OAuthScope parity with JS and DotNet

microsoft · Apr 3, 2024 · 37d975d · 37d975d
1 parent 9b6f0e6
commit 37d975d
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 11 deletions.
diff --git a/libraries/botframework-connector/botframework/connector/auth/authentication_constants.py b/libraries/botframework-connector/botframework/connector/auth/authentication_constants.py
@@ -22,7 +22,7 @@ class AuthenticationConstants(ABC):
     DEFAULT_CHANNEL_AUTH_TENANT = "botframework.com"
 
     # TO CHANNEL FROM BOT: OAuth scope to request
-    TO_CHANNEL_FROM_BOT_OAUTH_SCOPE = "https://api.botframework.com/.default"
+    TO_CHANNEL_FROM_BOT_OAUTH_SCOPE = "https://api.botframework.com"
 
     # TO BOT FROM CHANNEL: Token issuer
     TO_BOT_FROM_CHANNEL_TOKEN_ISSUER = "https://api.botframework.com"

diff --git a/libraries/botframework-connector/botframework/connector/auth/government_constants.py b/libraries/botframework-connector/botframework/connector/auth/government_constants.py
@@ -31,7 +31,7 @@ class GovernmentConstants(ABC):
     """
     TO CHANNEL FROM BOT: OAuth scope to request
     """
-    TO_CHANNEL_FROM_BOT_OAUTH_SCOPE = "https://api.botframework.us/.default"
+    TO_CHANNEL_FROM_BOT_OAUTH_SCOPE = "https://api.botframework.us"
 
     """
     TO BOT FROM CHANNEL: Token issuer

diff --git a/libraries/botframework-connector/botframework/connector/auth/microsoft_app_credentials.py b/libraries/botframework-connector/botframework/connector/auth/microsoft_app_credentials.py
@@ -30,13 +30,6 @@ def __init__(
         self.microsoft_app_password = password
         self.app = None
 
-        # This check likely needs to be more nuanced than this.  Assuming
-        # "/.default" precludes other valid suffixes
-        scope = self.oauth_scope
-        if oauth_scope and not scope.endswith("/.default"):
-            scope += "/.default"
-        self.scopes = [scope]
-
     @staticmethod
     def empty():
         return MicrosoftAppCredentials("", "")
@@ -47,16 +40,21 @@ def get_access_token(self, force_refresh: bool = False) -> str:
         :return: The access token for the given app id and password.
         """
 
+        scope = self.oauth_scope
+        if not scope.endswith("/.default"):
+            scope += "/.default"
+        scopes = [scope]
+
         # Firstly, looks up a token from cache
         # Since we are looking for token for the current app, NOT for an end user,
         # notice we give account parameter as None.
         auth_token = self.__get_msal_app().acquire_token_silent(
-            self.scopes, account=None
+            scopes, account=None
         )
         if not auth_token:
             # No suitable token exists in cache. Let's get a new one from AAD.
             auth_token = self.__get_msal_app().acquire_token_for_client(
-                scopes=self.scopes
+                scopes=scopes
             )
         return auth_token["access_token"]