roles, and scp(scope) doesnt included in returned id_token

[kesalomamatka]

Expected behaviour

Roles and scope should in returned id_token.

Actual behaviour

Im using python social auth library with Azure AD authentication.

I tried with "AzureADTenantOAuth2" and "AzureADOAuth2", after login and redirect back to application. Then I tried to put returned user id token to jwt.io, but the "id_token" of user doesnt contains "scope" and "roles".

From the application, the "SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SCOPE" / "SOCIAL_AUTH_AZUREAD_OAUTH2_SCOPE" replaced by [xxxxxxxx/user_impersonation', 'openid', 'profile', 'offline_access'].

What are the steps to reproduce this issue?

Input clear steps to reproduce the issue for a maintainer.

1. use AzureADTenantOAuth2 / AzureADOAuth2
2. add required argument in settings.py e.g. "SOCIAL_AUTH_AZUREAD_OAUTH2_KEY"
3. do azure AD oauth2 authentication and redirect back to application
4. check returned user id token (doesnt contain scp and roles)

Any logs, error output, etc?

No error, the code running fine, but token wasnt.

[themysteq]

@kesalomamatka have you got chance to use V2 version of this backend? see https://github.com/python-social-auth/social-core/blob/master/social_core/backends/azuread_tenant.py#L110
It works for me