update 1-1

Author: derisen

1-Authentication/1-sign-in/App/app.js

@@ -13,10 +13,10 @@ const authConfig = require('./authConfig.js');
 
 const SERVER_PORT = process.env.PORT || 4000;
 
-async function main() {
+// initialize express
+const app = express();
 
-    // initialize express
-    const app = express();
+async function main() {
 
     /**
      * Using express-session middleware. Be sure to familiarize yourself with available options
@@ -28,7 +28,7 @@ async function main() {
         saveUninitialized: false,
         cookie: {
             httpOnly: true,
-            secure: false, // set this to true on production
+            secure: process.env.NODE_ENV === "production", // set this to true on production
         }
     }));
 
@@ -46,7 +46,7 @@ async function main() {
     // instantiate the wrapper
     const authProvider = await WebAppAuthProvider.initialize(authConfig);
 
-    // initialize the wrapper
+    // initialize the auth middleware before any route handlers
     app.use(authProvider.authenticate());
 
     // app routes
@@ -57,8 +57,7 @@ async function main() {
         '/signin',
         (req, res, next) => {
             return req.authContext.login({
-                postLoginRedirectUri: "/",
-                postFailureRedirectUri: "/"
+                postLoginRedirectUri: "/", // redirect here after login
             })(req, res, next);
         }
     );
@@ -67,24 +66,29 @@ async function main() {
         '/signout',
         (req, res, next) => {
             return req.authContext.logout({
-                postLogoutRedirectUri: "/",
+                postLogoutRedirectUri: "/", // redirect here after logout
             })(req, res, next);
         }
     );
 
     // secure routes
     app.get('/id',
         authProvider.guard({
-            forceLogin: true
+            forceLogin: true // force user to login if not authenticated
         }),
         mainController.getIdPage
     );
 
+    /**
+     * This error handler is needed to catch interaction_required errors thrown by MSAL.
+     * Make sure to add it to your middleware chain after all your routers, but before any other 
+     * error handlers.
+     */
     app.use(authProvider.interactionErrorHandler());
 
     app.listen(SERVER_PORT, () => console.log(`Msal Node Auth Code Sample app listening on port ${SERVER_PORT}!`));
 }
 
 main();
 
-module.exports = main;
+module.exports = app;

1-Authentication/1-sign-in/App/authConfig.js

@@ -1,11 +1,11 @@
 const authConfig = {
-    authOptions: {
+    auth: {
         authority: "https://login.microsoftonline.com/Enter_the_Tenant_Info_Here",
         clientId: "Enter_the_Application_Id_Here",
         clientSecret: "Enter_the_Client_Secret_Here",
         redirectUri: "/redirect",
     },
-    systemOptions: {
+    system: {
         loggerOptions: {
             loggerCallback: (logLevel, message, containsPii) => {
                 if (containsPii) {

1-Authentication/1-sign-in/App/package-lock.json

@@ -15,7 +15,7 @@
     "ejs": "^3.1.8",
     "express": "^4.18.1",
     "express-session": "^1.17.3",
-    "msal-node-wrapper": "file:../../../shared/msal-node-wrapper"
+    "msal-node-wrapper": "file:../../../common/msal-node-wrapper"
   },
   "devDependencies": {
     "jest": "^27.0.6",

1-Authentication/1-sign-in/App/package.json

@@ -2,54 +2,54 @@ const request = require('supertest');
 const { v4: uuidv4 } = require('uuid');
 
 describe('Sanitize configuration object', () => {
-    let appSettings;
+    let authConfig;
 
     beforeAll(() => {
-        appSettings = require('./appSettings.js');
+        authConfig = require('./authConfig.js');
     });
 
     it('should define the config object', () => {
-        expect(appSettings).toBeDefined();
+        expect(authConfig).toBeDefined();
     });
 
     it('should not contain client Id', () => {
         const regexGuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
-        expect(regexGuid.test(appSettings.appCredentials.clientId)).toBe(false);
+        expect(regexGuid.test(authConfig.auth.clientId)).toBe(false);
     });
 
     it('should not contain tenant Id', () => {
         const regexGuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
-        expect(regexGuid.test(appSettings.appCredentials.tenantId)).toBe(false);
+        expect(regexGuid.test(authConfig.auth.tenantId)).toBe(false);
     });
 
     it('should not contain client secret', () => {
         const regexSecret = /^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{34,}$/;
-        expect(regexSecret.test(appSettings.appCredentials.clientSecret)).toBe(false);
+        expect(regexSecret.test(authConfig.auth.clientSecret)).toBe(false);
     });
 });
 
 describe('Ensure pages served', () => {
 
     let app;
-    let appSettings;
+    let authConfig;
     let randomGuid;
 
     beforeAll(() => {
         process.env.NODE_ENV = 'test';
 
-        appSettings = require('./appSettings.js');
+        authConfig = require('./authConfig.js');
         randomGuid = uuidv4();
 
-        appSettings.appCredentials.clientId = randomGuid;
-        appSettings.appCredentials.tenantId = randomGuid;
+        authConfig.auth.clientId = randomGuid;
+        authConfig.auth.authority = randomGuid;
 
         app = require('./app.js');
     });
 
     it('should serve home page', async () => {
 
         const res = await request(app)
-            .get('/home');
+            .get('/');
 
         expect(res.statusCode).toEqual(200);
     });

1-Authentication/1-sign-in/App/sample.test.js

@@ -1,21 +1,14 @@
-# Registering sample apps with the Microsoft identity platform and updating the configuration files using PowerShell
+# Registering sample apps with the Microsoft identity platform and updating configuration files using PowerShell
 
 ## Overview
 
 ### Quick summary
 
-1. On Windows, run PowerShell as **Administrator** and navigate to the root of the cloned directory
-1. In PowerShell run:
-
-   ```PowerShell
-   Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force
-   ```
-
 1. Run the script to create your Azure AD application and configure the code of the sample application accordingly.
 
    ```PowerShell
    cd .\AppCreationScripts\
-   .\Configure.ps1
+   .\Configure.ps1 -TenantId "your test tenant's id" -AzureEnvironmentName "[Optional] - Azure environment, defaults to 'Global'"
    ```
 
 ### More details
@@ -28,9 +21,7 @@
   - [Run the script and start running](#run-the-script-and-start-running)
   - [Four ways to run the script](#four-ways-to-run-the-script)
     - [Option 1 (interactive)](#option-1-interactive)
-    - [Option 2 (non-interactive)](#option-2-non-interactive)
-    - [Option 3 (Interactive, but create apps in a specified tenant)](#option-3-Interactive-but-create-apps-in-a-specified-tenant)
-    - [Option 4 (non-interactive, and create apps in a specified tenant)](#option-4-non-interactive-and-create-apps-in-a-specified-tenant)
+    - [Option 2 (Interactive, but create apps in a specified tenant)](#option-3-Interactive-but-create-apps-in-a-specified-tenant)
   - [Running the script on Azure Sovereign clouds](#running-the-script-on-Azure-Sovereign-clouds)
 
 ## Goal of the provided scripts
@@ -42,7 +33,7 @@ This sample comes with two PowerShell scripts, which automate the creation of th
 These scripts are:
 
 - `Configure.ps1` which:
-  - creates Azure AD applications and their related objects (permissions, dependencies, secrets),
+  - creates Azure AD applications and their related objects (permissions, dependencies, secrets, app roles),
   - changes the configuration files in the sample projects.
   - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Azure AD application it created:
     - the identifier of the application
@@ -51,6 +42,8 @@ These scripts are:
 
 - `Cleanup.ps1` which cleans-up the Azure AD objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`).
 
+> :information_source: If the sample supports using certificates instead of client secrets, this folder will contain an additional set of scripts: `Configure-WithCertificates.ps1` and `Cleanup-WithCertificates.ps1`. You can use them in the same way to register app(s) that use certificates instead of client secrets.
+
 ### Usage pattern for tests and DevOps scenarios
 
 The `Configure.ps1` will stop if it tries to create an Azure AD application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below.
@@ -59,31 +52,26 @@ The `Configure.ps1` will stop if it tries to create an Azure AD application whic
 
 ### Pre-requisites
 
+1. PowerShell 7 or later (see: [installing PowerShell](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell))
 1. Open PowerShell (On Windows, press  `Windows-R` and type `PowerShell` in the search window)
-1. Navigate to the root directory of the project.
-1. Until you change it, the default [Execution Policy](https:/go.microsoft.com/fwlink/?LinkID=135170) for scripts is usually `Restricted`. In order to run the PowerShell script you need to set the Execution Policy to `RemoteSigned`. You can set this just for the current PowerShell process by running the command:
 
-    ```PowerShell
-    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process
-    ```
-
-### (Optionally) install AzureAD PowerShell modules
+### (Optionally) install Microsoft.Graph.Applications PowerShell modules
 
-The scripts install the required PowerShell module (AzureAD) for the current user if needed. However, if you want to install if for all users on the machine, you can follow the following steps:
+The scripts install the required PowerShell module (Microsoft.Graph.Applications) for the current user if needed. However, if you want to install if for all users on the machine, you can follow the following steps:
 
-1. If you have never done it already, in the PowerShell window, install the AzureAD PowerShell modules. For this:
+1. If you have never done it already, in the PowerShell window, install the Microsoft.Graph.Applications PowerShell modules. For this:
 
-   1. Open PowerShell as admin (On Windows, Search Powershell in the search bar, right click on it and select **Run as administrator**).
+   1. Open PowerShell
    2. Type:
 
       ```PowerShell
-      Install-Module AzureAD
+      Install-Module Microsoft.Graph.Applications
       ```
 
-      or if you cannot be administrator on your machine, run:
+      or if you want the modules to be installed for the current user only, run:
 
       ```PowerShell
-      Install-Module AzureAD -Scope CurrentUser
+      Install-Module Microsoft.Graph.Applications -Scope CurrentUser
       ```
 
 ### Run the script and start running
@@ -100,14 +88,12 @@ The scripts install the required PowerShell module (AzureAD) for the current use
 
 You're done!
 
-### Four ways to run the script
+### Two ways to run the script
 
 We advise four ways of running the script:
 
 - Interactive: you will be prompted for credentials, and the scripts decide in which tenant to create the objects,
-- non-interactive: you will provide credentials, and the scripts decide in which tenant to create the objects,
 - Interactive in specific tenant: you will provide the tenant in which you want to create the objects and then you will be prompted for credentials, and the scripts will create the objects,
-- non-interactive in specific tenant: you will provide the tenant in which you want to create the objects and credentials, and the scripts will create the objects.
 
 Here are the details on how to do this.
 
@@ -118,20 +104,7 @@ Here are the details on how to do this.
 
 Note that the script will choose the tenant in which to create the applications, based on the user. Also to run the `Cleanup.ps1` script, you will need to re-sign-in.
 
-#### Option 2 (non-interactive)
-
-When you know the identity and credentials of the user in the name of whom you want to create the applications, you can use the non-interactive approach. It's more adapted to DevOps. Here is an example of script you'd want to run in a PowerShell Window
-
-```PowerShell
-$secpasswd = ConvertTo-SecureString "[Password here]" -AsPlainText -Force
-$mycreds = New-Object System.Management.Automation.PSCredential ("[login@tenantName here]", $secpasswd)
-. .\Cleanup.ps1 -Credential $mycreds
-. .\Configure.ps1 -Credential $mycreds
-```
-
-Of course, in real life, you might already get the password as a `SecureString`. You might also want to get the password from **Azure Key Vault**.
-
-#### Option 3 (Interactive, but create apps in a specified tenant)
+#### Option 2 (Interactive, but create apps in a specified tenant)
 
   if you want to create the apps in a particular tenant, you can use the following option:
   
@@ -147,18 +120,6 @@ $tenantId = "yourTenantIdGuid"
 . .\Configure.ps1 -TenantId $tenantId
 ```
 
-#### Option 4 (non-interactive, and create apps in a specified tenant)
-
-This option combines option 2 and option 3: it creates the application in a specific tenant. See option 3 for the way to get the tenant Id. Then run:
-
-```PowerShell
-$secpasswd = ConvertTo-SecureString "[Password here]" -AsPlainText -Force
-$mycreds = New-Object System.Management.Automation.PSCredential ("[login@tenantName here]", $secpasswd)
-$tenantId = "yourTenantIdGuid"
-. .\Cleanup.ps1 -Credential $mycreds -TenantId $tenantId
-. .\Configure.ps1 -Credential $mycreds -TenantId $tenantId
-```
-
 ### Running the script on Azure Sovereign clouds
 
 All the four options listed above can be used on any Azure Sovereign clouds. By default, the script targets `AzureCloud`, but it can be changed using the parameter `-AzureEnvironmentName`.
@@ -168,11 +129,10 @@ The acceptable values for this parameter are:
 - AzureCloud
 - AzureChinaCloud
 - AzureUSGovernment
-- AzureGermanyCloud
 
 Example:
 
  ```PowerShell
- . .\Cleanup.ps1 -AzureEnvironmentName "AzureGermanyCloud"
- . .\Configure.ps1 -AzureEnvironmentName "AzureGermanyCloud"
+ . .\Cleanup.ps1 -AzureEnvironmentName "AzureUSGovernment"
+ . .\Configure.ps1 -AzureEnvironmentName "AzureUSGovernment"
  ```