You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: 3-Authorization-II/2-call-api-b2c/README.md
+10-5Lines changed: 10 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,17 +26,19 @@ extensions:
26
26
*[Overview](#overview)
27
27
*[Scenario](#scenario)
28
28
*[Prerequisites](#prerequisites)
29
+
*[Setup the sample](#setup-the-sample)
29
30
*[Explore the sample](#explore-the-sample)
30
31
*[Troubleshooting](#troubleshooting)
31
32
*[About the code](#about-the-code)
32
33
*[Next Steps](#next-steps)
33
34
*[Contributing](#contributing)
35
+
*[Learn More](#learn-more)
34
36
35
37
## Overview
36
38
37
-
This sample demonstrates an Angular single-page application (SPA) calling a ASP.NET Core web API secured with [Azure AD B2C](https://docs.microsoft.com/azure/active-directory-b2c/overview) using the [Microsoft Authentication Library for Angular](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-angular) (MSAL Angular) for the SPA and the [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) (M.I.W) for the web API.
39
+
This sample demonstrates an Angular single-page application (SPA) calling a ASP.NET Core web API secured with [Azure AD B2C](https://docs.microsoft.com/azure/active-directory-b2c/overview). It uses the [Microsoft Authentication Library for Angular](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-angular) (MSAL Angular) to sign-in a users in the SPA and get a token for the web Api. The Web Api is protected using the [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web).
38
40
39
-
> :information_source:See the community call: [Deep dive on using MSAL.js to integrate Angular single-page applications with Azure Active Directory](https://www.youtube.com/watch?v=EJey9KP1dZA)
41
+
> :information_source:To learn how to integrate a JavaScript Angular application with Azure AD,consider going through the recorded session: [Deep dive on using MSAL.js to integrate Angular single-page applications with Azure Active Directory](https://www.youtube.com/watch?v=EJey9KP1dZA)
40
42
41
43
## Scenario
42
44
@@ -60,7 +62,7 @@ This sample demonstrates an Angular single-page application (SPA) calling a ASP.
60
62
61
63
* Either [Visual Studio](https://visualstudio.microsoft.com/downloads/) or [Visual Studio Code](https://code.visualstudio.com/download) and [.NET Core SDK](https://www.microsoft.com/net/learn/get-started)
62
64
* An **Azure AD B2C** tenant. For more information, see: [How to get an Azure AD B2C tenant](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-create-tenant)
63
-
* A user account in your **Azure AD B2C** tenant.## Setup the sample
65
+
* A user account in your **Azure AD B2C** tenant.
64
66
65
67
## Setup the sample
66
68
@@ -181,9 +183,10 @@ Open the project in your IDE (like Visual Studio or Visual Studio Code) to confi
181
183
1. Select the **Add a permission** button and then:
182
184
1. Ensure that the **My APIs** tab is selected.
183
185
1. In the list of APIs, select the API `msal-dotnet-api`.
184
-
1. Select**delegated permissions**, which is requested by apps that signs-in users.
185
-
1.In the **Delegated permissions** section, select **ToDoList.Read** and**ToDoList.ReadWrite** in the list. Use the search box if necessary.
186
+
* Since this app signs-in users, we will now proceed to select**delegated permissions**, which is requested by apps that signs-in users.
187
+
*In the **Delegated permissions** section, select **ToDoList.Read**,**ToDoList.ReadWrite** in the list. Use the search box if necessary.
186
188
1. Select the **Add permissions** button at the bottom.
189
+
1. At this stage, the permissions are assigned correctly, but since it's a B2C tenant, the users themselves cannot consent to these permissions. To get around this problem, we'd let the [tenant administrator consent on behalf of all users in the tenant](https://docs.microsoft.com/azure/active-directory/develop/v2-admin-consent). Select the **Grant admin consent for {tenant}** button, and then select **Yes** when you are asked if you want to grant consent for the requested permissions for all accounts in the tenant. You need to be a tenant admin to be able to carry out this operation.
187
190
188
191
##### Configure the client app (msal-angular-spa) to use your app registration
189
192
@@ -318,6 +321,8 @@ If you'd like to contribute to this sample, see [CONTRIBUTING.MD](/CONTRIBUTING.
318
321
319
322
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
320
323
324
+
## Learn More
325
+
321
326
*[What is Azure Active Directory B2C?](https://docs.microsoft.com/azure/active-directory-b2c/overview)
322
327
*[Application types that can be used in Active Directory B2C](https://docs.microsoft.com/azure/active-directory-b2c/application-types)
323
328
*[Recommendations and best practices for Azure Active Directory B2C](https://docs.microsoft.com/azure/active-directory-b2c/best-practices)
0 commit comments