использование MSAL с областью видимости в Microsoft.Graph.API по-прежнему дает мне области действия по умолчанию в PowerShell

Привет всем, пытаюсь подключиться к Microsoft Graph API через PowerShell. Я использую осциллограф, и все вроде нормально, даже Fiddler показывает правильные области, но я получаю все области в своем токене.

Использую сборку MSAL: Microsoft.Identity.Client.dll

Скрипт, который я запускаю:

$ApplicationID = XXXXXX
$Tenant = XXXXXX
$RedirectUri XXXXXX//:auth
    
$Builder = [Microsoft.Identity.Client.PublicClientApplicationBuilder]::Create($ApplicationID).WithTenantId($Tenant).WithRedirectUri($RedirectUri).Build()
$Delegate = $Builder.AcquireTokenInteractive($global:Scope).ExecuteAsync()

Fiddler показывает это как область действия: https://graph.microsoft.com/User.Read openid профиль offline_access

Тем не менее, все области действия по умолчанию находятся в моем токене:

$Delegate.result.scopes
email
openid
profile
https://graph.microsoft.com/AccessReview.Read.All
https://graph.microsoft.com/AccessReview.ReadWrite.All
https://graph.microsoft.com/AccessReview.ReadWrite.Membership
https://graph.microsoft.com/AdministrativeUnit.Read.All
https://graph.microsoft.com/AdministrativeUnit.ReadWrite.All
https://graph.microsoft.com/Analytics.Read
https://graph.microsoft.com/Application.Read.All
https://graph.microsoft.com/Application.ReadWrite.All
https://graph.microsoft.com/AppRoleAssignment.ReadWrite.All
https://graph.microsoft.com/AuditLog.Read.All
https://graph.microsoft.com/Calendars.Read
https://graph.microsoft.com/Calendars.Read.Shared
https://graph.microsoft.com/Calendars.ReadWrite
https://graph.microsoft.com/Calendars.ReadWrite.Shared
https://graph.microsoft.com/Channel.Create
https://graph.microsoft.com/Channel.Delete.All
https://graph.microsoft.com/Channel.ReadBasic.All
https://graph.microsoft.com/ChannelMember.Read.All
https://graph.microsoft.com/ChannelMember.ReadWrite.All
https://graph.microsoft.com/ChannelMessage.Delete
https://graph.microsoft.com/ChannelMessage.Edit
https://graph.microsoft.com/ChannelMessage.Read.All
https://graph.microsoft.com/ChannelMessage.Send
https://graph.microsoft.com/ChannelSettings.Read.All
https://graph.microsoft.com/ChannelSettings.ReadWrite.All
https://graph.microsoft.com/Chat.Read
https://graph.microsoft.com/Chat.ReadBasic
https://graph.microsoft.com/Chat.ReadWrite
https://graph.microsoft.com/ChatMessage.Send
https://graph.microsoft.com/Contacts.Read
https://graph.microsoft.com/Contacts.Read.Shared
https://graph.microsoft.com/Contacts.ReadWrite
https://graph.microsoft.com/Contacts.ReadWrite.Shared
https://graph.microsoft.com/DelegatedPermissionGrant.ReadWrite.All
https://graph.microsoft.com/Device.Command
https://graph.microsoft.com/Device.Read
https://graph.microsoft.com/Device.Read.All
https://graph.microsoft.com/DeviceManagementApps.Read.All
https://graph.microsoft.com/DeviceManagementApps.ReadWrite.All
https://graph.microsoft.com/DeviceManagementConfiguration.Read.All
https://graph.microsoft.com/DeviceManagementConfiguration.ReadWrite.All
https://graph.microsoft.com/DeviceManagementManagedDevices.Read.All
https://graph.microsoft.com/DeviceManagementManagedDevices.ReadWrite.All
https://graph.microsoft.com/DeviceManagementRBAC.Read.All
https://graph.microsoft.com/DeviceManagementRBAC.ReadWrite.All
https://graph.microsoft.com/DeviceManagementServiceConfig.Read.All
https://graph.microsoft.com/DeviceManagementServiceConfig.ReadWrite.All
https://graph.microsoft.com/Directory.AccessAsUser.All
https://graph.microsoft.com/Directory.Read.All
https://graph.microsoft.com/Directory.ReadWrite.All
https://graph.microsoft.com/Domain.Read.All
https://graph.microsoft.com/Domain.ReadWrite.All
https://graph.microsoft.com/EAS.AccessAsUser.All
https://graph.microsoft.com/EWS.AccessAsUser.All
https://graph.microsoft.com/Files.Read
https://graph.microsoft.com/Files.Read.All
https://graph.microsoft.com/Files.Read.Selected
https://graph.microsoft.com/Files.ReadWrite
https://graph.microsoft.com/Files.ReadWrite.All
https://graph.microsoft.com/Files.ReadWrite.AppFolder
https://graph.microsoft.com/Files.ReadWrite.Selected
https://graph.microsoft.com/Group.Read.All
https://graph.microsoft.com/Group.ReadWrite.All
https://graph.microsoft.com/GroupMember.Read.All
https://graph.microsoft.com/GroupMember.ReadWrite.All
https://graph.microsoft.com/IdentityProvider.Read.All
https://graph.microsoft.com/IdentityProvider.ReadWrite.All
https://graph.microsoft.com/IdentityRiskEvent.Read.All
https://graph.microsoft.com/IdentityRiskEvent.ReadWrite.All
https://graph.microsoft.com/IdentityRiskyUser.Read.All
https://graph.microsoft.com/IdentityRiskyUser.ReadWrite.All
https://graph.microsoft.com/IdentityUserFlow.Read.All
https://graph.microsoft.com/IdentityUserFlow.ReadWrite.All
https://graph.microsoft.com/IMAP.AccessAsUser.All
https://graph.microsoft.com/InformationProtectionPolicy.Read
https://graph.microsoft.com/Mail.Read
https://graph.microsoft.com/Mail.Read.Shared
https://graph.microsoft.com/Mail.ReadBasic
https://graph.microsoft.com/Mail.ReadWrite
https://graph.microsoft.com/Mail.ReadWrite.Shared
https://graph.microsoft.com/Mail.Send
https://graph.microsoft.com/Mail.Send.Shared
https://graph.microsoft.com/MailboxSettings.Read
https://graph.microsoft.com/MailboxSettings.ReadWrite
https://graph.microsoft.com/Member.Read.Hidden
https://graph.microsoft.com/OnPremisesPublishingProfiles.ReadWrite.All
https://graph.microsoft.com/Organization.Read.All
https://graph.microsoft.com/Organization.ReadWrite.All
https://graph.microsoft.com/OrgContact.Read.All
https://graph.microsoft.com/Place.Read.All
https://graph.microsoft.com/Policy.Read.All
https://graph.microsoft.com/Policy.Read.ConditionalAccess
https://graph.microsoft.com/Policy.Read.PermissionGrant
https://graph.microsoft.com/Policy.ReadWrite.ApplicationConfiguration
https://graph.microsoft.com/Policy.ReadWrite.AuthenticationFlows
https://graph.microsoft.com/Policy.ReadWrite.AuthenticationMethod
https://graph.microsoft.com/Policy.ReadWrite.Authorization
https://graph.microsoft.com/Policy.ReadWrite.ConditionalAccess
https://graph.microsoft.com/Policy.ReadWrite.ConsentRequest
https://graph.microsoft.com/Policy.ReadWrite.DeviceConfiguration
https://graph.microsoft.com/Policy.ReadWrite.FeatureRollout
https://graph.microsoft.com/Policy.ReadWrite.PermissionGrant
https://graph.microsoft.com/Policy.ReadWrite.TrustFramework
https://graph.microsoft.com/PrivilegedAccess.Read.AzureAD
https://graph.microsoft.com/PrivilegedAccess.Read.AzureADGroup
https://graph.microsoft.com/PrivilegedAccess.Read.AzureResources
https://graph.microsoft.com/PrivilegedAccess.ReadWrite.AzureAD
https://graph.microsoft.com/PrivilegedAccess.ReadWrite.AzureADGroup
https://graph.microsoft.com/PrivilegedAccess.ReadWrite.AzureResources
https://graph.microsoft.com/ProgramControl.Read.All
https://graph.microsoft.com/ProgramControl.ReadWrite.All
https://graph.microsoft.com/Reports.Read.All
https://graph.microsoft.com/RoleManagement.Read.All
https://graph.microsoft.com/RoleManagement.Read.Directory
https://graph.microsoft.com/RoleManagement.ReadWrite.Directory
https://graph.microsoft.com/SecurityEvents.Read.All
https://graph.microsoft.com/ServiceHealth.Read.All
https://graph.microsoft.com/ServiceMessage.Read.All
https://graph.microsoft.com/Sites.FullControl.All
https://graph.microsoft.com/Sites.Manage.All
https://graph.microsoft.com/Sites.Read.All
https://graph.microsoft.com/Sites.ReadWrite.All
https://graph.microsoft.com/SMTP.Send
https://graph.microsoft.com/Subscription.Read.All
https://graph.microsoft.com/Team.Create
https://graph.microsoft.com/Team.ReadBasic.All
https://graph.microsoft.com/TeamMember.Read.All
https://graph.microsoft.com/TeamMember.ReadWrite.All
https://graph.microsoft.com/TeamMember.ReadWriteNonOwnerRole.All
https://graph.microsoft.com/TeamsTab.ReadWrite.All
https://graph.microsoft.com/TermStore.Read.All
https://graph.microsoft.com/TermStore.ReadWrite.All
https://graph.microsoft.com/ThreatAssessment.ReadWrite.All
https://graph.microsoft.com/ThreatIndicators.Read.All
https://graph.microsoft.com/ThreatIndicators.ReadWrite.OwnedBy
https://graph.microsoft.com/TrustFrameworkKeySet.Read.All
https://graph.microsoft.com/TrustFrameworkKeySet.ReadWrite.All
https://graph.microsoft.com/User.Export.All
https://graph.microsoft.com/User.Invite.All
https://graph.microsoft.com/User.ManageIdentities.All
https://graph.microsoft.com/User.Read
https://graph.microsoft.com/User.Read.All
https://graph.microsoft.com/User.ReadBasic.All
https://graph.microsoft.com/User.ReadWrite
https://graph.microsoft.com/User.ReadWrite.All
https://graph.microsoft.com/UserActivity.ReadWrite.CreatedByApp
https://graph.microsoft.com/UserAuthenticationMethod.Read
https://graph.microsoft.com/UserAuthenticationMethod.Read.All
https://graph.microsoft.com/UserAuthenticationMethod.ReadWrite
https://graph.microsoft.com/UserAuthenticationMethod.ReadWrite.All

Похоже, он все еще загружает области .default. Не волнуйтесь, это тестовый env ;-).

Это из-за одного из них в сфере охвата? электронная почта профиль openid