Azure DevOps Python 获取令牌的正确范围

我正在尝试通过 Azure DevOps Python API 获取拉取请求。下面的代码可以工作，但我不想使用

/.default

范围，因为我只需要一个只读调用。问题是，如果我在

creds.get_token

调用中放入任何其他范围，我会在

creds.get_token

调用中收到错误：

InteractiveBrowserCredential.get_token failed: Authentication failed: AADSTS65002: Consent between first party application 'xxxxx' and first party resource 'xxxxx' must be configured via preauthorization - applications owned and operated by Microsoft must get approval from the API owner before requesting tokens for that API.

问题是，我可以放入

creds.get_token

来获取拉取请求的最宽松范围是什么，如下所示：

creds = InteractiveBrowserCredential()

# I'd rather not use .default here
auth = BasicTokenAuthentication({'access_token': creds.get_token('499b84ac-1321-427f-aa17-267ca6975798/.default').token})

conn = Connection(base_url='https://dev.azure.com/xxx/', creds=auth)
client = conn.clients.get_git_client()
result = client.get_pull_requests("xxxx")

print(result)

499b84ac-1321-427f-aa17-267ca6975798/.default