Within the current implementation flask-entra-auth tries to extract the scopes from the token claims using the scps key - this key doesn't seem to exist within the claim spec - see here https://learn.microsoft.com/en-us/entra/identity-platform/access-token-claims-reference#payload-claims
Currently the lib assumes that the scopes are an array of strings (similar to roles) - but according to the spec the scopes (scp) is a "String, a space separated list of scopes" - What this means is that in the current implementation no scopes are ever actually captured and can never be checked against.
I've created a PR to fix this issue
#37
Within the current implementation flask-entra-auth tries to extract the scopes from the token claims using the
scpskey - this key doesn't seem to exist within the claim spec - see here https://learn.microsoft.com/en-us/entra/identity-platform/access-token-claims-reference#payload-claimsCurrently the lib assumes that the scopes are an array of strings (similar to roles) - but according to the spec the scopes (scp) is a "String, a space separated list of scopes" - What this means is that in the current implementation no scopes are ever actually captured and can never be checked against.
I've created a PR to fix this issue
#37