Align DeviceCodeRequest/UsernamePasswordRequest scopes construction with TokenClient/ScopeHelper

billybooth · bgavrilMS · commit be0d4454b3af · 2025-09-04T13:58:32.000+01:00
* Brings DeviceCodeRequest and UsernamePasswordRequest scopes production into somewhat better alignment with TokenClient.GetDefaultScopes().
* Allows OAuth2Value.ReservedScopes to be respected across all grant types.
diff --git a/src/client/Microsoft.Identity.Client/Internal/Requests/DeviceCodeRequest.cs b/src/client/Microsoft.Identity.Client/Internal/Requests/DeviceCodeRequest.cs
@@ -31,11 +31,8 @@ protected override async Task<AuthenticationResult> ExecuteAsync(CancellationTok
 
             var client = new OAuth2Client(ServiceBundle.ApplicationLogger, ServiceBundle.HttpManager, null);
 
-            var deviceCodeScopes = new HashSet<string>();
-            deviceCodeScopes.UnionWith(AuthenticationRequestParameters.Scope);
-            deviceCodeScopes.Add(OAuth2Value.ScopeOfflineAccess);
-            deviceCodeScopes.Add(OAuth2Value.ScopeProfile);
-            deviceCodeScopes.Add(OAuth2Value.ScopeOpenId);
+            var deviceCodeScopes = new HashSet<string>(AuthenticationRequestParameters.Scope);
+            deviceCodeScopes.UnionWith(OAuth2Value.ReservedScopes);
 
             client.AddBodyParameter(OAuth2Parameter.ClientId, AuthenticationRequestParameters.AppConfig.ClientId);
             client.AddBodyParameter(OAuth2Parameter.Scope, deviceCodeScopes.AsSingleString());
diff --git a/src/client/Microsoft.Identity.Client/Internal/Requests/UsernamePasswordRequest.cs b/src/client/Microsoft.Identity.Client/Internal/Requests/UsernamePasswordRequest.cs
@@ -187,14 +187,9 @@ private Dictionary<string, string> GetAdditionalBodyParameters(UserAssertion use
                 dict[OAuth2Parameter.Password] = _usernamePasswordParameters.Password;
             }
 
-            ISet<string> unionScope = new HashSet<string>()
-            {
-                OAuth2Value.ScopeOpenId,
-                OAuth2Value.ScopeOfflineAccess,
-                OAuth2Value.ScopeProfile
-            };
+            var unionScope = new HashSet<string>(AuthenticationRequestParameters.Scope);
+            unionScope.UnionWith(OAuth2Value.ReservedScopes);
 
-            unionScope.UnionWith(AuthenticationRequestParameters.Scope);
             dict[OAuth2Parameter.Scope] = unionScope.AsSingleString();
             dict[OAuth2Parameter.ClientInfo] = "1";
 
