microsoft-graph-toolkit
microsoft-graph-toolkit copied to clipboard
[BUG] MGT4 prepscopes and custom apps/domains causes token corruption
Describe the bug When using prepscopes to call graph endpoints whilst having a custom app prep scope already obtained can result in the token for the custom app/domain becoming invalid and cannot be re-requested. Reverting to v3 of MGT fixes the issues.
To Reproduce Steps to reproduce the behavior:
- Use a custom domain/app in a prepscope call
- prepscope with additional graph services
- attempt to call the custom domain/app api will result in a 401 error with the token being invalid
Expected behavior Should work as with v3 of MGT, that a prepscope doesn't invalidate the custom domain/app api endpoint
Environment (please complete the following information):
- OS: Windows (Web)
- Browser: Edge
- Framework: React
- Context: Web (with mix of custom api (entra secured) and graph
- Version: 4 latest
- Provider: Msal2Provider
Providers.globalProvider = new Msal2Provider({
clientId: "xxxxxx",
loginType: LoginType.Redirect,
redirectUri: window.location.protocol + "//" + window.location.host,
scopes: ["user.read", "openid", "offline_access", "api://xxxxxxx/user"],
customHosts: ["xxxxx", "service.powerapps.com", "api.bap.microsoft.com", "api.powerbi.com"]
});
Providers.client.api('some url').middlewareOptions(prepScopes(["api://xxxxxx/user"]))
then
Providers.client.api(`organization/${tenant!.id}`).middlewareOptions(prepScopes(["Directory.AccessAsUser.All", "https://service.powerapps.com//User"])
and then back to the first call results in a 401 error
The same code (without the array brackets) works without issue in v3