From 33b2f08c4a1869846b040eaa1048c50771774e2e Mon Sep 17 00:00:00 2001
From: Jennyf19 <jeferrie@microsoft.com>
Date: Tue, 19 Apr 2022 14:58:42 -0700
Subject: [PATCH] fix for 1707

---
 .../Policy/ScopeAuthorizationHandler.cs                | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.Identity.Web/Policy/ScopeAuthorizationHandler.cs b/src/Microsoft.Identity.Web/Policy/ScopeAuthorizationHandler.cs
index 4a51b9f2d..39fb05d51 100644
--- a/src/Microsoft.Identity.Web/Policy/ScopeAuthorizationHandler.cs
+++ b/src/Microsoft.Identity.Web/Policy/ScopeAuthorizationHandler.cs
@@ -81,14 +81,18 @@ protected override Task HandleRequirementAsync(
                 return Task.CompletedTask;
             }
 
-            Claim? scopeClaim = context.User.FindFirst(ClaimConstants.Scp) ?? context.User.FindFirst(ClaimConstants.Scope);
+            var scopeClaims = context.User.FindAll(ClaimConstants.Scp)
+              .Union(context.User.FindAll(ClaimConstants.Scope))
+              .ToList();
 
-            if (scopeClaim is null)
+            if (!scopeClaims.Any())
             {
                 return Task.CompletedTask;
             }
 
-            if (scopeClaim != null && scopeClaim.Value.Split(' ').Intersect(scopes).Any())
+            var hasScope = scopeClaims.SelectMany(s => s.Value.Split(' ')).Intersect(scopes).Any();
+
+            if (hasScope)
             {
                 context.Succeed(requirement);
                 return Task.CompletedTask;