Possible to request multiple scopes?
Closed this issue · 2 comments
The idea of this package is great: use the GraphClient
to handle from both MS Graph and SharePoint REST API.
After battling it all day, I was finally able to get a List
from the SharePoint REST using an IConfidentialClientApplication
(using a certificate).
I realized part of the issue I was having was that I kept thinking I could use two scopes simultaneously: "https://graph.microsoft.com/.default" and "https://{tenant}.sharepoint.com/.default".
Is it possible? I don't love the idea that every time I want to switch "contexts" (APIs) I have to get a new client/token.
Sadly, Azure Active Directory does not provide for getting a single access token with multiple audiences (Graph and SharePoint).
As you a using a confidential client, you can also configure a local token cache. So every call makes a request for a token, and MSAL will provide the cached token. So, yes, two calls to get tokens but not every call your application makes to Graph/SharePoint.
Depending on your scenaio, the Microsoft.Identity.Web library (which uses MSL) can also help with token acquisition/caching.
This is a perfect answer. I was having a hard time finding it with my Googling.
Thank you!