diff --git a/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/spring/aad/implementation/AzureActiveDirectoryConfigurationTest.java b/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/spring/aad/implementation/AzureActiveDirectoryConfigurationTest.java index cfeff47a6ead..48187735a7b2 100644 --- a/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/spring/aad/implementation/AzureActiveDirectoryConfigurationTest.java +++ b/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/spring/aad/implementation/AzureActiveDirectoryConfigurationTest.java @@ -31,11 +31,17 @@ public void clientRegistered() { assertEquals("fake-client-secret", azure.getClientSecret()); AuthorizationServerEndpoints endpoints = new AuthorizationServerEndpoints(); - assertEquals(endpoints.authorizationEndpoint("fake-tenant-id"), azure.getProviderDetails().getAuthorizationUri()); + assertEquals(endpoints.authorizationEndpoint("fake-tenant-id"), + azure.getProviderDetails().getAuthorizationUri()); assertEquals(endpoints.tokenEndpoint("fake-tenant-id"), azure.getProviderDetails().getTokenUri()); assertEquals(endpoints.jwkSetEndpoint("fake-tenant-id"), azure.getProviderDetails().getJwkSetUri()); assertEquals("{baseUrl}/login/oauth2/code/{registrationId}", azure.getRedirectUriTemplate()); - assertDefaultScopes(azure, "openid", "profile"); + assertDefaultScopes( + azure, + "openid", + "profile", + "https://graph.microsoft.com/Directory.AccessAsUser.All", + "https://graph.microsoft.com/User.Read"); } } @@ -50,7 +56,14 @@ public void clientRequiresPermissionRegistered() { ClientRegistration graph = repo.findByRegistrationId("graph"); assertNotNull(azure); - assertDefaultScopes(azure, "openid", "profile", "offline_access", "Calendars.Read"); + assertDefaultScopes( + azure, + "openid", + "profile", + "https://graph.microsoft.com/Directory.AccessAsUser.All", + "https://graph.microsoft.com/User.Read", + "offline_access", + "Calendars.Read"); assertNotNull(graph); assertDefaultScopes(graph, "Calendars.Read"); @@ -73,6 +86,8 @@ public void clientRequiresMultiPermissions() { azure, "openid", "profile", + "https://graph.microsoft.com/Directory.AccessAsUser.All", + "https://graph.microsoft.com/User.Read", "offline_access", "Calendars.Read", "https://management.core.windows.net/user_impersonation"); @@ -92,7 +107,14 @@ public void clientRequiresPermissionInDefaultClient() { ClientRegistration azure = repo.findByRegistrationId("azure"); assertNotNull(azure); - assertDefaultScopes(azure, "openid", "profile", "offline_access", "Calendars.Read"); + assertDefaultScopes( + azure, + "openid", + "profile", + "https://graph.microsoft.com/Directory.AccessAsUser.All", + "https://graph.microsoft.com/User.Read", + "offline_access", + "Calendars.Read"); } } diff --git a/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/implementation/AzureActiveDirectoryConfiguration.java b/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/implementation/AzureActiveDirectoryConfiguration.java index d1970e16dc55..7add06b9bbf5 100644 --- a/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/implementation/AzureActiveDirectoryConfiguration.java +++ b/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/implementation/AzureActiveDirectoryConfiguration.java @@ -65,7 +65,7 @@ private AzureClientRegistration createDefaultClient() { } private Set allScopes() { - Set result = openidScopes(); + Set result = accessTokenScopes(); for (AuthorizationProperties authProperties : properties.getAuthorization().values()) { result.addAll(authProperties.getScopes()); }