A set of standard updates to bring in line with existing samples

Author: Kalyan Krishna

2-Authorization-I/1-call-graph/AppCreationScripts/AppCreationScripts.md

@@ -139,11 +139,10 @@ The acceptable values for this parameter are:
 - AzureCloud
 - AzureChinaCloud
 - AzureUSGovernment
-- AzureGermanyCloud
 
 Example:
 
  ```PowerShell
- . .\Cleanup.ps1 -AzureEnvironmentName "AzureGermanyCloud"
- . .\Configure.ps1 -AzureEnvironmentName "AzureGermanyCloud"
+ . .\Cleanup.ps1 -AzureEnvironmentName "AzureUSGovernment"
+ . .\Configure.ps1 -AzureEnvironmentName "AzureUSGovernment"
  ```

2-Authorization-I/1-call-graph/AppCreationScripts/Cleanup.ps1

@@ -1,4 +1,4 @@
-
+
 [CmdletBinding()]
 param( 
  [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]

2-Authorization-I/1-call-graph/AppCreationScripts/Configure.ps1

@@ -1,9 +1,9 @@
-
+ 
 [CmdletBinding()]
 param(
- [Parameter(Mandatory = $False, HelpMessage = 'Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
+ [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
  [string] $tenantId,
- [Parameter(Mandatory = $False, HelpMessage = 'Azure environment to use while running the script. Default = Global')]
+ [Parameter(Mandatory=$False, HelpMessage='Azure environment to use while running the script. Default = Global')]
  [string] $azureEnvironmentName
 )
 
@@ -20,28 +20,35 @@ param(
 # The exposed permissions are in the $exposedPermissions collection, and the type of permission (Scope | Role) is 
 # described in $permissionType
 Function AddResourcePermission($requiredAccess, `
- $exposedPermissions, [string]$requiredAccesses, [string]$permissionType) {
- foreach ($permission in $requiredAccesses.Trim().Split("|")) {
- foreach ($exposedPermission in $exposedPermissions) {
- if ($exposedPermission.Value -eq $permission) {
+ $exposedPermissions, [string]$requiredAccesses, [string]$permissionType)
+{
+ foreach($permission in $requiredAccesses.Trim().Split("|"))
+ {
+ foreach($exposedPermission in $exposedPermissions)
+ {
+ if ($exposedPermission.Value -eq $permission)
+ {
  $resourceAccess = New-Object Microsoft.Graph.PowerShell.Models.MicrosoftGraphResourceAccess
  $resourceAccess.Type = $permissionType # Scope = Delegated permissions | Role = Application permissions
  $resourceAccess.Id = $exposedPermission.Id # Read directory data
  $requiredAccess.ResourceAccess += $resourceAccess
- }
+  }
  }
  }
 }
 
 #
 # Example: GetRequiredPermissions "Microsoft Graph" "Graph.Read|User.Read"
 # See also: http://stackoverflow.com/questions/42164581/how-to-configure-a-new-azure-ad-application-through-powershell
-Function GetRequiredPermissions([string] $applicationDisplayName, [string] $requiredDelegatedPermissions, [string]$requiredApplicationPermissions, $servicePrincipal) {
+Function GetRequiredPermissions([string] $applicationDisplayName, [string] $requiredDelegatedPermissions, [string]$requiredApplicationPermissions, $servicePrincipal)
+{
  # If we are passed the service principal we use it directly, otherwise we find it from the display name (which might not be unique)
- if ($servicePrincipal) {
+ if ($servicePrincipal)
+ {
  $sp = $servicePrincipal
  }
- else {
+ else
+ {
  $sp = Get-MgServicePrincipal -Filter "DisplayName eq '$applicationDisplayName'"
  }
  $appid = $sp.AppId
@@ -50,34 +57,42 @@ Function GetRequiredPermissions([string] $applicationDisplayName, [string] $requ
  $requiredAccess.ResourceAccess = New-Object System.Collections.Generic.List[Microsoft.Graph.PowerShell.Models.MicrosoftGraphResourceAccess]
 
  # $sp.Oauth2Permissions | Select Id,AdminConsentDisplayName,Value: To see the list of all the Delegated permissions for the application:
- if ($requiredDelegatedPermissions) {
+ if ($requiredDelegatedPermissions)
+ {
  AddResourcePermission $requiredAccess -exposedPermissions $sp.Oauth2PermissionScopes -requiredAccesses $requiredDelegatedPermissions -permissionType "Scope"
  }
 
  # $sp.AppRoles | Select Id,AdminConsentDisplayName,Value: To see the list of all the Application permissions for the application
- if ($requiredApplicationPermissions) {
+ if ($requiredApplicationPermissions)
+ {
  AddResourcePermission $requiredAccess -exposedPermissions $sp.AppRoles -requiredAccesses $requiredApplicationPermissions -permissionType "Role"
  }
  return $requiredAccess
 }
 
 
-Function ReplaceInLine([string] $line, [string] $key, [string] $value) {
+Function ReplaceInLine([string] $line, [string] $key, [string] $value)
+{
  $index = $line.IndexOf($key)
- if ($index -ige 0) {
- $index2 = $index + $key.Length
+ if ($index -ige 0)
+ {
+ $index2 = $index+$key.Length
  $line = $line.Substring(0, $index) + $value + $line.Substring($index2)
  }
  return $line
 }
 
-Function ReplaceInTextFile([string] $configFilePath, [System.Collections.HashTable] $dictionary) {
+Function ReplaceInTextFile([string] $configFilePath, [System.Collections.HashTable] $dictionary)
+{
  $lines = Get-Content $configFilePath
  $index = 0
- while ($index -lt $lines.Length) {
+ while($index -lt $lines.Length)
+ {
  $line = $lines[$index]
- foreach ($key in $dictionary.Keys) {
- if ($line.Contains($key)) {
+ foreach($key in $dictionary.Keys)
+ {
+ if ($line.Contains($key))
+ {
  $lines[$index] = ReplaceInLine $line $key $dictionary[$key]
  }
  }
@@ -86,15 +101,32 @@ Function ReplaceInTextFile([string] $configFilePath, [System.Collections.HashTab
 
  Set-Content -Path $configFilePath -Value $lines -Force
 }
+Function CreateOptionalClaim([string] $name)
+{
+ <#.Description
+ This function creates a new Azure AD optional claims with default and provided values
+ #> 
+
+ $appClaim = New-Object Microsoft.Graph.PowerShell.Models.MicrosoftGraphOptionalClaim
+ $appClaim.AdditionalProperties = New-Object System.Collections.Generic.List[string]
+ $appClaim.Source = $null
+ $appClaim.Essential = $false
+ $appClaim.Name = $name
+ return $appClaim
+}
+
+Function ConfigureApplications
+{
+ $isOpenSSl = 'N' #temporary disable open certificate creation 
 
-Function ConfigureApplications {
  <#.Description
  This function creates the Azure AD applications for the sample in the provided Azure AD tenant and updates the
  configuration files in the client and service project of the visual studio solution (App.Config and Web.Config)
  so that they are consistent with the Applications parameters
  #> 
 
- if (!$azureEnvironmentName) {
+ if (!$azureEnvironmentName)
+ {
  $azureEnvironmentName = "Global"
  }
 
@@ -109,39 +141,52 @@ Function ConfigureApplications {
  }
 
 
-  # Create the spa AAD application
-  Write-Host "Creating the AAD application (msal-angular-spa)"
+ # Create the spa AAD application
+ Write-Host "Creating the AAD application (msal-angular-spa)"
 
- # create the application 
- $spaAadApplication = New-MgApplication -DisplayName "msal-angular-spa" `
- -Spa `
- @{ `
- RedirectUris = "http://localhost:4200/"; `
- 
- } `
- -SignInAudience AzureADMyOrg `
- #end of command
- $tenantName = (Get-MgApplication -ApplicationId $spaAadApplication.Id).PublisherDomain
+ # create the application 
+ $spaAadApplication = New-MgApplication -DisplayName "msal-angular-spa" `
+ -Spa `
+ @{ `
+ RedirectUris = "http://localhost:4200/"; `
+ } `
+ -SignInAudience AzureADMyOrg `
+ #end of command
+ $tenantName = (Get-MgApplication -ApplicationId $spaAadApplication.Id).PublisherDomain
  Update-MgApplication -ApplicationId $spaAadApplication.Id -IdentifierUris @("https://$tenantName/msal-angular-spa")
 
  # create the service principal of the newly created application 
  $currentAppId = $spaAadApplication.AppId
- $spaServicePrincipal = New-MgServicePrincipal -AppId $currentAppId -Tags { WindowsAzureActiveDirectoryIntegratedApp }
+ $spaServicePrincipal = New-MgServicePrincipal -AppId $currentAppId -Tags {WindowsAzureActiveDirectoryIntegratedApp}
 
  # add the user running the script as an app owner if needed
  $owner = Get-MgApplicationOwner -ApplicationId $spaAadApplication.Id
- if ($owner -eq $null) { 
- New-MgApplicationOwnerByRef -ApplicationId $spaAadApplication.Id -BodyParameter = @{"@odata.id" = "htps://graph.microsoft.com/v1.0/directoryObjects/$user.ObjectId" }
+ if ($owner -eq $null)
+ { 
+ New-MgApplicationOwnerByRef -ApplicationId $spaAadApplication.Id -BodyParameter = @{"@odata.id" = "htps://graph.microsoft.com/v1.0/directoryObjects/$user.ObjectId"}
  Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($spaServicePrincipal.DisplayName)'"
  }
+
+ # Add Claims
+
+ $optionalClaims = New-Object Microsoft.Graph.PowerShell.Models.MicrosoftGraphOptionalClaims
+ $optionalClaims.AccessToken = New-Object System.Collections.Generic.List[Microsoft.Graph.PowerShell.Models.MicrosoftGraphOptionalClaim]
+ $optionalClaims.IdToken = New-Object System.Collections.Generic.List[Microsoft.Graph.PowerShell.Models.MicrosoftGraphOptionalClaim]
+ $optionalClaims.Saml2Token = New-Object System.Collections.Generic.List[Microsoft.Graph.PowerShell.Models.MicrosoftGraphOptionalClaim]
+
+
+ # Add Optional Claims
+
+ $newClaim = CreateOptionalClaim -name "acct" 
+ $optionalClaims.IdToken += ($newClaim)
+ Update-MgApplication -ApplicationId $spaAadApplication.Id -OptionalClaims $optionalClaims
  Write-Host "Done creating the spa application (msal-angular-spa)"
 
  # URL of the AAD application in the Azure portal
  # Future? $spaPortalUrl = "https://portal.azure.com/#@"+$tenantName+"/blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/"+$spaAadApplication.AppId+"/objectId/"+$spaAadApplication.Id+"/isMSAApp/"
- $spaPortalUrl = "https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/" + $spaAadApplication.AppId + "/objectId/" + $spaAadApplication.Id + "/isMSAApp/"
+ $spaPortalUrl = "https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/"+$spaAadApplication.AppId+"/objectId/"+$spaAadApplication.Id+"/isMSAApp/"
  Add-Content -Value "<tr><td>spa</td><td>$currentAppId</td><td><a href='$spaPortalUrl'>msal-angular-spa</a></td></tr>" -Path createdApps.html
  $requiredResourcesAccess = New-Object System.Collections.Generic.List[Microsoft.Graph.PowerShell.Models.MicrosoftGraphRequiredResourceAccess]
-
 
  # Add Required Resources Access (from 'spa' to 'Microsoft Graph')
  Write-Host "Getting access from 'spa' to 'Microsoft Graph'"
@@ -155,19 +200,20 @@ Function ConfigureApplications {
 
  # Update config file for 'spa'
  $configFile = $pwd.Path + "\..\SPA\src\app\auth-config.ts"
- $dictionary = @{ "Enter_the_Application_Id_Here" = $spaAadApplication.AppId; "Enter_the_Tenant_Info_Here" = $tenantId };
+ $dictionary = @{ "Enter_the_Application_Id_Here" = $spaAadApplication.AppId;"Enter_the_Tenant_Info_Here" = $tenantId };
 
  Write-Host "Updating the sample code ($configFile)"
 
  ReplaceInTextFile -configFilePath $configFile -dictionary $dictionary
- if ($isOpenSSL -eq 'Y') {
+ if($isOpenSSL -eq 'Y')
+ {
  Write-Host -ForegroundColor Green "------------------------------------------------------------------------------------------------" 
  Write-Host "You have generated certificate using OpenSSL so follow below steps: "
  Write-Host "Install the certificate on your system from current folder."
  Write-Host -ForegroundColor Green "------------------------------------------------------------------------------------------------" 
  }
  Add-Content -Value "</tbody></table></body></html>" -Path createdApps.html 
-}
+} # end of ConfigureApplications function
 
 # Pre-requisites
 if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Applications")) {

2-Authorization-I/1-call-graph/AppCreationScripts/sample.json

@@ -1,14 +1,15 @@
 {
  "Sample": {
- "Title": "Angular single-page application using MSAL Angular to sign-in users with Azure Active Directory and call the Microsoft Graph API",
+ "Title": "A Javascript Angular single-page application using MSAL Angular to sign-in users with Azure AD and call the Microsoft Graph Api",
  "Level": 100,
  "Client": "Angular SPA",
  "Service": "Microsoft Graph",
  "RepositoryUrl": "ms-identity-javascript-angular-tutorial",
  "Endpoint": "AAD v2.0",
+ "Platform": "Javascript",
  "Languages": ["javascript", "angular"],
  "Products": ["azure-active-directory", "ms-graph", "msal-angular"],
- "description": "This sample demonstrates an Angular single-page application (SPA) that lets users sign-in with Azure Active Directory (Azure AD) using the Microsoft Authentication Library for Angular (MSAL Angular)"
+ "description": "This sample demonstrates an Angular single-page application (SPA) that uses Microsoft Authentication Library for Angular (MSAL Angular) to sign-in users with Azure Active Directory (Azure AD) and calls Microsoft Graph Api"
  },
  "AADApps": [
  {
@@ -27,7 +28,10 @@
  "Resource": "Microsoft Graph",
  "DelegatedPermissions": ["User.Read", "Contacts.Read"]
  }
- ]
+ ], 
+ "OptionalClaims": {
+ "IdTokenClaims": [ "acct" ]
+ },
  }
  ],
  "CodeConfiguration": [