Merge pull request #56 from Azure-Samples/migrate-sample

Migrate B2C user management sample

Author: derisen

.github/workflows/node.js.yml

@@ -43,6 +43,12 @@ jobs:
         npm audit --production
         npm run test
 
+    - run: |
+        cd 2-Authorization-I/2-call-graph-b2c/
+        npm ci
+        npm audit --production
+        npm run test
+
     - run: |
         cd 3-Authorization-II/1-call-api/API
         npm ci

2-Authorization-I/2-call-graph-b2c/App/authConfig.js

@@ -0,0 +1,39 @@
+/**
+ * Configuration object to be passed to MSAL instance on creation. 
+ * For a full list of MSAL.js configuration parameters, visit:
+ * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/configuration.md 
+ */
+const msalConfig = {
+    auth: {
+        clientId: "Enter_the_Client_Id_Here", // This is the ONLY mandatory field that you need to supply.
+        authority: "https://login.microsoftonline.com/Enter_the_Tenant_Id_Here",
+        redirectUri: "http://localhost:3000", // You must register this URI on Azure Portal/App Registration.
+      },
+    cache: {
+        cacheLocation: "localStorage", // This configures where your cache will be stored
+        storeAuthStateInCookie: false, // Set this to "true" if you are having issues on IE11 or Edge
+    },
+};
+
+/**
+ * Scopes you add here will be prompted for user consent during sign-in.
+ * By default, MSAL.js will add OIDC scopes (openid, profile, email) to any login request.
+ * For more information about OIDC scopes, visit: 
+ * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#openid-connect-scopes
+ */
+const loginRequest = {
+    scopes: [ "openid", "offline_access" ]
+};
+
+/**
+ * Add here the scopes to request when obtaining an access token for MS Graph API. For more information, see:
+ * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/resources-and-scopes.md
+ */
+const tokenRequest = {
+    scopes: [ "User.ReadWrite.All" ]
+};
+
+// Add here the endpoints for MS Graph API services you would like to use.
+const graphConfig = {
+    graphUsersEndpoint: "https://graph.microsoft.com/v1.0/users"
+};

2-Authorization-I/2-call-graph-b2c/App/authProvider.js

@@ -0,0 +1,132 @@
+// Create the main MSAL instance
+// configuration parameters are located at authConfig.js
+const pca = new msal.PublicClientApplication(msalConfig);
+
+let username = "";
+let accountId = "";
+
+function selectAccount() {
+
+    /**
+     * See here for more info on account retrieval: 
+     * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-common/docs/Accounts.md
+     */
+
+    const currentAccounts = pca.getAllAccounts();
+    if (currentAccounts === null) {
+        return;
+    } else if (currentAccounts.length > 1) {
+        // Add choose account code here
+        console.warn("Multiple accounts detected.");
+    } else if (currentAccounts.length === 1) {
+        accountId = currentAccounts[0].homeAccountId;
+        username = currentAccounts[0].username;
+        showWelcomeMessage(username);
+    }
+}
+
+function handleResponse(response) {
+
+    /**
+     * To see the full list of response object properties, visit:
+     * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/request-response-object.md#response
+     */
+
+    if (response !== null) {
+        username = response.account.username;
+        accountId = response.account.homeAccountId;
+        showWelcomeMessage(username);
+    } else {
+        selectAccount();
+    }
+}
+
+function signIn() {
+
+    /**
+     * You can pass a custom request object below. This will override the initial configuration. For more information, visit:
+     * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/request-response-object.md#request
+     */
+
+    pca.loginPopup(loginRequest)
+        .then(handleResponse)
+        .catch(error => {
+            console.error(error);
+        });
+}
+
+function signOut() {
+
+    /**
+     * You can pass a custom request object below. This will override the initial configuration. For more information, visit:
+     * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/request-response-object.md#request
+     */
+
+    // Choose which account to logout from by passing a username.
+
+    const logoutRequest = {
+        account: pca.getAccountByHomeId(accountId),
+        postLogoutRedirectUri: msalConfig.auth.redirectUri,
+        mainWindowRedirectUri: msalConfig.auth.redirectUri
+    };
+
+    pca.logoutPopup(logoutRequest);
+}
+
+async function getTokenPopup(request) {
+
+    /**
+     * See here for more info on account retrieval: 
+     * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-common/docs/Accounts.md
+     */
+    request.account = pca.getAccountByHomeId(accountId);
+
+    return pca.acquireTokenSilent(request)
+        .then((response) => {
+            // In case the response from B2C server has an empty accessToken field
+            // throw an error to initiate token acquisition
+            if (!response.accessToken || response.accessToken === "") {
+                throw new msal.InteractionRequiredAuthError;
+            }
+            return response;
+        })
+        .catch(error => {
+            console.log(error);
+            console.log("silent token acquisition fails. acquiring token using popup");
+            if (error instanceof msal.InteractionRequiredAuthError) {
+                // fallback to interaction when silent call fails
+                return pca.acquireTokenPopup(request)
+                    .then(response => {
+                        console.log(response);
+                        return response;
+                    }).catch(error => {
+                        console.log(error);
+                    });
+            } else {
+                console.log(error);
+            }
+        });
+}
+
+selectAccount();
+
+class MyAuthenticationProvider {
+
+    /**
+     * This method will get called before every request to the msgraph server
+     * This should return a Promise that resolves to an accessToken (in case of success) or rejects with error (in case of failure)
+     * Basically this method will contain the implementation for getting and refreshing accessTokens
+     */
+
+    async getAccessToken() {
+        return new Promise(async (resolve, reject) => {
+            const authResponse = await getTokenPopup(tokenRequest);
+
+            if (authResponse.accessToken && authResponse.accessToken.length !== 0) {
+                resolve(authResponse.accessToken);
+            } else {
+                reject(Error("Error: cannot obtain access token."));
+            }
+        });
+    }
+}

2-Authorization-I/2-call-graph-b2c/App/favicon.svg

@@ -0,0 +1,35 @@
+const clientOptions = {
+	authProvider: new MyAuthenticationProvider(),
+};
+
+const client = MicrosoftGraph.Client.initWithMiddleware(clientOptions);
+
+async function getUsers() {
+    try {
+        console.log('Graph API called at: ' + new Date().toString());
+        return await client.api('/users').get();
+    } catch (error) {
+        console.log(error);
+        return error;
+    }
+}
+
+async function deleteUser(id) {
+    try {
+        console.log('Graph API called at: ' + new Date().toString());
+        return await client.api(`/users/${id}`).delete();
+    } catch (error) {
+        console.log(error);
+        return error;
+    }
+}
+
+async function createUser(user) {
+    try {
+        console.log('Graph API called at: ' + new Date().toString());
+        return await client.api('/users').post(user);
+    } catch (error) {
+        console.log(error);
+        return error;
+    }
+}

2-Authorization-I/2-call-graph-b2c/App/graph.js

@@ -0,0 +1,96 @@
+<!DOCTYPE html>
+<html lang="en">
+  
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
+  <title>Microsoft identity platform</title>
+  <link rel="SHORTCUT ICON" href="./favicon.svg" type="image/x-icon">
+
+  <!-- msal.min.js can be used in the place of msal.js; included msal.js to make debug easy -->
+  <script src="https://alcdn.msauth.net/browser/2.13.1/js/msal-browser.js"
+    integrity="sha384-7hwr87O1w6buPsX92CwuRaz/wQzachgOEq+iLHv0ESavynv6rbYwKImSl7wUW3wV"
+    crossorigin="anonymous"></script>
+
+  <!-- To help ensure reliability, Microsoft provides a second CDN -->
+  <script type="text/javascript">
+    if (typeof Msal === 'undefined') document.write(unescape("%3Cscript src='https://alcdn.msftauth.net/browser/2.13.1/js/msal-browser.js' type='text/javascript' crossorigin='anonymous' %3E%3C/script%3E"));
+  </script>
+
+  <!-- import Graph SDK for JavaScript -->
+  <script type="text/javascript"
+    src="https://cdn.jsdelivr.net/npm/@microsoft/microsoft-graph-client/lib/graph-js-sdk.js"></script>
+
+  <!-- adding Bootstrap 4 for UI components  -->
+  <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css"
+    integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
+  <link rel="SHORTCUT ICON" href="https://c.s-microsoft.com/favicon.ico?v2" type="image/x-icon">
+</head>
+
+<body>
+  <nav class="navbar navbar-expand-lg navbar-dark bg-primary">
+    <a class="navbar-brand" href="/">Microsoft identity platform</a>
+    <div class="btn-group ml-auto dropleft">
+      <button type="button" id="signIn" class="btn btn-secondary" onclick="signIn()">
+        Sign in
+      </button>
+    </div>
+  </nav>
+  <br>
+  <h5 class="card-header text-center">Vanilla JavaScript SPA calling MS Graph API with MSAL.js</h5>
+  <br>
+  <div class="row" style="margin:auto">
+    <div id="card-div" class="col-md-3" style="display:none">
+      <div class="card text-center">
+        <div class="card-body">
+          <h5 class="card-title" id="WelcomeMessage">Please sign-in to manage your users</h5>
+          <div id="profile-div"></div>
+          <br>
+          <br>
+          <button class="btn btn-primary" id="getUsers">Get Users</button>
+          <button class="btn btn-primary" id="addUsers">Add Users</button>
+        </div>
+      </div>
+    </div>
+    <br>
+    <br>
+    <div class="list-group col-md-4" id="list-tab" role="tablist">
+    </div>
+    <div class="tab-content col-md-5" id="nav-tabContent">
+    </div>
+    <div class="col-md-6" id="form-div" style="display:none">
+      <div class="form-group">
+        <input class="form-control" id="displayName" placeholder="Display Name">
+        <input class="form-control" id="userPrincipalName" placeholder="User Principal Name">
+        <input class="form-control" id="password" placeholder="Password">
+      </div>
+      <button type="submit" class="btn btn-primary" id="submitButton">Submit</button>
+    </div>
+    <br>
+    <br>
+
+    <p id="survey" style="display:none; position: fixed; left: 0; bottom: 0; width: 100%; text-align: center;">How did
+      we do?
+      <a href="https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR73pcsbpbxNJuZCMKN0lURpUOUlINE03TVo4TEM4MVRGUUQ2TlBRUUFBSCQlQCN0PWcu"
+        target="_blank">Share your experience with us!</a>
+    </p>
+
+    <!-- importing bootstrap.js and supporting js libraries -->
+    <script src="https://code.jquery.com/jquery-3.4.1.slim.min.js"
+      integrity="sha384-J6qa4849blE2+poT4WnyKhv5vZF5SrPo0iEjwBvKU7imGFAV0wwj1yYfoRSJoZ+n"
+      crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js"
+      integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo"
+      crossorigin="anonymous"></script>
+    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js"
+      integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6"
+      crossorigin="anonymous"></script>
+
+    <!-- importing app scripts (load order is important) -->
+    <script type="text/javascript" src="./authConfig.js"></script>
+    <script type="text/javascript" src="./ui.js"></script>
+    <script type="text/javascript" src="./authProvider.js"></script>
+    <script type="text/javascript" src="./graph.js"></script>
+</body>
+
+</html>