Microsoft MSAL-获取多个作用域的令牌

在Azure Active Directory中，我有一个需要同时在以下范围内使用MicrosoftGraphAPI和SharePointAPI的应用程序：

GraphAPI scopes:

"https://graph.microsoft.com/User.Read.All",
"https://graph.microsoft.com/Group.Read.All",
"https://graph.microsoft.com/Sites.Read.All",
"https://graph.microsoft.com/Calendars.Read.Shared",
"https://graph.microsoft.com/MailboxSettings.Read",
"https://graph.microsoft.com/Files.Read.All"

SharePointAPI scopes:

"https://microsoft.sharepoint-df.com/AllSites.Read",
"https://microsoft.sharepoint-df.com/AllSites.FullControl",
"https://microsoft.sharepoint-df.com/User.Read.All"

我正在尝试获取该应用程序的令牌：

from msal import PublicClientApplication
AUTHORITY = 'https://login.microsoftonline.com/common'

scopes = [ "https://microsoft.sharepoint-df.com/AllSites.Read",
           "https://microsoft.sharepoint-df.com/AllSites.FullControl",
           "https://microsoft.sharepoint-df.com/User.Read.All"
           "https://graph.microsoft.com/User.Read.All",
           "https://graph.microsoft.com/Group.Read.All",
           "https://graph.microsoft.com/Sites.Read.All",
           "https://graph.microsoft.com/Calendars.Read.Shared",
           "https://graph.microsoft.com/MailboxSettings.Read",
           "https://graph.microsoft.com/Files.Read.All"
         ]

app = PublicClientApplication(client_id, authority=AUTHORITY)
flow = app.initiate_device_flow(scopes=scopes)

但是在WebUI中批准该应用程序后，出现以下错误：

'error_description': 'AADSTS28000: Provided value for the input parameter scope is not valid 
because it contains more than one resource. Scope https://graph.microsoft.com/Calendars.Read.Shared 
https://graph.microsoft.com/Files.Read.All https://graph.microsoft.com/Group.Read.All 

https://graph.microsoft.com/MailboxSettings.Read https://graph.microsoft.com/Sites.Read.All 

https://graph.microsoft.com/User.Read.All https://microsoft.sharepoint-df.com/AllSites.FullControl 
https://microsoft.sharepoint-df.com/AllSites.Read https://microsoft.sharepoint-df.com/User.Read.All 
offline_access openid profile is not valid'