diff --git a/extensions/msteams/src/attachments/download.ts b/extensions/msteams/src/attachments/download.ts index 0a44c50d6..cadb00dca 100644 --- a/extensions/msteams/src/attachments/download.ts +++ b/extensions/msteams/src/attachments/download.ts @@ -68,10 +68,10 @@ function scopeCandidatesForUrl(url: string): string[] { host.endsWith("1drv.ms") || host.includes("sharepoint"); return looksLikeGraph - ? ["https://graph.microsoft.com/.default", "https://api.botframework.com/.default"] - : ["https://api.botframework.com/.default", "https://graph.microsoft.com/.default"]; + ? ["https://graph.microsoft.com", "https://api.botframework.com"] + : ["https://api.botframework.com", "https://graph.microsoft.com"]; } catch { - return ["https://api.botframework.com/.default", "https://graph.microsoft.com/.default"]; + return ["https://api.botframework.com", "https://graph.microsoft.com"]; } } diff --git a/extensions/msteams/src/attachments/graph.ts b/extensions/msteams/src/attachments/graph.ts index bb47d413f..6cad32e46 100644 --- a/extensions/msteams/src/attachments/graph.ts +++ b/extensions/msteams/src/attachments/graph.ts @@ -198,7 +198,7 @@ export async function downloadMSTeamsGraphMedia(params: { const messageUrl = params.messageUrl; let accessToken: string; try { - accessToken = await params.tokenProvider.getAccessToken("https://graph.microsoft.com/.default"); + accessToken = await params.tokenProvider.getAccessToken("https://graph.microsoft.com"); } catch { return { media: [], messageUrl, tokenError: true }; } diff --git a/extensions/msteams/src/directory-live.ts b/extensions/msteams/src/directory-live.ts index 35715acb4..bbc5c79eb 100644 --- a/extensions/msteams/src/directory-live.ts +++ b/extensions/msteams/src/directory-live.ts @@ -64,7 +64,7 @@ async function resolveGraphToken(cfg: unknown): Promise { if (!creds) throw new Error("MS Teams credentials missing"); const { sdk, authConfig } = await loadMSTeamsSdkWithAuth(creds); const tokenProvider = new sdk.MsalTokenProvider(authConfig); - const token = await tokenProvider.getAccessToken("https://graph.microsoft.com/.default"); + const token = await tokenProvider.getAccessToken("https://graph.microsoft.com"); const accessToken = readAccessToken(token); if (!accessToken) throw new Error("MS Teams graph token unavailable"); return accessToken; diff --git a/extensions/msteams/src/graph-upload.ts b/extensions/msteams/src/graph-upload.ts index dd4e28683..3bd9ea5a6 100644 --- a/extensions/msteams/src/graph-upload.ts +++ b/extensions/msteams/src/graph-upload.ts @@ -13,7 +13,7 @@ import type { MSTeamsAccessTokenProvider } from "./attachments/types.js"; const GRAPH_ROOT = "https://graph.microsoft.com/v1.0"; const GRAPH_BETA = "https://graph.microsoft.com/beta"; -const GRAPH_SCOPE = "https://graph.microsoft.com/.default"; +const GRAPH_SCOPE = "https://graph.microsoft.com"; export interface OneDriveUploadResult { id: string; diff --git a/extensions/msteams/src/resolve-allowlist.ts b/extensions/msteams/src/resolve-allowlist.ts index a74c42f61..a5e7a0c74 100644 --- a/extensions/msteams/src/resolve-allowlist.ts +++ b/extensions/msteams/src/resolve-allowlist.ts @@ -143,7 +143,7 @@ async function resolveGraphToken(cfg: unknown): Promise { if (!creds) throw new Error("MS Teams credentials missing"); const { sdk, authConfig } = await loadMSTeamsSdkWithAuth(creds); const tokenProvider = new sdk.MsalTokenProvider(authConfig); - const token = await tokenProvider.getAccessToken("https://graph.microsoft.com/.default"); + const token = await tokenProvider.getAccessToken("https://graph.microsoft.com"); const accessToken = readAccessToken(token); if (!accessToken) throw new Error("MS Teams graph token unavailable"); return accessToken;