouds or other APIs secured with MIP.
• To have the allowed host validator validate when no hosts are provided. (already the case in .net)
• To have default hosts defined with a derived authentication provider in graph core and removed from the kiota lib.

[baywet]

TODO:

• [x] test out ruby changes
• [x] update readmes for go/ruby service libs
• [x] create issues for php/python/swift
• [x] update public docs