From 8603ea85ce34155eeca804abc5776c5f02a0b1b4 Mon Sep 17 00:00:00 2001
From: Nick Goodall <nbgoodall@users.noreply.github.com>
Date: Wed, 12 Jun 2024 14:25:24 +0100
Subject: [PATCH 1/3] Enable 'scope' overrides from request params

---
 lib/omniauth/strategies/azure_activedirectory_v2.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/omniauth/strategies/azure_activedirectory_v2.rb b/lib/omniauth/strategies/azure_activedirectory_v2.rb
index 24fd1b1..b320610 100644
--- a/lib/omniauth/strategies/azure_activedirectory_v2.rb
+++ b/lib/omniauth/strategies/azure_activedirectory_v2.rb
@@ -41,7 +41,9 @@ def client
           options.authorize_params.prompt = request.params['prompt']
         end
 
-        options.authorize_params.scope = if provider.respond_to?(:scope) && provider.scope
+        options.authorize_params.scope = if defined?(request) && request.params['scope']
+          request.params['scope']
+        elsif provider.respond_to?(:scope) && provider.scope
           provider.scope
         else
           DEFAULT_SCOPE

From a368c26a364a435e957821ccb5a2c54b5b75e4df Mon Sep 17 00:00:00 2001
From: Nick Goodall <nbgoodall@users.noreply.github.com>
Date: Thu, 13 Jun 2024 07:52:58 +0100
Subject: [PATCH 2/3] Add spec

---
 spec/omniauth/strategies/azure_activedirectory_v2_spec.rb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/spec/omniauth/strategies/azure_activedirectory_v2_spec.rb b/spec/omniauth/strategies/azure_activedirectory_v2_spec.rb
index defe88e..9803710 100644
--- a/spec/omniauth/strategies/azure_activedirectory_v2_spec.rb
+++ b/spec/omniauth/strategies/azure_activedirectory_v2_spec.rb
@@ -299,6 +299,12 @@ def client_secret
       it 'has correct token url' do
         expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.com/common/oauth2/v2.0/token')
       end
+
+      it 'has correct scope from request params' do
+        request.params['scope'] = 'openid email offline_access Calendars.Read'
+        subject.client
+        expect(subject.authorize_params[:scope]).to eql('openid email offline_access Calendars.Read')
+      end
     end
   end
 

From fda1bd6bb0e1357c7c39d65319b7067836782647 Mon Sep 17 00:00:00 2001
From: Andrew Hodgkinson <andrew@ripaglobal.com>
Date: Tue, 9 Jul 2024 11:17:32 +1200
Subject: [PATCH 3/3] Add documentation and bump minor version for new feature

---
 CHANGELOG.md                                  |  4 ++++
 README.md                                     | 19 ++++++++++++++++---
 .../azure_activedirectory_v2/version.rb       |  4 ++--
 3 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8c3318c..2e052b6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Change Log
 
+## v2.2.0 (2024-07-09)
+
+[Implements](https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/pull/26) support for specifying `scope` via the authorisation URL, in addition to the prior support for static configuration or configuration via a custom provider class - thanks @nbgoodall!
+
 ## v2.1.0 (2023-09-16)
 
 [Implements](https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/pull/19) support for custom policies when using Microsoft Azure AD - thanks @stevenchanin!
diff --git a/README.md b/README.md
index dccc98a..faf1333 100644
--- a/README.md
+++ b/README.md
@@ -25,12 +25,15 @@ gem 'omniauth-azure-activedirectory-v2'
 
 And then execute:
 
-    $ bundle install
+```shell
+$ bundle install
+```
 
 Or install it yourself as:
 
-    $ gem install omniauth-azure-activedirectory-v2
-
+```shell
+$ gem install omniauth-azure-activedirectory-v2
+```
 
 
 ## Usage
@@ -162,6 +165,14 @@ In method `#authorize_params` above, the request object is used to look for a `l
 
 > **NB:** Naming things is hard! The predecessor gem used the name `YouTenantProvider` since it was focused on custom tenant provision, but if using this in a more generic way, perhaps consider a more generic name such as, say, `CustomOmniAuthAzureProvider`.
 
+#### Special case scope override
+
+If required and more convenient, you can specify a custom `scope` value via generation of an authorisation URL including that required `scope`, rather than by using a custom provider class with `def scope...end` method. Include the `scope` value in your call to generate the URL thus:
+
+```ruby
+omniauth_authorize_url('resource_name_eg_user', 'azure_activedirectory_v2', scope: '...')
+```
+
 
 
 ## Contributing
@@ -182,6 +193,8 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/RIPAGl
 * Add tests and check that `bundle exec rspec` still runs successfully
 * For new features (rather than bug fixes), update `README.md` with details
 
+
+
 ## License
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
diff --git a/lib/omniauth/azure_activedirectory_v2/version.rb b/lib/omniauth/azure_activedirectory_v2/version.rb
index 62d36f6..f6e7bc8 100644
--- a/lib/omniauth/azure_activedirectory_v2/version.rb
+++ b/lib/omniauth/azure_activedirectory_v2/version.rb
@@ -2,8 +2,8 @@ module OmniAuth
   module Azure
     module Activedirectory
       module V2
-        VERSION = "2.1.0"
-        DATE    = "2023-09-16"
+        VERSION = "2.2.0"
+        DATE    = "2024-07-09"
       end
     end
   end