MSAL behaves as though there is a hard-coded catch 22 at its API library layer that seems illogical when I use it.
string[] scopesArrayNonNullWORKS = new string[] { "email" };
string[] scopesArrayAlreadyThereInMsalCalls_FAILS = new string[] { "openid" };
string[] scopesArrayNoExtraScopesNeeded_FAILS = new string[0];
Microsoft.Identity.Client.ConfidentialClientApplication myCliApp;
myCliApp.AcquireTokenByAuthorizationCodeAsync(code, scopesArray);
MSAL has built in and hard coded these scopes on every call: openid , profile , offline_access .
This is fine and works for me. I have no need for any additional scopes.
However, I can’t use null or an empty scopes list. It is like the MSAL library layer is forcing me to ask for scopes I do not need or want. If I include email (which I don’t’ need) then the library layer is happy with a non-null Scopes parameter and everything works.
If I use the one scope I need, openid, then the library layer errors because I have included a duplicate scope openid which was already there.
This seems like a catch 22 and cyclically illogical. I can’t use the scopes I need, or, it errors because they are predefined. I can’t pass in an empty list of scopes (and use the pre-defined) or it errors. If I pass in a non-null scope that I do not want or need then it works.
I must be missing a critical conceptual detail.
I would like to use these 3 and only these 3 scopes ... openid , profile , offline_access .
An Error Example of this catch 22: MSAL always sends the scopes 'openid profile offline_access'. They cannot be suppressed as they are required for the library to function. Do not include any of these scopes in the scope parameter.
