From 37d975dd894d81670b4c4049f999ff5f11e971af Mon Sep 17 00:00:00 2001
From: Tracy Boehrer <trboehre@microsoft.com>
Date: Wed, 3 Apr 2024 16:12:44 -0500
Subject: [PATCH 1/2] OAuthScope parity with JS and DotNet

---
 .../connector/auth/authentication_constants.py   |  2 +-
 .../connector/auth/government_constants.py       |  2 +-
 .../connector/auth/microsoft_app_credentials.py  | 16 +++++++---------
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/libraries/botframework-connector/botframework/connector/auth/authentication_constants.py b/libraries/botframework-connector/botframework/connector/auth/authentication_constants.py
index f1a24de08..90cb5656f 100644
--- a/libraries/botframework-connector/botframework/connector/auth/authentication_constants.py
+++ b/libraries/botframework-connector/botframework/connector/auth/authentication_constants.py
@@ -22,7 +22,7 @@ class AuthenticationConstants(ABC):
     DEFAULT_CHANNEL_AUTH_TENANT = "botframework.com"
 
     # TO CHANNEL FROM BOT: OAuth scope to request
-    TO_CHANNEL_FROM_BOT_OAUTH_SCOPE = "https://api.botframework.com/.default"
+    TO_CHANNEL_FROM_BOT_OAUTH_SCOPE = "https://api.botframework.com"
 
     # TO BOT FROM CHANNEL: Token issuer
     TO_BOT_FROM_CHANNEL_TOKEN_ISSUER = "https://api.botframework.com"
diff --git a/libraries/botframework-connector/botframework/connector/auth/government_constants.py b/libraries/botframework-connector/botframework/connector/auth/government_constants.py
index dd235aba7..aba16e396 100644
--- a/libraries/botframework-connector/botframework/connector/auth/government_constants.py
+++ b/libraries/botframework-connector/botframework/connector/auth/government_constants.py
@@ -31,7 +31,7 @@ class GovernmentConstants(ABC):
     """
     TO CHANNEL FROM BOT: OAuth scope to request
     """
-    TO_CHANNEL_FROM_BOT_OAUTH_SCOPE = "https://api.botframework.us/.default"
+    TO_CHANNEL_FROM_BOT_OAUTH_SCOPE = "https://api.botframework.us"
 
     """
     TO BOT FROM CHANNEL: Token issuer
diff --git a/libraries/botframework-connector/botframework/connector/auth/microsoft_app_credentials.py b/libraries/botframework-connector/botframework/connector/auth/microsoft_app_credentials.py
index 24c230007..d42a3309e 100644
--- a/libraries/botframework-connector/botframework/connector/auth/microsoft_app_credentials.py
+++ b/libraries/botframework-connector/botframework/connector/auth/microsoft_app_credentials.py
@@ -30,13 +30,6 @@ def __init__(
         self.microsoft_app_password = password
         self.app = None
 
-        # This check likely needs to be more nuanced than this.  Assuming
-        # "/.default" precludes other valid suffixes
-        scope = self.oauth_scope
-        if oauth_scope and not scope.endswith("/.default"):
-            scope += "/.default"
-        self.scopes = [scope]
-
     @staticmethod
     def empty():
         return MicrosoftAppCredentials("", "")
@@ -47,16 +40,21 @@ def get_access_token(self, force_refresh: bool = False) -> str:
         :return: The access token for the given app id and password.
         """
 
+        scope = self.oauth_scope
+        if not scope.endswith("/.default"):
+            scope += "/.default"
+        scopes = [scope]
+
         # Firstly, looks up a token from cache
         # Since we are looking for token for the current app, NOT for an end user,
         # notice we give account parameter as None.
         auth_token = self.__get_msal_app().acquire_token_silent(
-            self.scopes, account=None
+            scopes, account=None
         )
         if not auth_token:
             # No suitable token exists in cache. Let's get a new one from AAD.
             auth_token = self.__get_msal_app().acquire_token_for_client(
-                scopes=self.scopes
+                scopes=scopes
             )
         return auth_token["access_token"]
 

From abb4f94d1dff5f2e233c3f7d2078cc0442bbec3f Mon Sep 17 00:00:00 2001
From: Tracy Boehrer <trboehre@microsoft.com>
Date: Wed, 3 Apr 2024 16:19:50 -0500
Subject: [PATCH 2/2] black formatting

---
 .../connector/auth/microsoft_app_credentials.py           | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/libraries/botframework-connector/botframework/connector/auth/microsoft_app_credentials.py b/libraries/botframework-connector/botframework/connector/auth/microsoft_app_credentials.py
index d42a3309e..532071667 100644
--- a/libraries/botframework-connector/botframework/connector/auth/microsoft_app_credentials.py
+++ b/libraries/botframework-connector/botframework/connector/auth/microsoft_app_credentials.py
@@ -48,14 +48,10 @@ def get_access_token(self, force_refresh: bool = False) -> str:
         # Firstly, looks up a token from cache
         # Since we are looking for token for the current app, NOT for an end user,
         # notice we give account parameter as None.
-        auth_token = self.__get_msal_app().acquire_token_silent(
-            scopes, account=None
-        )
+        auth_token = self.__get_msal_app().acquire_token_silent(scopes, account=None)
         if not auth_token:
             # No suitable token exists in cache. Let's get a new one from AAD.
-            auth_token = self.__get_msal_app().acquire_token_for_client(
-                scopes=scopes
-            )
+            auth_token = self.__get_msal_app().acquire_token_for_client(scopes=scopes)
         return auth_token["access_token"]
 
     def __get_msal_app(self):