From d8cb63cb933058f6759dd3dfad9da538d46554b6 Mon Sep 17 00:00:00 2001
From: Nick Rimmer <NickRimmer@users.noreply.github.com>
Date: Fri, 10 May 2024 16:59:18 +0200
Subject: [PATCH] try to read aad2 scopes from environment variables (#1197)

Co-authored-by: Viacheslav Lepshin <viacheslav.lepshin@accelleron-industries.com>
---
 README.md                       | 2 +-
 src/utils/aadV2TokenProvider.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 1a22ce87..97370b0d 100644
--- a/README.md
+++ b/README.md
@@ -579,7 +579,7 @@ System variables provide a pre-defined set of variables that can be used in any
 
   `appOnly`: Optional. Specify `appOnly` to use make to use a client credentials flow to obtain a token. `aadV2ClientSecret` and `aadV2AppUri`must be provided as REST Client environment variables. `aadV2ClientId`, `aadV2TenantId` and `aadV2Cloud` may also be optionally provided via the environment. `aadV2ClientId` in environment will only be used for `appOnly` calls.
 
-  `scopes:<scope[,]>`: Optional. Comma delimited list of scopes that must have consent to allow the call to be successful. Not applicable for `appOnly` calls.
+  `scopes:<scope[,]>`: Optional. Comma delimited list of scopes that must have consent to allow the call to be successful. Not applicable for `appOnly` calls. `aadV2Scopes` may optionally be provided via the environment.
 
   `tenantId:<domain|tenantId>`: Optional. Domain or tenant id for the tenant to sign in to. (`common` to determine tenant from sign in).
 
diff --git a/src/utils/aadV2TokenProvider.ts b/src/utils/aadV2TokenProvider.ts
index 84a96402..af09f04f 100644
--- a/src/utils/aadV2TokenProvider.ts
+++ b/src/utils/aadV2TokenProvider.ts
@@ -207,7 +207,7 @@ class AuthParameters {
         authParameters.cloud = (await authParameters.readEnvironmentVariable("aadV2Cloud")) || authParameters.cloud;
         authParameters.tenantId = (await authParameters.readEnvironmentVariable("aadV2TenantId")) || authParameters.tenantId;
 
-        let scopes = "openid,profile";
+        let scopes = (await authParameters.readEnvironmentVariable("aadV2Scopes")) || "openid,profile";
         let explicitClientId: string | undefined = undefined;
         // Parse variable parameters
         const groups = authParameters.aadV2TokenRegex.exec(name);