bump msal

Author: derisen

1-Authentication/1-sign-in/SPA/package-lock.json

@@ -21,8 +21,8 @@
  "@angular/platform-browser": "~11.0.0",
  "@angular/platform-browser-dynamic": "~11.0.0",
  "@angular/router": "~11.0.0",
- "@azure/msal-angular": "^2.0.0-beta.0",
- "@azure/msal-browser": "^2.12.0",
+ "@azure/msal-angular": "^2.0.0-beta.3",
+ "@azure/msal-browser": "^2.13.1",
  "core-js": "^3.8.0",
  "rxjs": "~6.6.0",
  "tslib": "^2.0.0",

1-Authentication/1-sign-in/SPA/package.json

@@ -282,99 +282,6 @@ For more information, see: [Events in MSAL Angular v2](https://github.com/AzureA
 
 This user-flow allows your users to sign-in to your application if the user has an account already, or sign-up for an account if not. This is the default user-flow that we pass during the initialization of MSAL instance.
 
-- **Password reset**
-
-When a user clicks on the **forgot your password?** link during sign-in, **Azure AD B2C** will respond with an error. To initiate the password reset user-flow, we need to catch this error and handle it by sending another login request with the corresponding password reset authority string (e.g. `B2C_1_reset`).
-
-```typescript
-export class AppComponent implements OnInit, OnDestroy {
-
- private readonly _destroying$ = new Subject<void>();
-
- constructor(
- @Inject(MSAL_GUARD_CONFIG) private msalGuardConfig: MsalGuardConfiguration,
- private authService: MsalService,
- private msalBroadcastService: MsalBroadcastService
- ) {}
-
- ngOnInit(): void {
- this.msalBroadcastService.msalSubject$
- .pipe(
- filter((msg: EventMessage) => msg.eventType === EventType.LOGIN_FAILURE || msg.eventType === EventType.ACQUIRE_TOKEN_FAILURE),
- takeUntil(this._destroying$)
- )
- .subscribe((result: EventMessage) => {
- if (result.error instanceof AuthError) {
- // Check for forgot password error
- // Learn more about AAD error codes at https://docs.microsoft.com/azure/active-directory/develop/reference-aadsts-error-codes
- if (result.error.message.includes('AADB2C90118')) {
- 
- // login request with reset authority
- let resetPasswordFlowRequest = {
- scopes: ["openid"],
- authority: b2cPolicies.authorities.forgotPassword.authority,
- };
-
- this.login(resetPasswordFlowRequest);
- }
- }
- });
- }
-
- login(userFlowRequest?: RedirectRequest | PopupRequest) {
- if (this.msalGuardConfig.interactionType === InteractionType.Popup) {
- if (this.msalGuardConfig.authRequest) {
- this.authService.loginPopup({...this.msalGuardConfig.authRequest, ...userFlowRequest} as PopupRequest)
- .subscribe((response: AuthenticationResult) => {
- this.authService.instance.setActiveAccount(response.account);
- });
- } else {
- this.authService.loginPopup(userFlowRequest)
- .subscribe((response: AuthenticationResult) => {
- this.authService.instance.setActiveAccount(response.account);
- });
- }
- } else {
- if (this.msalGuardConfig.authRequest){
- this.authService.loginRedirect({...this.msalGuardConfig.authRequest, ...userFlowRequest} as RedirectRequest);
- } else {
- this.authService.loginRedirect(userFlowRequest);
- }
- }
- }
-
- ngOnDestroy(): void {
- this._destroying$.next(undefined);
- this._destroying$.complete();
- }
-}
-```
-
-We need to reject ID tokens that were not issued with the default sign-in policy (e.g. `B2C_1_SUSI`). After the user resets her password and signs-in again, we will force a logout and prompt for login again (with the default sign-in policy). To do this, register another event in [app.component.ts](./SPA/src/app/app.component.ts) as shown below:
-
-```typescript
- this.msalBroadcastService.msalSubject$
- .pipe(
- filter((msg: EventMessage) => msg.eventType === EventType.LOGIN_SUCCESS || msg.eventType === EventType.ACQUIRE_TOKEN_SUCCESS),
- takeUntil(this._destroying$)
- )
- .subscribe((result: EventMessage) => {
- 
- let payload: IdTokenClaims = <AuthenticationResult>result.payload;
-
- // We need to reject id tokens that were not issued with the default sign-in policy.
- // "acr" claim in the token tells us what policy is used (NOTE: for new policies (v2.0), use "tfp" instead of "acr")
- // To learn more about b2c tokens, visit https://docs.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview
-
- if (payload.idTokenClaims?.acr === b2cPolicies.names.forgotPassword) {
- window.alert('Password has been reset successfully. \nPlease sign-in with your new password.');
- return this.authService.logout();
- }
-
- return result;
- });
-```
-
 - **Edit Profile**
 
 When a user selects the **Edit Profile** button on the navigation bar, we simply initiate a sign-in flow:

1-Authentication/2-sign-in-b2c/README-incremental.md

@@ -282,99 +282,6 @@ For more information, see: [Events in MSAL Angular v2](https://github.com/AzureA
 
 This user-flow allows your users to sign-in to your application if the user has an account already, or sign-up for an account if not. This is the default user-flow that we pass during the initialization of MSAL instance.
 
-- **Password reset**
-
-When a user clicks on the **forgot your password?** link during sign-in, **Azure AD B2C** will respond with an error. To initiate the password reset user-flow, we need to catch this error and handle it by sending another login request with the corresponding password reset authority string (e.g. `B2C_1_reset`).
-
-```typescript
-export class AppComponent implements OnInit, OnDestroy {
-
- private readonly _destroying$ = new Subject<void>();
-
- constructor(
- @Inject(MSAL_GUARD_CONFIG) private msalGuardConfig: MsalGuardConfiguration,
- private authService: MsalService,
- private msalBroadcastService: MsalBroadcastService
- ) {}
-
- ngOnInit(): void {
- this.msalBroadcastService.msalSubject$
- .pipe(
- filter((msg: EventMessage) => msg.eventType === EventType.LOGIN_FAILURE || msg.eventType === EventType.ACQUIRE_TOKEN_FAILURE),
- takeUntil(this._destroying$)
- )
- .subscribe((result: EventMessage) => {
- if (result.error instanceof AuthError) {
- // Check for forgot password error
- // Learn more about AAD error codes at https://docs.microsoft.com/azure/active-directory/develop/reference-aadsts-error-codes
- if (result.error.message.includes('AADB2C90118')) {
- 
- // login request with reset authority
- let resetPasswordFlowRequest = {
- scopes: ["openid"],
- authority: b2cPolicies.authorities.forgotPassword.authority,
- };
-
- this.login(resetPasswordFlowRequest);
- }
- }
- });
- }
-
- login(userFlowRequest?: RedirectRequest | PopupRequest) {
- if (this.msalGuardConfig.interactionType === InteractionType.Popup) {
- if (this.msalGuardConfig.authRequest) {
- this.authService.loginPopup({...this.msalGuardConfig.authRequest, ...userFlowRequest} as PopupRequest)
- .subscribe((response: AuthenticationResult) => {
- this.authService.instance.setActiveAccount(response.account);
- });
- } else {
- this.authService.loginPopup(userFlowRequest)
- .subscribe((response: AuthenticationResult) => {
- this.authService.instance.setActiveAccount(response.account);
- });
- }
- } else {
- if (this.msalGuardConfig.authRequest){
- this.authService.loginRedirect({...this.msalGuardConfig.authRequest, ...userFlowRequest} as RedirectRequest);
- } else {
- this.authService.loginRedirect(userFlowRequest);
- }
- }
- }
-
- ngOnDestroy(): void {
- this._destroying$.next(undefined);
- this._destroying$.complete();
- }
-}
-```
-
-We need to reject ID tokens that were not issued with the default sign-in policy (e.g. `B2C_1_SUSI`). After the user resets her password and signs-in again, we will force a logout and prompt for login again (with the default sign-in policy). To do this, register another event in [app.component.ts](./SPA/src/app/app.component.ts) as shown below:
-
-```typescript
- this.msalBroadcastService.msalSubject$
- .pipe(
- filter((msg: EventMessage) => msg.eventType === EventType.LOGIN_SUCCESS || msg.eventType === EventType.ACQUIRE_TOKEN_SUCCESS),
- takeUntil(this._destroying$)
- )
- .subscribe((result: EventMessage) => {
- 
- let payload: IdTokenClaims = <AuthenticationResult>result.payload;
-
- // We need to reject id tokens that were not issued with the default sign-in policy.
- // "acr" claim in the token tells us what policy is used (NOTE: for new policies (v2.0), use "tfp" instead of "acr")
- // To learn more about b2c tokens, visit https://docs.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview
-
- if (payload.idTokenClaims?.acr === b2cPolicies.names.forgotPassword) {
- window.alert('Password has been reset successfully. \nPlease sign-in with your new password.');
- return this.authService.logout();
- }
-
- return result;
- });
-```
-
 - **Edit Profile**
 
 When a user selects the **Edit Profile** button on the navigation bar, we simply initiate a sign-in flow:

1-Authentication/2-sign-in-b2c/README.md

@@ -21,8 +21,8 @@
  "@angular/platform-browser": "~11.0.0",
  "@angular/platform-browser-dynamic": "~11.0.0",
  "@angular/router": "~11.0.0",
- "@azure/msal-angular": "^2.0.0-beta.0",
- "@azure/msal-browser": "^2.12.0",
+ "@azure/msal-angular": "^2.0.0-beta.3",
+ "@azure/msal-browser": "^2.13.1",
  "core-js": "^3.8.0",
  "rxjs": "~6.6.0",
  "tslib": "^2.0.0",

1-Authentication/2-sign-in-b2c/SPA/package-lock.json

@@ -7,12 +7,6 @@ import { EventMessage, EventType, InteractionType, InteractionStatus, PopupReque
 
 import { b2cPolicies } from './auth-config';
 
-interface IdTokenClaims extends AuthenticationResult {
- idTokenClaims: {
- acr?: string // "acr" claim in the token tells us what policy is used (NOTE: for new policies (v2.0), replace with "tfp" instead)
- }
-}
-
 @Component({
  selector: 'app-root',
  templateUrl: './app.component.html',
@@ -45,52 +39,6 @@ export class AppComponent implements OnInit, OnDestroy {
  .subscribe(() => {
  this.setLoginDisplay();
  });
-
- this.msalBroadcastService.msalSubject$
- .pipe(
- filter((msg: EventMessage) => msg.eventType === EventType.LOGIN_SUCCESS || msg.eventType === EventType.ACQUIRE_TOKEN_SUCCESS),
- takeUntil(this._destroying$)
- )
- .subscribe((result: EventMessage) => {
- 
- let payload: IdTokenClaims = <AuthenticationResult>result.payload;
-
- // We need to reject id tokens that were not issued with the default sign-in policy.
- // "acr" claim in the token tells us what policy is used (NOTE: for new policies (v2.0), use "tfp" instead of "acr")
- // To learn more about b2c tokens, visit https://docs.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview
-
- if (payload.idTokenClaims?.acr === b2cPolicies.names.forgotPassword) {
- window.alert('Password has been reset successfully. \nPlease sign-in with your new password.');
- return this.authService.logout();
- } else if (payload.idTokenClaims['acr'] === b2cPolicies.names.editProfile) {
- window.alert('Profile has been updated successfully. \nPlease sign-in again.');
- return this.authService.logout();
- }
-
- return result;
- });
-
- this.msalBroadcastService.msalSubject$
- .pipe(
- filter((msg: EventMessage) => msg.eventType === EventType.LOGIN_FAILURE || msg.eventType === EventType.ACQUIRE_TOKEN_FAILURE),
- takeUntil(this._destroying$)
- )
- .subscribe((result: EventMessage) => {
- if (result.error instanceof AuthError) {
- // Check for forgot password error
- // Learn more about AAD error codes at https://docs.microsoft.com/azure/active-directory/develop/reference-aadsts-error-codes
- if (result.error.message.includes('AADB2C90118')) {
- 
- // login request with reset authority
- let resetPasswordFlowRequest = {
- scopes: ["openid"],
- authority: b2cPolicies.authorities.forgotPassword.authority,
- };
-
- this.login(resetPasswordFlowRequest);
- }
- }
- });
  }
 
  setLoginDisplay() {

1-Authentication/2-sign-in-b2c/SPA/package.json

@@ -5,7 +5,6 @@
  * in app.module.ts file.
  */
 
-
 import { LogLevel, Configuration, BrowserCacheLocation } from '@azure/msal-browser';
 
 const isIE = window.navigator.userAgent.indexOf("MSIE ") > -1 || window.navigator.userAgent.indexOf("Trident/") > -1;
@@ -17,19 +16,15 @@ const isIE = window.navigator.userAgent.indexOf("MSIE ") > -1 || window.navigato
  */
 export const b2cPolicies = {
  names: {
- signUpSignIn: "b2c_1_susi",
- forgotPassword: "b2c_1_reset",
- editProfile: "b2c_1_edit_profile"
+ signUpSignIn: "b2c_1_susi_reset_v2",
+ editProfile: "b2c_1_edit_profile_v2"
  },
  authorities: {
  signUpSignIn: {
- authority: "https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_susi",
- },
- forgotPassword: {
- authority: "https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_reset",
+ authority: "https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_susi_reset_v2",
  },
  editProfile: {
- authority: "https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_edit_profile"
+ authority: "https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_edit_profile_v2"
  }
  },
  authorityDomain: "fabrikamb2c.b2clogin.com"