fix(microsoft): fix duplicated scopes (#331)

atinux · web-flow · commit 6c5c4cda2337 · 2025-02-04T17:39:13.000+01:00
diff --git a/src/runtime/server/lib/oauth/microsoft.ts b/src/runtime/server/lib/oauth/microsoft.ts
@@ -77,15 +77,17 @@ export function defineOAuthMicrosoftEventHandler({ config, onSuccess, onError }:
     const redirectURL = config.redirectURL || getOAuthRedirectURL(event)
 
     if (!query.code) {
-      const scope = config.scope && config.scope.length > 0 ? config.scope : ['User.Read']
+      config.scope = config.scope && config.scope.length > 0 ? config.scope : ['User.Read']
+      // guarantee uniqueness of the scope
+      config.scope = [...new Set(config.scope)]
       // Redirect to Microsoft Oauth page
       return sendRedirect(
         event,
         withQuery(authorizationURL as string, {
           client_id: config.clientId,
           response_type: 'code',
           redirect_uri: redirectURL,
-          scope: scope.join(' '),
+          scope: config.scope.join(' '),
           ...config.authorizationParams,
         }),
       )
