microsoft · Ndiritu · Feb 1, 2023 · Jan 26, 2023
diff --git a/src/PhpLeagueAccessTokenProvider.php b/src/PhpLeagueAccessTokenProvider.php
@@ -60,18 +60,9 @@ class PhpLeagueAccessTokenProvider implements AccessTokenProvider
     public function __construct(TokenRequestContext $tokenRequestContext, array $scopes = [], array $allowedHosts = [])
     {
         $this->tokenRequestContext = $tokenRequestContext;
-        if (empty($scopes)) {
-            $scopes = ['https://graph.microsoft.com/.default'];
-        }
         $this->scopes = $scopes;
-
         $this->allowedHostsValidator = new AllowedHostsValidator();
-        if (empty($allowedHosts)) {
-            $this->allowedHostsValidator->setAllowedHosts(["graph.microsoft.com", "graph.microsoft.us", "dod-graph.microsoft.us", "graph.microsoft.de", "microsoftgraph.chinacloudapi.cn", "canary.graph.microsoft.com"]);
-        } else {
-            $this->allowedHostsValidator->setAllowedHosts($allowedHosts);
-        }
-
+        $this->allowedHostsValidator->setAllowedHosts($allowedHosts);
         $this->initOauthProvider();
     }
 
@@ -80,10 +71,14 @@ public function __construct(TokenRequestContext $tokenRequestContext, array $sco
      */
     public function getAuthorizationTokenAsync(string $url): Promise
     {
-        $scheme = parse_url($url, PHP_URL_SCHEME);
+        $parsedUrl = parse_url($url);
+        $scheme = $parsedUrl["scheme"] ?? null;
+        $host = $parsedUrl["host"] ?? null;
+
         if ($scheme !== 'https' || !$this->getAllowedHostsValidator()->isUrlHostValid($url)) {
             return new FulfilledPromise(null);
         }
+        $this->scopes = $this->scopes ?: ["{$scheme}://{$host}/.default"];
         try {
             $params = array_merge($this->tokenRequestContext->getParams(), ['scope' => implode(' ', $this->scopes)]);
             if ($this->cachedToken) {

diff --git a/src/PhpLeagueAuthenticationProvider.php b/src/PhpLeagueAuthenticationProvider.php
@@ -34,7 +34,7 @@ class PhpLeagueAuthenticationProvider extends BaseBearerTokenAuthenticationProvi
      * @param array $scopes
      * @param array $allowedHosts
      */
-    public function __construct(TokenRequestContext $tokenRequestContext, array $scopes, array $allowedHosts = [])
+    public function __construct(TokenRequestContext $tokenRequestContext, array $scopes = [], array $allowedHosts = [])
     {
         $this->accessTokenProvider = new PhpLeagueAccessTokenProvider($tokenRequestContext, $scopes, $allowedHosts);
         parent::__construct($this->accessTokenProvider);

diff --git a/tests/PhpLeagueAccessTokenProviderTest.php b/tests/PhpLeagueAccessTokenProviderTest.php
@@ -28,12 +28,6 @@ protected function setUp(): void
         );
     }
 
-    public function testPassingEmptyScopesThrowsException(): void
-    {
-        $this->expectException(\InvalidArgumentException::class);
-        $tokenProvider = new PhpLeagueAccessTokenProvider(new ClientCredentialContext('', '', ''), []);
-    }
-
     public function testPassingMultipleScopes(): void
     {
         $tokenProvider = new PhpLeagueAccessTokenProvider(new ClientCredentialContext(
@@ -55,7 +49,7 @@ public function testGetAuthorizationTokenWithSuccessfulTokenResponse(): void
     {
         $oauthContexts = $this->getOauthContexts();
         foreach ($oauthContexts as $tokenRequestContext) {
-            $tokenProvider = new PhpLeagueAccessTokenProvider($tokenRequestContext, ['https://graph.microsoft.com/.default']);
+            $tokenProvider = new PhpLeagueAccessTokenProvider($tokenRequestContext);
             $mockResponses = [
                 function (Request $request) use ($tokenRequestContext) {
                     $expectedUrl = 'https://login.microsoftonline.com/tenantId/oauth2/v2.0/token';
@@ -77,7 +71,7 @@ public function testGetAuthorizationTokenCachesInMemory(): void
     {
         $oauthContexts = $this->getOauthContexts();
         foreach ($oauthContexts as $tokenRequestContext) {
-            $tokenProvider = new PhpLeagueAccessTokenProvider($tokenRequestContext, ['https://graph.microsoft.com/.default']);
+            $tokenProvider = new PhpLeagueAccessTokenProvider($tokenRequestContext);
             $mockResponses = [
                 new Response(200, [], json_encode(['access_token' => 'abc', 'expires_in' => 5])),
                 new Response(200, [], json_encode(['access_token' => 'xyz', 'expires_in' => 5]))
@@ -89,17 +83,17 @@ public function testGetAuthorizationTokenCachesInMemory(): void
         }
     }
 
-    public function testGetAuthorizationTokenEmptyWhenNotHostAllowed(): void
+    public function testGetAuthorizationTokenWhenAllowedHostsNotDefined(): void
     {
         $oauthContexts = $this->getOauthContexts();
         foreach ($oauthContexts as $tokenRequestContext) {
-            $tokenProvider = new PhpLeagueAccessTokenProvider($tokenRequestContext, ['https://graph.microsoft.com/.default']);
+            $tokenProvider = new PhpLeagueAccessTokenProvider($tokenRequestContext);
             $mockResponses = [
                 new Response(200, [], json_encode(['access_token' => 'abc', 'expires_in' => 5])),
                 new Response(200, [], json_encode(['access_token' => 'xyz', 'expires_in' => 5]))
             ];
             $tokenProvider->getOauthProvider()->setHttpClient($this->getMockHttpClient($mockResponses));
-            $this->assertEquals(null, $tokenProvider->getAuthorizationTokenAsync('https://example.com')->wait());
+            $this->assertEquals('abc', $tokenProvider->getAuthorizationTokenAsync('https://example.com')->wait());
             // Second call happens before token expires. We should get the existing access token
             $this->assertEquals('abc', $tokenProvider->getAuthorizationTokenAsync('https://graph.microsoft.com')->wait());
         }