From b4d0c5a5652104e13ae9e06a55e603f1498041a7 Mon Sep 17 00:00:00 2001
From: Vincent Biret <vibiret@microsoft.com>
Date: Mon, 16 Jan 2023 15:45:10 -0500
Subject: [PATCH 1/2] - removes graph specific constants

Signed-off-by: Vincent Biret <vibiret@microsoft.com>
---
 CHANGELOG.md                                     |  6 ++++++
 .../AzureIdentityAuthenticationProviderTests.cs  |  7 +++++--
 src/AzureIdentityAccessTokenProvider.cs          | 16 ++++++----------
 src/Microsoft.Kiota.Authentication.Azure.csproj  |  4 ++--
 4 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8672b5b..41ad754 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+## [1.0.0-rc.2] - 2023-01-16
+
+### Changed
+
+- Removed microsoft graph specific constants to make usage easier for other MIP protected APIs.
+
 ## [1.0.0-rc.1] - 2022-12-15
 
 ### Changed
diff --git a/Microsoft.Kiota.Authentication.Azure.Tests/AzureIdentityAuthenticationProviderTests.cs b/Microsoft.Kiota.Authentication.Azure.Tests/AzureIdentityAuthenticationProviderTests.cs
index a4fed65..f74835b 100644
--- a/Microsoft.Kiota.Authentication.Azure.Tests/AzureIdentityAuthenticationProviderTests.cs
+++ b/Microsoft.Kiota.Authentication.Azure.Tests/AzureIdentityAuthenticationProviderTests.cs
@@ -27,15 +27,18 @@ public void ConstructorThrowsArgumentNullExceptionOnNullTokenCredential()
     public async Task GetAuthorizationTokenAsyncGetsToken(string url, string expectedToken)
     {
         // Arrange
+        var uri = new Uri(url);
         var mockTokenCredential = new Mock<TokenCredential>();
         mockTokenCredential.Setup(credential => credential.GetTokenAsync(It.IsAny<TokenRequestContext>(), It.IsAny<CancellationToken>())).Returns(new ValueTask<AccessToken>(new AccessToken(expectedToken, DateTimeOffset.Now)));
-        var azureIdentityAuthenticationProvider = new AzureIdentityAccessTokenProvider(mockTokenCredential.Object, null);
+        var azureIdentityAuthenticationProvider = new AzureIdentityAccessTokenProvider(mockTokenCredential.Object);
 
         // Act
-        var token = await azureIdentityAuthenticationProvider.GetAuthorizationTokenAsync(new Uri(url));
+        var token = await azureIdentityAuthenticationProvider.GetAuthorizationTokenAsync(uri);
 
         // Assert
         Assert.Equal(expectedToken, token);
+        mockTokenCredential.Verify(x => x.GetTokenAsync(It.Is<TokenRequestContext>(t =>
+                                                                            t.Scopes.Any(s => $"{uri.Scheme}://{uri.Host}/.default".Equals(s, StringComparison.OrdinalIgnoreCase))), It.IsAny<CancellationToken>()));
     }
 
     [Theory]
diff --git a/src/AzureIdentityAccessTokenProvider.cs b/src/AzureIdentityAccessTokenProvider.cs
index 0a8e818..59106d9 100644
--- a/src/AzureIdentityAccessTokenProvider.cs
+++ b/src/AzureIdentityAccessTokenProvider.cs
@@ -21,7 +21,7 @@ public class AzureIdentityAccessTokenProvider : IAccessTokenProvider, IDisposabl
     private readonly TokenCredential _credential;
     private readonly ObservabilityOptions _obsOptions;
     private readonly ActivitySource _activitySource;
-    private readonly List<string> _scopes;
+    private readonly HashSet<string> _scopes;
     /// <inheritdoc />
     public AllowedHostsValidator AllowedHostsValidator { get; private set; }
 
@@ -36,18 +36,12 @@ public AzureIdentityAccessTokenProvider(TokenCredential credential, string [] al
     {
         _credential = credential ?? throw new ArgumentNullException(nameof(credential));
 
-        if(!allowedHosts?.Any() ?? true)
-            AllowedHostsValidator = new AllowedHostsValidator(new string[] { "graph.microsoft.com", "graph.microsoft.us", "dod-graph.microsoft.us", "graph.microsoft.de", "microsoftgraph.chinacloudapi.cn", "canary.graph.microsoft.com" });
-        else
-            AllowedHostsValidator = new AllowedHostsValidator(allowedHosts);
+        AllowedHostsValidator = new AllowedHostsValidator(allowedHosts);
 
         if(scopes == null)
             _scopes = new();
         else
-            _scopes = scopes.ToList();
-
-        if(!_scopes.Any())
-            _scopes.Add("https://graph.microsoft.com/.default"); //TODO: init from the request hostname instead so it doesn't block national clouds?
+            _scopes = new(scopes, StringComparer.OrdinalIgnoreCase);
 
         _obsOptions = observabilityOptions ?? new();
         _activitySource = new(_obsOptions.TracerInstrumentationName);
@@ -81,8 +75,10 @@ public async Task<string> GetAuthorizationTokenAsync(Uri uri, Dictionary<string,
         } else
             span?.SetTag("com.microsoft.kiota.authentication.additional_claims_provided", false);
 
+        if(!_scopes.Any())
+            _scopes.Add($"{uri.Scheme}://{uri.Host}/.default");
         span?.SetTag("com.microsoft.kiota.authentication.scopes", string.Join(",", _scopes));
-        var result = await this._credential.GetTokenAsync(new TokenRequestContext(_scopes.ToArray(), claims: decodedClaim), cancellationToken); //TODO: we might have to bubble that up for native apps or backend web apps to avoid blocking the UI/getting an exception
+        var result = await this._credential.GetTokenAsync(new TokenRequestContext(_scopes.ToArray(), claims: decodedClaim), cancellationToken);
         return result.Token;
     }
     /// <inheritdoc/>
diff --git a/src/Microsoft.Kiota.Authentication.Azure.csproj b/src/Microsoft.Kiota.Authentication.Azure.csproj
index 7e4dde6..0a83c60 100644
--- a/src/Microsoft.Kiota.Authentication.Azure.csproj
+++ b/src/Microsoft.Kiota.Authentication.Azure.csproj
@@ -14,7 +14,7 @@
     <EmbedUntrackedSources>true</EmbedUntrackedSources>
     <Deterministic>true</Deterministic>
     <VersionPrefix>1.0.0</VersionPrefix>
-    <VersionSuffix>rc.1</VersionSuffix>
+    <VersionSuffix>rc.2</VersionSuffix>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
     <!-- Enable this line once we go live to prevent breaking changes -->
@@ -23,7 +23,7 @@
     <DelaySign>false</DelaySign>
     <AssemblyOriginatorKeyFile>35MSSharedLib1024.snk</AssemblyOriginatorKeyFile>
     <PackageReleaseNotes>
-        - Release candidate 1
+        https://github.com/microsoft/kiota-authentication-azure-dotnet/releases
     </PackageReleaseNotes>
     <PackageRequireLicenseAcceptance>true</PackageRequireLicenseAcceptance>
     <PackageLicenseFile>LICENSE</PackageLicenseFile>

From 4120264979e5bba58a8e8f8914b66346753d2947 Mon Sep 17 00:00:00 2001
From: Vincent Biret <vibiret@microsoft.com>
Date: Mon, 16 Jan 2023 16:02:47 -0500
Subject: [PATCH 2/2] - code linting

Signed-off-by: Vincent Biret <vibiret@microsoft.com>
---
 src/AzureIdentityAccessTokenProvider.cs | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/AzureIdentityAccessTokenProvider.cs b/src/AzureIdentityAccessTokenProvider.cs
index 59106d9..11aa3d2 100644
--- a/src/AzureIdentityAccessTokenProvider.cs
+++ b/src/AzureIdentityAccessTokenProvider.cs
@@ -19,7 +19,6 @@ namespace Microsoft.Kiota.Authentication.Azure;
 public class AzureIdentityAccessTokenProvider : IAccessTokenProvider, IDisposable
 {
     private readonly TokenCredential _credential;
-    private readonly ObservabilityOptions _obsOptions;
     private readonly ActivitySource _activitySource;
     private readonly HashSet<string> _scopes;
     /// <inheritdoc />
@@ -43,8 +42,7 @@ public AzureIdentityAccessTokenProvider(TokenCredential credential, string [] al
         else
             _scopes = new(scopes, StringComparer.OrdinalIgnoreCase);
 
-        _obsOptions = observabilityOptions ?? new();
-        _activitySource = new(_obsOptions.TracerInstrumentationName);
+        _activitySource = new((observabilityOptions ?? new()).TracerInstrumentationName);
     }
 
     private const string ClaimsKey = "claims";