From e6a3c7d12b0f4e7a3b7caa4fe62ab81764c9f577 Mon Sep 17 00:00:00 2001
From: Georg Bremer <github@dschoordsch.de>
Date: Mon, 22 Jul 2024 10:27:05 +0200
Subject: [PATCH] chore: Reduce Azure DevOps scope (#9999)

---
 packages/client/utils/AzureDevOpsClientManager.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/client/utils/AzureDevOpsClientManager.ts b/packages/client/utils/AzureDevOpsClientManager.ts
index 09dc2e510bf..84f3956a6e3 100644
--- a/packages/client/utils/AzureDevOpsClientManager.ts
+++ b/packages/client/utils/AzureDevOpsClientManager.ts
@@ -41,7 +41,8 @@ class AzureDevOpsClientManager {
     const verifier = AzureDevOpsClientManager.generateVerifier()
     const code = await AzureDevOpsClientManager.generateCodeChallenge(verifier)
     const redirect = makeHref('/auth/ado2')
-    const scope = '499b84ac-1321-427f-aa17-267ca6975798/.default offline_access'
+    const scope =
+      '499b84ac-1321-427f-aa17-267ca6975798/vso.project 499b84ac-1321-427f-aa17-267ca6975798/vso.work_write offline_access'
     const url = `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/authorize?client_id=${clientId}&response_type=code&redirect_uri=${redirect}&response_mode=query&scope=${scope}&state=${providerState}&code_challenge=${code}&code_challenge_method=S256`
 
     // Open synchronously because of Safari