Azure AD OAuth: missing User.Read scope prevents Login

[mikep11]

When using Azure AD (Entra ID) OAuth, authentication fails after token exchange because script-server requested scopes are only:

openid profile email

As a result, the access token does not include User.Read, and Graph returns 403 Forbidden.

Suggestion:
Include User.Read in the default Azure AD OAuth scopes:

Change Line 20 in src/auth/auth_azure_ad_oauth.py to:
openid profile email User.Read

Once I made this change, everything worked.

[hranmuthu]

I also confirm this error and the suggested fix works.

AD support is not available in 1.18.0 (current production version).

I'm currently using bugy/script-server:dev docker image with externally mounted auth_azure_ad_oauth.py file on production. Can we have this fixed and AD supported version as a production docker image.

[bugy]

Merged, let's wait for the build

[bugy]

Thanks a lot @mikep11