From fc7c453140c74156d0c6cee3b0bb81fe2c21cce4 Mon Sep 17 00:00:00 2001
From: Michal Pristas <miprista@microsoft.com>
Date: Wed, 10 Jan 2018 20:27:31 +0100
Subject: [PATCH] fixed azuread flow

---
 providers/azuread/azuread.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/providers/azuread/azuread.go b/providers/azuread/azuread.go
index a7aa2bdd1..1aca20e66 100644
--- a/providers/azuread/azuread.go
+++ b/providers/azuread/azuread.go
@@ -76,7 +76,7 @@ func (p *Provider) BeginAuth(state string) (goth.Session, error) {
 	authURL := p.config.AuthCodeURL(state)
 
 	// Azure ad requires at least one resource
-	authURL += url.QueryEscape(strings.Join(p.resources, " "))
+	authURL += "&resource=" + url.QueryEscape(strings.Join(p.resources, " "))
 
 	return &Session{
 		AuthURL: authURL,
@@ -96,7 +96,14 @@ func (p *Provider) FetchUser(session goth.Session) (goth.User, error) {
 		return user, fmt.Errorf("%s cannot get user information without accessToken", p.providerName)
 	}
 
-	response, err := p.Client().Get(endpointProfile + "?access_token=" + url.QueryEscape(msSession.AccessToken))
+	req, err := http.NewRequest("GET", endpointProfile, nil)
+	if err != nil {
+		return user, err
+	}
+
+	req.Header.Set("Authorization", msSession.AccessToken)
+
+	response, err := p.Client().Do(req)
 	if err != nil {
 		return user, err
 	}