bump msal

Author: derisen

AppCreationScripts/Configure.ps1

@@ -289,28 +289,30 @@ Function ConfigureApplications
     # rename the user_impersonation scope if it exists to match the readme steps or add a new scope
     $scopes = New-Object System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.OAuth2Permission]
 
-    if ($scopes.Count -ge 0) 
+    # delete default scope i.e. User_impersonation
+    $scope = $serviceAadApplication.Oauth2Permissions | Where-Object { $_.Value -eq "User_impersonation" }
+    if($scope -ne $null)
     {
-        # add all existing scopes first
-        $serviceAadApplication.Oauth2Permissions | foreach-object { $scopes.Add($_) }
-
-        $scope = $serviceAadApplication.Oauth2Permissions | Where-Object { $_.Value -eq "User_impersonation" }
+       # disable the scope
+       $scope.IsEnabled = $false
+       $scopes.Add($scope)
+       Set-AzureADApplication -ObjectId $serviceAadApplication.ObjectId -Oauth2Permissions $scopes
+
+       # clear the scope
+       $scopes.Clear()
+       Set-AzureADApplication -ObjectId $serviceAadApplication.ObjectId -Oauth2Permissions $scopes
+    }
 
-        if ($scope -ne $null) 
-        {
-            $scope.Value = "access_as_user"
-        }
-        else 
-        {
-            # Add scope
-            $scope = CreateScope -value "access_as_user"  `
+    if ($scopes.Count -ge 0) 
+    {
+             $scope = CreateScope -value access_as_user  `
                 -userConsentDisplayName "Access ProfileAPI"  `
                 -userConsentDescription "Allow the application to access ProfileAPI on your behalf."  `
                 -adminConsentDisplayName "Access ProfileAPI"  `
                 -adminConsentDescription "Allows the app to have the same access to information in the directory on behalf of the signed-in user."
 
-            $scopes.Add($scope)
-        }        
+                $scopes.Add($scope)
+    
     }
 
     # add/update scopes
@@ -396,13 +398,13 @@ Function ConfigureApplications
    # Update config file for 'service'
    $configFile = $pwd.Path + "\..\ProfileAPI\appsettings.json"
    Write-Host "Updating the sample code ($configFile)"
-   $dictionary = @{ "Domain" = $tenantName;"ClientId" = $serviceAadApplication.AppId;"ClientSecret" = $serviceAppKey };
+   $dictionary = @{ "Domain" = $tenantName;"ClientId" = $serviceAadApplication.AppId;"ClientSecret" = $serviceAppKey;"TenantId" = $tenantId };
    UpdateTextFile -configFilePath $configFile -dictionary $dictionary
 
    # Update config file for 'client'
    $configFile = $pwd.Path + "\..\ProfileSPA\src\utils\authConfig.js"
    Write-Host "Updating the sample code ($configFile)"
-   $dictionary = @{ "Enter the Client Id (aka 'Application ID')" = $clientAadApplication.AppId;"Enter the API scopes as declared in the app registration 'Expose an Api' blade in the form of 'api://{client_id}/.default'" = ("api://"+$serviceAadApplication.AppId+"/access_as_user") };
+   $dictionary = @{ "Enter_the_Application_Id_Here" = $clientAadApplication.AppId;"Enter_the_Tenant_Info_Here" = $tenantId;"Enter_the_Application_Id_of_Service_Here" = $serviceAadApplication.AppId };
    ReplaceInTextFile -configFilePath $configFile -dictionary $dictionary
    Write-Host ""
    Write-Host -ForegroundColor Green "------------------------------------------------------------------------------------------------" 
@@ -416,7 +418,13 @@ Function ConfigureApplications
    Write-Host "  - Navigate to the Manifest page and set the value 'replyUrlsWithType' as 'Spa'." -ForegroundColor Red 
 
    Write-Host -ForegroundColor Green "------------------------------------------------------------------------------------------------" 
-     
+      if($isOpenSSL -eq 'Y')
+   {
+        Write-Host -ForegroundColor Green "------------------------------------------------------------------------------------------------" 
+        Write-Host "You have generated certificate using OpenSSL so follow below steps: "
+        Write-Host "Install the certificate on your system from current folder."
+        Write-Host -ForegroundColor Green "------------------------------------------------------------------------------------------------" 
+   }
    Add-Content -Value "</tbody></table></body></html>" -Path createdApps.html  
 }
 

AppCreationScripts/sample.json

@@ -71,6 +71,10 @@
         {
           "key": "ClientSecret",
           "value": "service.AppKey"
+        },
+        {
+          "key": "TenantId",
+          "value": "$tenantId"
         }
       ]
     },
@@ -81,12 +85,16 @@
       "SettingFile": "\\..\\ProfileSPA\\src\\utils\\authConfig.js",
       "Mappings": [
         {
-          "key": "Enter the Client Id (aka 'Application ID')",
+          "key": "Enter_the_Application_Id_Here",
           "value": "client.AppId"
         },
         {
-          "key": "Enter the API scopes as declared in the app registration 'Expose an Api' blade in the form of 'api://{client_id}/.default'",
-          "value": "service.Scope"
+          "key": "Enter_the_Tenant_Info_Here",
+          "value": "$tenantId"
+        },
+        {
+          "key": "Enter_the_Application_Id_of_Service_Here",
+          "value": "service.AppId"
         }
       ]
     }

CHANGELOG.md

@@ -1,5 +1,10 @@
 # CHANGELOG
 
+## 08/04/2021
+
+* Updated MSAL.js to 2.13.1 and M.I.W to 1.8.2
+* Sample now targets work and school accounts, instead of personal Microsoft accounts.
+
 ## 20/02/2021
 
 * Updated MSAL.js to 2.11 and M.I.W to 1.6

ProfileAPI/Controllers/ProfileController.cs

@@ -73,22 +73,7 @@ public async Task<ActionResult<ProfileItem>> PostProfileItem(ProfileItem profile
             {
                 User profile = await _graphServiceClient.Me.Request().GetAsync();
 
-                string graphID;
-
-                // OID is represented in id_token as a 32 digit number, while in MS Graph API, the
-                // preceding 0s are sometimes omitted. The following operation adds the omitted 0s back.
-
-                if (profile.Id.Length < 32)
-                {
-                    int x = 32 - profile.Id.Length;
-                    graphID = new string('0', x) + profile.Id;
-                }
-                else
-                {
-                    graphID = profile.Id;
-                }
-
-                profileItem.Id = graphID;
+                profileItem.Id = profile.Id;
                 profileItem.UserPrincipalName = profile.UserPrincipalName;
                 profileItem.GivenName = profile.GivenName;
                 profileItem.Surname = profile.Surname;

ProfileAPI/appsettings.json

@@ -4,16 +4,9 @@
     "ClientId": "Enter the application ID (clientId) of the 'ProfileAPI' application copied from the Azure portal",
     "ClientSecret": "Enter the client secret of the 'ProfileAPI' application copied from the Azure portal",
     "Instance": "https://login.microsoftonline.com/",
-    "TenantId": "consumers"
+    "TenantId": "Enter the ID of your Azure AD tenant"
   },
   "DownstreamAPI": {
-    /*
-     'Scopes' contains space separated scopes of the web API you want to call. This can be:
-      - a scope for a V2 application (for instance api:b3682cc7-8b30-4bd2-aaba-080c6bf0fd31/access_as_user)
-      - a scope corresponding to a V1 application (for instance <App ID URI>/.default, where  <App ID URI> is the
-        App ID URI of a legacy v1 Web application
-      Applications are registered in the https:portal.azure.com portal.
-    */
     "Scopes": "User.Read",
     "BaseUrl": "https://graph.microsoft.com/v1.0/"
   },

ProfileSPA/package.json

@@ -3,7 +3,7 @@
   "version": "1.0.0",
   "author": "derisen",
   "dependencies": {
-    "@azure/msal-browser": "^2.13.0",
+    "@azure/msal-browser": "^2.13.1",
     "bootstrap": "^4.5.0",
     "react": "^16.14.0",
     "react-bootstrap": "^1.2.2",

ProfileSPA/src/utils/authConfig.js

@@ -2,8 +2,8 @@
 // visit https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/configuration.md
 export const msalConfig = {
     auth: {
-        clientId: "Enter the Client Id (aka 'Application ID')",
-        authority: "https://login.microsoftonline.com/consumers",
+        clientId: "Enter_the_Application_Id_Here",
+        authority: "https://login.microsoftonline.com/Enter_the_Tenant_Info_Here",
         redirectUri: "http://localhost:3000"
     },
     cache: {
@@ -15,7 +15,7 @@ export const msalConfig = {
 // Coordinates and required scopes for your web API
 export const apiConfig = {
     resourceUri: "https://localhost:44351/api/profile",
-    resourceScopes: ["Enter the API scopes as declared in the app registration 'Expose an Api' blade in the form of 'api://{client_id}/.default'"]
+    resourceScopes: ["api://Enter_the_Application_Id_of_Service_Here/.default'"]
 }
 
 /**