review changes

Author: derisen

2-Authorization-I/1-call-graph/App/public/401.html

@@ -167,7 +167,7 @@ class MsalExpressMiddleware extends msal.ConfidentialClientApplication {
                             // edit here if you would like to change redirect after successful login
                             return res.status(200).redirect(this.rawConfig.configuration.homePageRoute);
                         } else {
-                            return res.status(401).redirect('/401.html');
+                            return res.status(401).send("Not Permitted");
                         }
                     }).catch((error) => {
                         console.log(error);
@@ -202,10 +202,10 @@ class MsalExpressMiddleware extends msal.ConfidentialClientApplication {
                         res.status(500).send(error);
                     });
             } else {
-                res.status(500).send("unknown");
+                res.status(500).send("Unknown app stage");
             }
             } else {
-                res.status(401).redirect('/401.html');
+                res.status(401).send("Not Permitted");
             }
     };
 
@@ -241,23 +241,23 @@ class MsalExpressMiddleware extends msal.ConfidentialClientApplication {
             // initiate the first leg of auth code grant to get token
             this.getAuthCode(
                 this.msalConfig.auth.authority, 
-                scopes, state, this.msalConfig.auth.redirectUri, res
-                );
-
+                scopes, state, 
+                this.msalConfig.auth.redirectUri, 
+                res);
         } else {
             next();
         }
     };
 
     /**
-     * Middleware checks for id token (and redirects to get sign-in?)
+     * Middleware checks for id token (and redirects to sign-in?)
      * @param {Object} req: express request object
      * @param {Object} res: express response object
      * @param {Function} next: express next 
      */
     isAuthenticated = (req, res, next) => {        
         if (!req.session.isAuthenticated) {
-            return res.redirect('/401.html');
+            return res.send("Not Permitted");
         }
         next();
     };
@@ -279,7 +279,7 @@ class MsalExpressMiddleware extends msal.ConfidentialClientApplication {
         }
 
         if (!this.hasTokenForProtectedRoute(req.session, resourceName)) {
-            return res.redirect('/401.html');
+            return res.send("Not Permitted");
         }
         next();
     };
@@ -306,7 +306,7 @@ class MsalExpressMiddleware extends msal.ConfidentialClientApplication {
 
     /**
      * Validates the access token for signature 
-     * and a given set of claims
+     * and against a predefined set of claims
      * @param {Object} token: raw access token
      */
     validateAccessToken = (accessToken) => {
@@ -341,7 +341,7 @@ class MsalExpressMiddleware extends msal.ConfidentialClientApplication {
      */
     getSigningKeys = (header, callback) => {
         const client = jwksClient({
-            jwksUri: 'https://login.microsoftonline.com/' + this.rawConfig.credentials.tenantId + '/discovery/v2.0/keys'
+            jwksUri: `${constants.AuthorityStrings.AAD}${this.rawConfig.credentials.tenantId}/discovery/v2.0/keys`
         });
 
         client.getSigningKey(header.kid, function (err, key) {
@@ -413,7 +413,7 @@ class MsalExpressMiddleware extends msal.ConfidentialClientApplication {
 
     /**
      * Util method to get the resource name for a given callingPageRoute (auth.json)
-     * @param {String} path 
+     * @param {String} path: /path string that the resource is associated with 
      */
     getResourceName = (path) => {
         let index = Object.values(this.rawConfig.resources).findIndex(resource => resource.callingPageRoute === path);

2-Authorization-I/1-call-graph/App/utils/msalExpressMiddleware.js

@@ -59,9 +59,9 @@ Function Cleanup
     # Removes the applications
     Write-Host "Cleaning-up applications from tenant '$tenantName'"
 
-    Write-Host "Removing 'webApp' (ExpressWebApp-3) if needed"
-    Get-AzureADApplication -Filter "DisplayName eq 'ExpressWebApp-3'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
-    $apps = Get-AzureADApplication -Filter "DisplayName eq 'ExpressWebApp-3'"
+    Write-Host "Removing 'webApp' (ExpressWebApp-2) if needed"
+    Get-AzureADApplication -Filter "DisplayName eq 'ExpressWebApp-2'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
+    $apps = Get-AzureADApplication -Filter "DisplayName eq 'ExpressWebApp-2'"
     if ($apps)
     {
         Remove-AzureADApplication -ObjectId $apps.ObjectId
@@ -70,10 +70,10 @@ Function Cleanup
     foreach ($app in $apps) 
     {
         Remove-AzureADApplication -ObjectId $app.ObjectId
-        Write-Host "Removed ExpressWebApp-3.."
+        Write-Host "Removed ExpressWebApp-2.."
     }
     # also remove service principals of this app
-    Get-AzureADServicePrincipal -filter "DisplayName eq 'ExpressWebApp-3'" | ForEach-Object {Remove-AzureADServicePrincipal -ObjectId $_.Id -Confirm:$false}
+    Get-AzureADServicePrincipal -filter "DisplayName eq 'ExpressWebApp-2'" | ForEach-Object {Remove-AzureADServicePrincipal -ObjectId $_.Id -Confirm:$false}
 
 }
 

2-Authorization-I/1-call-graph/AppCreationScripts/Cleanup.ps1

@@ -192,17 +192,17 @@ Function ConfigureApplications
     $user = Get-AzureADUser -ObjectId $creds.Account.Id
 
    # Create the webApp AAD application
-   Write-Host "Creating the AAD application (ExpressWebApp-3)"
+   Write-Host "Creating the AAD application (ExpressWebApp-2)"
    # Get a 2 years application key for the webApp Application
    $pw = ComputePassword
    $fromDate = [DateTime]::Now;
    $key = CreateAppKey -fromDate $fromDate -durationInYears 2 -pw $pw
    $webAppAppKey = $pw
    # create the application 
-   $webAppAadApplication = New-AzureADApplication -DisplayName "ExpressWebApp-3" `
-                                                  -HomePage "https://localhost:4000/" `
+   $webAppAadApplication = New-AzureADApplication -DisplayName "ExpressWebApp-2" `
+                                                  -HomePage "http://localhost:4000/" `
                                                   -ReplyUrls "http://localhost:4000/redirect" `
-                                                  -IdentifierUris "https://$tenantName/ExpressWebApp-3" `
+                                                  -IdentifierUris "https://$tenantName/ExpressWebApp-2" `
                                                   -PasswordCredentials $key `
                                                   -PublicClient $False
 
@@ -219,12 +219,12 @@ Function ConfigureApplications
    }
 
 
-   Write-Host "Done creating the webApp application (ExpressWebApp-3)"
+   Write-Host "Done creating the webApp application (ExpressWebApp-2)"
 
    # URL of the AAD application in the Azure portal
    # Future? $webAppPortalUrl = "https://portal.azure.com/#@"+$tenantName+"/blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/"+$webAppAadApplication.AppId+"/objectId/"+$webAppAadApplication.ObjectId+"/isMSAApp/"
    $webAppPortalUrl = "https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/"+$webAppAadApplication.AppId+"/objectId/"+$webAppAadApplication.ObjectId+"/isMSAApp/"
-   Add-Content -Value "<tr><td>webApp</td><td>$currentAppId</td><td><a href='$webAppPortalUrl'>ExpressWebApp-3</a></td></tr>" -Path createdApps.html
+   Add-Content -Value "<tr><td>webApp</td><td>$currentAppId</td><td><a href='$webAppPortalUrl'>ExpressWebApp-2</a></td></tr>" -Path createdApps.html
 
    $requiredResourcesAccess = New-Object System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.RequiredResourceAccess]
 

2-Authorization-I/1-call-graph/AppCreationScripts/Configure.ps1

@@ -10,10 +10,10 @@
     "AADApps": [
       {
         "Id": "webApp",
-        "Name": "ExpressWebApp-3",
+        "Name": "ExpressWebApp-2",
         "Kind": "WebApp",
         "Audience": "AzureADMyOrg",
-        "HomePage": "https://localhost:4000/",
+        "HomePage": "http://localhost:4000/",
         "ReplyUrls": "http://localhost:4000/redirect",
         "PasswordCredentials": "Auto",
         "RequiredResourcesAccess": [

2-Authorization-I/1-call-graph/AppCreationScripts/sample.json

@@ -162,8 +162,8 @@ Open the project in your IDE (like Visual Studio or Visual Studio Code) to confi
 1. Find the key `tenantId` and replace the existing value with your Azure AD **tenant ID**.
 1. Find the key `clientSecret` and replace the existing value with the key you saved during the creation of the `ExpressWebApp` app, in the Azure Portal.
 1. Find the key `homePageRoute` and replace the existing value with the route that you wish to be redirected after sign-in, e.g. `/home`.
-1. Find the key `redirectUri` and replace the existing value with the **Redirect URI** for `ExpressWebApp` app. For example, `https://localhost:4000/redirect`.
-1. Find the `postLogoutRedirectUri` and replace the existing value with the URI that you wish to be redirected after sign-out, e.g. `https://localhost:4000/`
+1. Find the key `redirectUri` and replace the existing value with the **Redirect URI** for `ExpressWebApp` app. For example, `http://localhost:4000/redirect`.
+1. Find the `postLogoutRedirectUri` and replace the existing value with the URI that you wish to be redirected after sign-out, e.g. `http://localhost:4000/`
 
 The rest of the **key-value** pairs are for resources/APIs that you would like to call. They are set as **default**, but you can modify them as you wish: