From 9af532fe719e3851db756087730f278ea5559751 Mon Sep 17 00:00:00 2001 From: rqi14 Date: Tue, 2 Apr 2024 19:43:57 +0800 Subject: [PATCH] Get scope from endpoint url instead of hardcoding (#1770) --- management/server/idp/azure.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/management/server/idp/azure.go b/management/server/idp/azure.go index 706e4d330..2f21b3b54 100644 --- a/management/server/idp/azure.go +++ b/management/server/idp/azure.go @@ -115,7 +115,15 @@ func (ac *AzureCredentials) requestJWTToken() (*http.Response, error) { data.Set("client_id", ac.clientConfig.ClientID) data.Set("client_secret", ac.clientConfig.ClientSecret) data.Set("grant_type", ac.clientConfig.GrantType) - data.Set("scope", "https://graph.microsoft.com/.default") + parsedURL, err := url.Parse(ac.clientConfig.GraphAPIEndpoint) + if err != nil { + return nil, err + } + + // get base url and add "/.default" as scope + baseURL := parsedURL.Scheme + "://" + parsedURL.Host + scopeURL := baseURL + "/.default" + data.Set("scope", scopeURL) payload := strings.NewReader(data.Encode()) req, err := http.NewRequest(http.MethodPost, ac.clientConfig.TokenEndpoint, payload)