From 2e187d57e645c66f0c3049b8cf03c22d8b390b01 Mon Sep 17 00:00:00 2001 From: dayodeji Date: Wed, 29 May 2024 14:44:13 -0400 Subject: [PATCH 1/3] Entra Rebrand 2 --- .github/ISSUE_TEMPLATE.md | 8 +-- .github/PULL_REQUEST_TEMPLATE.md | 2 +- .../AppCreationScripts/AppCreationScripts.md | 18 +++--- 1-Authentication/1-sign-in/README.md | 56 +++++++++---------- .../AppCreationScripts/AppCreationScripts.md | 18 +++--- 2-Authorization-I/1-call-graph/README.md | 50 ++++++++--------- .../AppCreationScripts/AppCreationScripts.md | 18 +++--- 3-Authorization-II/1-call-api/README.md | 46 +++++++-------- 4-Deployment/README.md | 14 ++--- LICENSE.md | 2 +- README.md | 20 +++---- 11 files changed, 126 insertions(+), 126 deletions(-) diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 3ce2291..385a415 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -9,11 +9,11 @@ ```console - - [ ] 1-1) Sign-in with Azure AD - - [ ] 1-2) Sign-in with Azure AD B2C + - [ ] 1-1) Sign-in with Microsoft Entra ID + - [ ] 1-2) Sign-in with Azure Active Directory B2C - [ ] 2-1) Acquire a Token and call Microsoft Graph - - [ ] 3-1) Protect and call a web API on Azure AD - - [ ] 3-2) Protect and call a web API on Azure AD B2C + - [ ] 3-1) Protect and call a web API on Microsoft Entra ID + - [ ] 3-2) Protect and call a web API on Azure Active Directory B2C - [ ] 4-1) Call a web API that calls Microsoft Graph on-behalf-of user - [ ] 4-2) Call a web API that calls another web API on-behalf-of user - [ ] 5) Deploy to Azure Storage and App Service diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 9d88588..5a3666d 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -55,4 +55,4 @@ ex: verify that the following are valid: * ... ## Other Information - \ No newline at end of file + diff --git a/1-Authentication/1-sign-in/AppCreationScripts/AppCreationScripts.md b/1-Authentication/1-sign-in/AppCreationScripts/AppCreationScripts.md index 6e062df..5dc5b78 100644 --- a/1-Authentication/1-sign-in/AppCreationScripts/AppCreationScripts.md +++ b/1-Authentication/1-sign-in/AppCreationScripts/AppCreationScripts.md @@ -11,7 +11,7 @@ Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force ``` -1. Run the script to create your Azure AD application and configure the code of the sample application accordingly. +1. Run the script to create your Microsoft Entra application and configure the code of the sample application accordingly. ```PowerShell cd .\AppCreationScripts\ @@ -35,23 +35,23 @@ ### Presentation of the scripts -This sample comes with two PowerShell scripts, which automate the creation of the Azure Active Directory applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test. +This sample comes with two PowerShell scripts, which automate the creation of the Microsoft Entra applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test. These scripts are: - `Configure.ps1` which: - - creates Azure AD applications and their related objects (permissions, dependencies, secrets, app roles), + - creates Microsoft Entra applications and their related objects (permissions, dependencies, secrets, app roles), - changes the configuration files in the sample projects. - - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Azure AD application it created: + - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Microsoft Entra application it created: - the identifier of the application - the AppId of the application - - the url of its registration in the [Azure portal](https://portal.azure.com). + - the url of its registration in the [Microsoft Entra admin center](https://entra.microsoft.com). -- `Cleanup.ps1` which cleans-up the Azure AD objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`). +- `Cleanup.ps1` which cleans-up the Microsoft Entra objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`). ### Usage pattern for tests and DevOps scenarios -The `Configure.ps1` will stop if it tries to create an Azure AD application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below. +The `Configure.ps1` will stop if it tries to create a Microsoft Entra application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below. ## How to use the app creation scripts? @@ -118,8 +118,8 @@ Note that the script will choose the tenant in which to create the applications, if you want to create the apps in a particular tenant, you can use the following option: -- Open the [Azure portal](https://portal.azure.com) -- Select the Azure Active directory you are interested in (in the combo-box below your name on the top right of the browser window) +- Open the [Microsoft Entra admin center](https://entra.microsoft.com) +- Select the Microsoft Entra ID you are interested in (in the combo-box below your name on the top right of the browser window) - Find the "Active Directory" object in this tenant - Go to **Properties** and copy the content of the **Directory Id** property - Then use the full syntax to run the scripts: diff --git a/1-Authentication/1-sign-in/README.md b/1-Authentication/1-sign-in/README.md index e5d5136..5c209e0 100644 --- a/1-Authentication/1-sign-in/README.md +++ b/1-Authentication/1-sign-in/README.md @@ -1,23 +1,23 @@ --- page_type: sample -name: Vanilla JavaScript single-page application using MSAL.js to authenticate users with Azure Active Directory -description: Vanilla JavaScript single-page application using MSAL.js to authenticate users with Azure Active Directory +name: Vanilla JavaScript single-page application using MSAL.js to authenticate users with Microsoft Entra ID +description: Vanilla JavaScript single-page application using MSAL.js to authenticate users with Microsoft Entra ID languages: - javascript products: - - azure-active-directory + - microsoft-entra-id - msal-js - msal-browser urlFragment: ms-identity-javascript-tutorial extensions: - services: ms-identity - platform: JavaScript -- endpoint: AAD v2.0 +- endpoint: Microsoft Entra ID v2.0 - level: 100 - client: Vanilla JavaScript SPA --- -# Vanilla JavaScript single-page application using MSAL.js to authenticate users with Azure Active Directory +# Vanilla JavaScript single-page application using MSAL.js to authenticate users with Microsoft Entra ID * [Overview](#overview) * [Scenario](#scenario) @@ -33,11 +33,11 @@ extensions: ## Overview -This sample demonstrates a Vanilla JavaScript single-page application (SPA) that lets users sign-in to [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) (Azure AD) using the [Microsoft Authentication Library for JavaScript](https://github.com/AzureAD/microsoft-authentication-library-for-js) (MSAL.js). In doing so, it also illustrates various authentication concepts, such as [ID Tokens](https://docs.microsoft.com/azure/active-directory/develop/id-tokens), [OIDC scopes](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent#openid-connect-scopes), [single-sign on](https://docs.microsoft.com/azure/active-directory/develop/msal-js-sso), **account selection**, **silent requests** and more. +This sample demonstrates a Vanilla JavaScript single-page application (SPA) that lets users sign-in to [Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) (Microsoft Entra ID) using the [Microsoft Authentication Library for JavaScript](https://github.com/AzureAD/microsoft-authentication-library-for-js) (MSAL.js). In doing so, it also illustrates various authentication concepts, such as [ID Tokens](https://docs.microsoft.com/azure/active-directory/develop/id-tokens), [OIDC scopes](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent#openid-connect-scopes), [single-sign on](https://docs.microsoft.com/azure/active-directory/develop/msal-js-sso), **account selection**, **silent requests** and more. ## Scenario -1. The client application uses **MSAL.js** to sign-in a user and obtain an **ID Token** from **Azure AD**. +1. The client application uses **MSAL.js** to sign-in a user and obtain an **ID Token** from **Microsoft Entra ID**. 2. The **ID Token** proves that the user has successfully signed-in with their organization's tenant. ![Overview](./ReadmeFiles/topology_signin.png) @@ -59,10 +59,10 @@ This sample demonstrates a Vanilla JavaScript single-page application (SPA) that * [Visual Studio Code](https://code.visualstudio.com/download) is recommended for running and editing this sample. * [VS Code Azure Tools](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-node-azure-pack) extension is recommended for interacting with Azure through VS Code Interface. * A modern web browser. -* An **Azure AD** tenant. For more information, see: [How to get an Azure AD tenant](https://docs.microsoft.com/azure/active-directory/develop/test-setup-environment#get-a-test-tenant) -* A user account in your **Azure AD** tenant. +* An **Microsoft Entra ID** tenant. For more information, see: [How to get a Microsoft Entra tenant](https://docs.microsoft.com/azure/active-directory/develop/test-setup-environment#get-a-test-tenant) +* A user account in your **Microsoft Entra ID** tenant. ->This sample will not work with a **personal Microsoft account**. If you're signed in to the [Azure portal](https://portal.azure.com) with a personal Microsoft account and have not created a user account in your directory before, you will need to create one before proceeding. +>This sample will not work with a **personal Microsoft account**. If you're signed in to the [Microsoft Entra admin center](https://entra.microsoft.com) with a personal Microsoft account and have not created a user account in your directory before, you will need to create one before proceeding. ## Setup the sample @@ -91,7 +91,7 @@ There is one project in this sample. To register it, you can: * follow the steps below for manually register your apps * or use PowerShell scripts that: - * **automatically** creates the Azure AD applications and related objects (passwords, permissions, dependencies) for you. + * **automatically** creates the Microsoft Entra applications and related objects (passwords, permissions, dependencies) for you. * modify the projects' configuration files.
@@ -106,7 +106,7 @@ There is one project in this sample. To register it, you can: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force ``` - 1. Run the script to create your Azure AD application and configure the code of the sample application accordingly. + 1. Run the script to create your Microsoft Entra application and configure the code of the sample application accordingly. 1. For interactive process -in PowerShell, run: ```PowerShell @@ -118,16 +118,16 @@ There is one project in this sample. To register it, you can:
-#### Choose the Azure AD tenant where you want to create your applications +#### Choose the Microsoft Entra tenant where you want to create your applications To manually register the apps, as a first step you'll need to: -1. Sign in to the [Azure portal](https://portal.azure.com). -1. If your account is present in more than one Azure AD tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Azure AD tenant. +1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com). +1. If your account is present in more than one Microsoft Entra tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Microsoft Entra tenant. #### Register the client app (ms-identity-javascript-c1s1) -1. Navigate to the [Azure portal](https://portal.azure.com) and select the **Azure Active Directory** service. +1. Navigate to the [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Microsoft Entra ID** service. 1. Select the **App Registrations** blade on the left, then select **New registration**. 1. In the **Register an application page** that appears, enter your application's registration information: 1. In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `ms-identity-javascript-c1s1`. @@ -157,8 +157,8 @@ Open the project in your IDE (like Visual Studio or Visual Studio Code) to confi > In the steps below, "ClientID" is the same as "Application ID" or "AppId". 1. Open the `App\authConfig.js` file. -1. Find the key `Enter_the_Application_Id_Here` and replace the existing value with the application ID (clientId) of `ms-identity-javascript-c1s1` app copied from the Azure portal. -1. Find the key `Enter_the_Tenant_Info_Here` and replace the existing value with your Azure AD tenant/directory ID. +1. Find the key `Enter_the_Application_Id_Here` and replace the existing value with the application ID (clientId) of `ms-identity-javascript-c1s1` app copied from the Microsoft Entra admin center. +1. Find the key `Enter_the_Tenant_Info_Here` and replace the existing value with your Microsoft Entra tenant/directory ID. ### Step 4: Running the sample @@ -271,7 +271,7 @@ const msalConfig = { For more information about audiences and account types, please see: [Validation differences by supported account types (signInAudience)](https://docs.microsoft.com/azure/active-directory/develop/supported-accounts-validation) -> :warning: Be aware that making an application multi-tenant entails more than just modifying the `authority` string. For more information, please see [How to: Sign in any Azure Active Directory user using the multi-tenant application pattern](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant). +> :warning: Be aware that making an application multi-tenant entails more than just modifying the `authority` string. For more information, please see [How to: Sign in any Microsoft Entra ID user using the multi-tenant application pattern](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant). ### Authentication in National Clouds @@ -281,10 +281,10 @@ National clouds (aka Sovereign clouds) are physically isolated instances of Azur * use a specific authority, depending on the cloud in the configuration file for your application. * in case you want to call the MS Graph, this requires a specific Graph endpoint URL, depending on the cloud. -For instance, to configure this sample for **Azure AD Germany** national cloud: +For instance, to configure this sample for **Microsoft Entra ID Germany** national cloud: 1. Open the `App\authConfig.js` file. -1. Find the key `Enter_the_Application_Id_Here` and replace the existing value with the application ID (clientId) of the `ms-identity-javascript-tutorial-c1s1` application copied from the Azure portal. +1. Find the key `Enter_the_Application_Id_Here` and replace the existing value with the application ID (clientId) of the `ms-identity-javascript-tutorial-c1s1` application copied from the Microsoft Entra admin center. 1. Find the key `Enter_the_Cloud_Instance_Id_Here/Enter_the_Tenant_Info_Here` and replace the existing value with `https://portal.microsoftazure.de/`. 1. Find the key `Enter_the_Redirect_Uri_Here` and replace the existing value with the base address of the `ms-identity-javascript-tutorial-c1s1` application (by default `http://localhost:3000`). @@ -295,7 +295,7 @@ See [National Clouds](https://docs.microsoft.com/azure/active-directory/develop/ Learn how to: * [Vanilla JavaScript single-page application using MSAL.js to authorize users for calling Microsoft Graph](https://github.com/Azure-Samples/ms-identity-javascript-tutorial/tree/main/2-Authorization-I/1-call-graph) -* [Vanilla JavaScript single-page application (SPA) using MSAL.js to authorize users for calling a protected web API on Azure AD](https://github.com/Azure-Samples/ms-identity-javascript-tutorial/tree/main/3-Authorization-II/1-call-api) +* [Vanilla JavaScript single-page application (SPA) using MSAL.js to authorize users for calling a protected web API on Microsoft Entra ID](https://github.com/Azure-Samples/ms-identity-javascript-tutorial/tree/main/3-Authorization-II/1-call-api) ## Contributing @@ -305,15 +305,15 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope ## Learn More -* [Microsoft identity platform (Azure Active Directory for developers)](https://docs.microsoft.com/azure/active-directory/develop/) -* [Azure AD code samples](https://docs.microsoft.com/azure/active-directory/develop/sample-v2-code) +* [Microsoft identity platform (Microsoft Entra ID for developers)](https://docs.microsoft.com/azure/active-directory/develop/) +* [Microsoft Entra ID code samples](https://docs.microsoft.com/azure/active-directory/develop/sample-v2-code) * [Overview of Microsoft Authentication Library (MSAL)](https://docs.microsoft.com/azure/active-directory/develop/msal-overview) * [Register an application with the Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app) * [Configure a client application to access web APIs](https://docs.microsoft.com/azure/active-directory/develop/quickstart-configure-app-access-web-apis) -* [Understanding Azure AD application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience) +* [Understanding Microsoft Entra application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience) * [Understand user and admin consent](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#understand-user-and-admin-consent) -* [Application and service principal objects in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals) -* [Authentication Scenarios for Azure AD](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios) +* [Application and service principal objects in Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals) +* [Authentication Scenarios for Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios) * [Building Zero Trust ready apps](https://aka.ms/ztdevsession) * [National Clouds](https://docs.microsoft.com/azure/active-directory/develop/authentication-national-cloud#app-registration-endpoints) * [Initialize client applications using MSAL.js](https://docs.microsoft.com/azure/active-directory/develop/msal-js-initializing-client-applications) @@ -322,4 +322,4 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope * [Logging in MSAL.js applications](https://docs.microsoft.com/azure/active-directory/develop/msal-logging?tabs=javascript) * [Pass custom state in authentication requests using MSAL.js](https://docs.microsoft.com/azure/active-directory/develop/msal-js-pass-custom-state-authentication-request) * [Prompt behavior in MSAL.js interactive requests](https://docs.microsoft.com/azure/active-directory/develop/msal-js-prompt-behavior) -* [Use MSAL.js to work with Azure AD B2C](https://docs.microsoft.com/azure/active-directory/develop/msal-b2c-overview) +* [Use MSAL.js to work with Azure Active Directory B2C](https://docs.microsoft.com/azure/active-directory/develop/msal-b2c-overview) diff --git a/2-Authorization-I/1-call-graph/AppCreationScripts/AppCreationScripts.md b/2-Authorization-I/1-call-graph/AppCreationScripts/AppCreationScripts.md index 6e062df..5dc5b78 100644 --- a/2-Authorization-I/1-call-graph/AppCreationScripts/AppCreationScripts.md +++ b/2-Authorization-I/1-call-graph/AppCreationScripts/AppCreationScripts.md @@ -11,7 +11,7 @@ Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force ``` -1. Run the script to create your Azure AD application and configure the code of the sample application accordingly. +1. Run the script to create your Microsoft Entra application and configure the code of the sample application accordingly. ```PowerShell cd .\AppCreationScripts\ @@ -35,23 +35,23 @@ ### Presentation of the scripts -This sample comes with two PowerShell scripts, which automate the creation of the Azure Active Directory applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test. +This sample comes with two PowerShell scripts, which automate the creation of the Microsoft Entra applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test. These scripts are: - `Configure.ps1` which: - - creates Azure AD applications and their related objects (permissions, dependencies, secrets, app roles), + - creates Microsoft Entra applications and their related objects (permissions, dependencies, secrets, app roles), - changes the configuration files in the sample projects. - - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Azure AD application it created: + - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Microsoft Entra application it created: - the identifier of the application - the AppId of the application - - the url of its registration in the [Azure portal](https://portal.azure.com). + - the url of its registration in the [Microsoft Entra admin center](https://entra.microsoft.com). -- `Cleanup.ps1` which cleans-up the Azure AD objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`). +- `Cleanup.ps1` which cleans-up the Microsoft Entra objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`). ### Usage pattern for tests and DevOps scenarios -The `Configure.ps1` will stop if it tries to create an Azure AD application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below. +The `Configure.ps1` will stop if it tries to create a Microsoft Entra application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below. ## How to use the app creation scripts? @@ -118,8 +118,8 @@ Note that the script will choose the tenant in which to create the applications, if you want to create the apps in a particular tenant, you can use the following option: -- Open the [Azure portal](https://portal.azure.com) -- Select the Azure Active directory you are interested in (in the combo-box below your name on the top right of the browser window) +- Open the [Microsoft Entra admin center](https://entra.microsoft.com) +- Select the Microsoft Entra ID you are interested in (in the combo-box below your name on the top right of the browser window) - Find the "Active Directory" object in this tenant - Go to **Properties** and copy the content of the **Directory Id** property - Then use the full syntax to run the scripts: diff --git a/2-Authorization-I/1-call-graph/README.md b/2-Authorization-I/1-call-graph/README.md index 1913239..ceb828a 100644 --- a/2-Authorization-I/1-call-graph/README.md +++ b/2-Authorization-I/1-call-graph/README.md @@ -5,14 +5,14 @@ description: Vanilla JavaScript single-page application using MSAL.js to authent languages: - javascript products: - - azure-active-directory + - microsoft-entra-id - msal-js - msal-browser urlFragment: ms-identity-javascript-tutorial extensions: - services: ms-identity - platform: JavaScript -- endpoint: AAD v2.0 +- endpoint: Microsoft Entra ID v2.0 - level: 100 - client: Vanilla JavaScript SPA - service: Microsoft Graph @@ -34,7 +34,7 @@ extensions: ## Overview -This sample demonstrates a Vanilla JavaScript single-page application that lets users authenticate against [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) (Azure AD) using the [Microsoft Authentication Library for JavaScript](https://github.com/AzureAD/microsoft-authentication-library-for-js) (MSAL.js), then acquires an **[Access Token](https://aka.ms/access-tokens)** for Microsoft Graph and calls the [Microsoft Graph API](https://docs.microsoft.com/graph/overview). In doing so, it also illustrates various authorization concepts, such as [Access Tokens](https://docs.microsoft.com/azure/active-directory/develop/access-tokens), [Authorization Code Grant](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow), [Dynamic Scopes and Incremental Consent](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent), **silent requests** and more. +This sample demonstrates a Vanilla JavaScript single-page application that lets users authenticate against [Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) (Microsoft Entra ID) using the [Microsoft Authentication Library for JavaScript](https://github.com/AzureAD/microsoft-authentication-library-for-js) (MSAL.js), then acquires an **[Access Token](https://aka.ms/access-tokens)** for Microsoft Graph and calls the [Microsoft Graph API](https://docs.microsoft.com/graph/overview). In doing so, it also illustrates various authorization concepts, such as [Access Tokens](https://docs.microsoft.com/azure/active-directory/develop/access-tokens), [Authorization Code Grant](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow), [Dynamic Scopes and Incremental Consent](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent), **silent requests** and more. In addition, this sample also demonstrates how to use the [Microsoft Graph JavaScript SDK](https://github.com/microsoftgraph/msgraph-sdk-javascript) client with MSAL as a custom authentication provider to query the Graph API. Note that you are not required to implement a custom provider, as the v3.0 (preview) of the SDK offers a [default provider](https://github.com/microsoftgraph/msgraph-sdk-javascript/blob/dev/docs/AuthCodeMSALBrowserAuthenticationProvider.md) that implements MSAL.js. @@ -42,7 +42,7 @@ In addition, this sample also demonstrates how to use the [Microsoft Graph JavaS ## Scenario -1. The client application uses the **MSAL.js** to sign-in a user and obtain a JWT **Access Token** from **Azure AD**: +1. The client application uses the **MSAL.js** to sign-in a user and obtain a JWT **Access Token** from **Microsoft Entra ID**: 1. The **Access Token** is used as a *bearer* token to authorize the user to call the **Microsoft Graph API**. 1. **Microsoft Graph API** responds with the resource that the user has access to. @@ -66,10 +66,10 @@ In addition, this sample also demonstrates how to use the [Microsoft Graph JavaS * [Visual Studio Code](https://code.visualstudio.com/download) is recommended for running and editing this sample. * [VS Code Azure Tools](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-node-azure-pack) extension is recommended for interacting with Azure through VS Code Interface. * A modern web browser. -* An **Azure AD** tenant. For more information, see: [How to get an Azure AD tenant](https://docs.microsoft.com/azure/active-directory/develop/test-setup-environment#get-a-test-tenant) -* A user account in your **Azure AD** tenant. +* An **Microsoft Entra ID** tenant. For more information, see: [How to get a Microsoft Entra tenant](https://docs.microsoft.com/azure/active-directory/develop/test-setup-environment#get-a-test-tenant) +* A user account in your **Microsoft Entra ID** tenant. ->This sample will not work with a **personal Microsoft account**. If you're signed in to the [Azure portal](https://portal.azure.com) with a personal Microsoft account and have not created a user account in your directory before, you will need to create one before proceeding. +>This sample will not work with a **personal Microsoft account**. If you're signed in to the [Microsoft Entra admin center](https://entra.microsoft.com) with a personal Microsoft account and have not created a user account in your directory before, you will need to create one before proceeding. ## Setup the sample @@ -98,7 +98,7 @@ There is one project in this sample. To register it, you can: - follow the steps below for manually register your apps - or use PowerShell scripts that: - - **automatically** creates the Azure AD applications and related objects (passwords, permissions, dependencies) for you. + - **automatically** creates the Microsoft Entra applications and related objects (passwords, permissions, dependencies) for you. - modify the projects' configuration files.
@@ -113,7 +113,7 @@ There is one project in this sample. To register it, you can: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force ``` - 1. Run the script to create your Azure AD application and configure the code of the sample application accordingly. + 1. Run the script to create your Microsoft Entra application and configure the code of the sample application accordingly. 1. For interactive process -in PowerShell, run: ```PowerShell @@ -125,16 +125,16 @@ There is one project in this sample. To register it, you can:
-#### Choose the Azure AD tenant where you want to create your applications +#### Choose the Microsoft Entra tenant where you want to create your applications To manually register the apps, as a first step you'll need to: -1. Sign in to the [Azure portal](https://portal.azure.com). -1. If your account is present in more than one Azure AD tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Azure AD tenant. +1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com). +1. If your account is present in more than one Microsoft Entra tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Microsoft Entra tenant. #### Register the client app (ms-identity-javascript-c2s1) -1. Navigate to the [Azure portal](https://portal.azure.com) and select the **Azure Active Directory** service. +1. Navigate to the [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Microsoft Entra ID** service. 1. Select the **App Registrations** blade on the left, then select **New registration**. 1. In the **Register an application page** that appears, enter your application's registration information: 1. In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `ms-identity-javascript-c2s1`. @@ -173,8 +173,8 @@ Open the project in your IDE (like Visual Studio or Visual Studio Code) to confi > In the steps below, "ClientID" is the same as "Application ID" or "AppId". 1. Open the `App\authConfig.js` file. -1. Find the key `Enter_the_Application_Id_Here` and replace the existing value with the application ID (clientId) of `ms-identity-javascript-c2s1` app copied from the Azure portal. -1. Find the key `Enter_the_Tenant_Id_Here` and replace the existing value with your Azure AD tenant/directory ID. +1. Find the key `Enter_the_Application_Id_Here` and replace the existing value with the application ID (clientId) of `ms-identity-javascript-c2s1` app copied from the Microsoft Entra admin center. +1. Find the key `Enter_the_Tenant_Id_Here` and replace the existing value with your Microsoft Entra tenant/directory ID. ### Step 4: Running the sample @@ -206,7 +206,7 @@ Were we successful in addressing your learning objective? Consider taking a mome Use [Stack Overflow](http://stackoverflow.com/questions/tagged/msal) to get support from the community. Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [`azure-active-directory` `msal-js` `ms-identity` `adal` `msal`]. -To provide feedback on or suggest features for Azure Active Directory, visit [User Voice page](https://feedback.azure.com/d365community/forum/79b1327d-d925-ec11-b6e6-000d3a4f06a4). +To provide feedback on or suggest features for Microsoft Entra ID, visit [User Voice page](https://feedback.azure.com/d365community/forum/79b1327d-d925-ec11-b6e6-000d3a4f06a4). ## About the code @@ -217,7 +217,7 @@ In order to access a protected resource on behalf of a signed-in user, the app n ### Dynamic scopes and incremental consent -In **Azure AD**, the scopes (permissions) set directly on the application registration are called static scopes. Other scopes that are only defined within the code are called dynamic scopes. This has implications on the **login** (i.e. loginPopup, loginRedirect) and **acquireToken** (i.e. `acquireTokenPopup`, `acquireTokenRedirect`, `acquireTokenSilent`) methods of **MSAL.js**. Consider: +In **Microsoft Entra ID**, the scopes (permissions) set directly on the application registration are called static scopes. Other scopes that are only defined within the code are called dynamic scopes. This has implications on the **login** (i.e. loginPopup, loginRedirect) and **acquireToken** (i.e. `acquireTokenPopup`, `acquireTokenRedirect`, `acquireTokenSilent`) methods of **MSAL.js**. Consider: ```javascript const loginRequest = { @@ -411,7 +411,7 @@ This sample app declares that it's CAE-capable by adding the `clientCapabilities #### Processing the CAE challenge from Microsoft Graph -Once the client app receives the CAE claims challenge from Microsoft Graph, it needs to present the user with a prompt for satisfying the challenge via Azure AD authorization endpoint. To do so, we use MSAL's `acquireTokenRedirect` and `acquireTokenPopup` API's and provide the claims challenge as a parameter in the token request. This is shown in [fetch.js](./App/fetch.js), where we handle the response from the Microsoft Graph API with the `handleClaimsChallenge` method: +Once the client app receives the CAE claims challenge from Microsoft Graph, it needs to present the user with a prompt for satisfying the challenge via Microsoft Entra authorization endpoint. To do so, we use MSAL's `acquireTokenRedirect` and `acquireTokenPopup` API's and provide the claims challenge as a parameter in the token request. This is shown in [fetch.js](./App/fetch.js), where we handle the response from the Microsoft Graph API with the `handleClaimsChallenge` method: ```javascript /** @@ -479,7 +479,7 @@ if (error === 'claims_challenge_occurred') { Learn how to: -* [Vanilla JavaScript single-page application (SPA) using MSAL.js to authorize users for calling a protected web API on Azure AD](https://github.com/Azure-Samples/ms-identity-javascript-tutorial/tree/main/3-Authorization-II/1-call-api) +* [Vanilla JavaScript single-page application (SPA) using MSAL.js to authorize users for calling a protected web API on Microsoft Entra ID](https://github.com/Azure-Samples/ms-identity-javascript-tutorial/tree/main/3-Authorization-II/1-call-api) ## Contributing @@ -489,15 +489,15 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope ## Learn More -* [Microsoft identity platform (Azure Active Directory for developers)](https://docs.microsoft.com/azure/active-directory/develop/) -* [Azure AD code samples](https://docs.microsoft.com/azure/active-directory/develop/sample-v2-code) +* [Microsoft identity platform (Microsoft Entra ID for developers)](https://docs.microsoft.com/azure/active-directory/develop/) +* [Microsoft Entra ID code samples](https://docs.microsoft.com/azure/active-directory/develop/sample-v2-code) * [Overview of Microsoft Authentication Library (MSAL)](https://docs.microsoft.com/azure/active-directory/develop/msal-overview) * [Register an application with the Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app) * [Configure a client application to access web APIs](https://docs.microsoft.com/azure/active-directory/develop/quickstart-configure-app-access-web-apis) -* [Understanding Azure AD application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience) +* [Understanding Microsoft Entra application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience) * [Understand user and admin consent](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#understand-user-and-admin-consent) -* [Application and service principal objects in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals) -* [Authentication Scenarios for Azure AD](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios) +* [Application and service principal objects in Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals) +* [Authentication Scenarios for Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios) * [Building Zero Trust ready apps](https://aka.ms/ztdevsession) * [National Clouds](https://docs.microsoft.com/azure/active-directory/develop/authentication-national-cloud#app-registration-endpoints) * [Initialize client applications using MSAL.js](https://docs.microsoft.com/azure/active-directory/develop/msal-js-initializing-client-applications) @@ -506,4 +506,4 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope * [Logging in MSAL.js applications](https://docs.microsoft.com/azure/active-directory/develop/msal-logging?tabs=javascript) * [Pass custom state in authentication requests using MSAL.js](https://docs.microsoft.com/azure/active-directory/develop/msal-js-pass-custom-state-authentication-request) * [Prompt behavior in MSAL.js interactive requests](https://docs.microsoft.com/azure/active-directory/develop/msal-js-prompt-behavior) -* [Use MSAL.js to work with Azure AD B2C](https://docs.microsoft.com/azure/active-directory/develop/msal-b2c-overview) +* [Use MSAL.js to work with Azure Active Directory B2C](https://docs.microsoft.com/azure/active-directory/develop/msal-b2c-overview) diff --git a/3-Authorization-II/1-call-api/AppCreationScripts/AppCreationScripts.md b/3-Authorization-II/1-call-api/AppCreationScripts/AppCreationScripts.md index 624c702..b56d506 100644 --- a/3-Authorization-II/1-call-api/AppCreationScripts/AppCreationScripts.md +++ b/3-Authorization-II/1-call-api/AppCreationScripts/AppCreationScripts.md @@ -4,7 +4,7 @@ ### Quick summary -1. Run the script to create your Azure AD application and configure the code of the sample application accordingly. +1. Run the script to create your Microsoft Entra application and configure the code of the sample application accordingly. ```PowerShell cd .\AppCreationScripts\ @@ -28,25 +28,25 @@ ### Presentation of the scripts -This sample comes with two PowerShell scripts, which automate the creation of the Azure Active Directory applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test. +This sample comes with two PowerShell scripts, which automate the creation of the Microsoft Entra applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test. These scripts are: - `Configure.ps1` which: - - creates Azure AD applications and their related objects (permissions, dependencies, secrets, app roles), + - creates Microsoft Entra applications and their related objects (permissions, dependencies, secrets, app roles), - changes the configuration files in the sample projects. - - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Azure AD application it created: + - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Microsoft Entra application it created: - the identifier of the application - the AppId of the application - - the url of its registration in the [Azure portal](https://portal.azure.com). + - the url of its registration in the [Microsoft Entra admin center](https://entra.microsoft.com). -- `Cleanup.ps1` which cleans-up the Azure AD objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`). +- `Cleanup.ps1` which cleans-up the Microsoft Entra objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`). > :information_source: If the sample supports using certificates instead of client secrets, this folder will contain an additional set of scripts: `Configure-WithCertificates.ps1` and `Cleanup-WithCertificates.ps1`. You can use them in the same way to register app(s) that use certificates instead of client secrets. ### Usage pattern for tests and DevOps scenarios -The `Configure.ps1` will stop if it tries to create an Azure AD application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below. +The `Configure.ps1` will stop if it tries to create a Microsoft Entra application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below. ## How to use the app creation scripts? @@ -108,8 +108,8 @@ Note that the script will choose the tenant in which to create the applications, if you want to create the apps in a particular tenant, you can use the following option: -- Open the [Azure portal](https://portal.azure.com) -- Select the Azure Active directory you are interested in (in the combo-box below your name on the top right of the browser window) +- Open the [Microsoft Entra admin center](https://entra.microsoft.com) +- Select the Microsoft Entra ID you are interested in (in the combo-box below your name on the top right of the browser window) - Find the "Active Directory" object in this tenant - Go to **Properties** and copy the content of the **Directory Id** property - Then use the full syntax to run the scripts: diff --git a/3-Authorization-II/1-call-api/README.md b/3-Authorization-II/1-call-api/README.md index fc71bab..ef485ad 100644 --- a/3-Authorization-II/1-call-api/README.md +++ b/3-Authorization-II/1-call-api/README.md @@ -1,4 +1,4 @@ -# Vanilla JavaScript single-page application (SPA) using MSAL.js to authorize users for calling a protected web API on Azure AD +# Vanilla JavaScript single-page application (SPA) using MSAL.js to authorize users for calling a protected web API on Microsoft Entra ID 1. [Overview](#overview) 1. [Scenario](#scenario) @@ -16,11 +16,11 @@ ## Overview -This sample demonstrates a Vanilla JavaScript single-page application (SPA) that lets users authenticate against [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) (Azure AD) using the [Microsoft Authentication Library for JavaScript](https://github.com/AzureAD/microsoft-authentication-library-for-js) (MSAL.js), then acquires an **Access Token** for a protected web API for the signed-in user and calls the protected web API. In doing so, it also illustrates various authorization concepts, such as [token validation](https://docs.microsoft.com/azure/active-directory/develop/access-tokens#validating-tokens), [CORS configuration](https://docs.microsoft.com/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services#understanding-cors-requests), **silent requests** and more. +This sample demonstrates a Vanilla JavaScript single-page application (SPA) that lets users authenticate against [Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) (Microsoft Entra ID) using the [Microsoft Authentication Library for JavaScript](https://github.com/AzureAD/microsoft-authentication-library-for-js) (MSAL.js), then acquires an **Access Token** for a protected web API for the signed-in user and calls the protected web API. In doing so, it also illustrates various authorization concepts, such as [token validation](https://docs.microsoft.com/azure/active-directory/develop/access-tokens#validating-tokens), [CORS configuration](https://docs.microsoft.com/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services#understanding-cors-requests), **silent requests** and more. ## Scenario -1. The client application uses the **MSAL.js** library to sign-in a user and obtain a JWT **Access Token** from **Azure AD**. +1. The client application uses the **MSAL.js** library to sign-in a user and obtain a JWT **Access Token** from **Microsoft Entra ID**. 1. The **Access Token** is used as a **bearer** token to *authorize* the user to call the protected web API. 1. The protected web API responds with the claims in the **Access Token**. @@ -44,8 +44,8 @@ This sample demonstrates a Vanilla JavaScript single-page application (SPA) that - A modern web browser. This sample uses **ES6** conventions and will not run on **Internet Explorer**. - [Visual Studio Code](https://code.visualstudio.com/download) is recommended for running and editing this sample. - [VS Code Azure Tools](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-node-azure-pack) extension is recommended for interacting with Azure through VS Code Interface. -- An **Azure AD** tenant. For more information, see: [How to get an Azure AD tenant](https://azure.microsoft.com/documentation/articles/active-directory-howto-tenant/) -- A user account in your **Azure AD** tenant. +- An **Microsoft Entra ID** tenant. For more information, see: [How to get a Microsoft Entra tenant](https://azure.microsoft.com/documentation/articles/active-directory-howto-tenant/) +- A user account in your **Microsoft Entra ID** tenant. ## Setup @@ -75,13 +75,13 @@ or download and extract the repository .zip file. ## Registration -### Register the sample application(s) with your Azure Active Directory tenant +### Register the sample application(s) with your Microsoft Entra tenant There is one project in this sample. To register it, you can: - either follow the steps below for manually register your apps - or use PowerShell scripts that: - - **automatically** creates the Azure AD applications and related objects (passwords, permissions, dependencies) for you. + - **automatically** creates the Microsoft Entra applications and related objects (passwords, permissions, dependencies) for you. - modify the projects' configuration files.
@@ -96,7 +96,7 @@ There is one project in this sample. To register it, you can: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force ``` -1. Run the script to create your Azure AD application and configure the code of the sample application accordingly. +1. Run the script to create your Microsoft Entra application and configure the code of the sample application accordingly. 1. In PowerShell run: ```PowerShell @@ -109,18 +109,18 @@ There is one project in this sample. To register it, you can:
-Follow the steps below to manually walk through the steps to register and configure the applications in the Azure portal. +Follow the steps below to manually walk through the steps to register and configure the applications in the Microsoft Entra admin center. -### Choose the Azure AD tenant where you want to create your applications +### Choose the Microsoft Entra tenant where you want to create your applications As a first step you'll need to: -1. Sign in to the [Azure portal](https://portal.azure.com). -1. If your account is present in more than one Azure AD tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Azure AD tenant.. +1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com). +1. If your account is present in more than one Microsoft Entra tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Microsoft Entra tenant.. ### Register the service app (msal-node-api) -1. Navigate to the [Azure portal](https://portal.azure.com) and select the **Azure Active Directory** service. +1. Navigate to the [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Microsoft Entra ID** service. 1. Select the **App Registrations** blade on the left, then select **New registration**. 1. In the **Register an application page** that appears, enter your application's registration information: 1. In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `msal-node-api`. @@ -186,12 +186,12 @@ Open the project in your IDE (like Visual Studio or Visual Studio Code) to confi > In the steps below, "ClientID" is the same as "Application ID" or "AppId". 1. Open the `API\authConfig.js` file. -1. Find the key `Enter_the_Application_Id_Here` and replace the existing value with the application ID (clientId) of `msal-node-api` app copied from the Azure portal. -1. Find the key `Enter_the_Tenant_Info_Here` and replace the existing value with your Azure AD tenant/directory ID. +1. Find the key `Enter_the_Application_Id_Here` and replace the existing value with the application ID (clientId) of `msal-node-api` app copied from the Microsoft Entra admin center. +1. Find the key `Enter_the_Tenant_Info_Here` and replace the existing value with your Microsoft Entra tenant/directory ID. ### Register the client app (msal-javascript-spa) -1. Navigate to the [Azure portal](https://portal.azure.com) and select the **Azure Active Directory** service. +1. Navigate to the [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Microsoft Entra ID** service. 1. Select the **App Registrations** blade on the left, then select **New registration**. 1. In the **Register an application page** that appears, enter your application's registration information: 1. In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `msal-javascript-spa`. @@ -227,9 +227,9 @@ Open the project in your IDE (like Visual Studio or Visual Studio Code) to confi > In the steps below, "ClientID" is the same as "Application ID" or "AppId". 1. Open the `SPA\public\authConfig.js` file. -1. Find the key `Enter_the_Application_Id_Here` and replace the existing value with the application ID (clientId) of `msal-javascript-spa` app copied from the Azure portal. -1. Find the key `Enter_the_Tenant_Info_Here` and replace the existing value with your Azure AD tenant/directory ID. -1. Find the key `Enter_the_Web_Api_Application_Id_Here` and replace the existing value with the application ID (clientId) of `msal-node-api` app copied from the Azure portal. +1. Find the key `Enter_the_Application_Id_Here` and replace the existing value with the application ID (clientId) of `msal-javascript-spa` app copied from the Microsoft Entra admin center. +1. Find the key `Enter_the_Tenant_Info_Here` and replace the existing value with your Microsoft Entra tenant/directory ID. +1. Find the key `Enter_the_Web_Api_Application_Id_Here` and replace the existing value with the application ID (clientId) of `msal-node-api` app copied from the Microsoft Entra admin center. ## Running the sample @@ -310,7 +310,7 @@ The **MSAL.js** exposes the `acquireTokenSilent()` API which is meant to retriev ### Dynamic Scopes and Incremental Consent -In **Azure AD**, the scopes (permissions) set directly on the application registration are called static scopes. Other scopes that are only defined within the code are called dynamic scopes. This has implications on the **login** (i.e. loginPopup, loginRedirect) and **acquireToken** (i.e. `acquireTokenPopup`, `acquireTokenRedirect`, `acquireTokenSilent`) methods of **MSAL.js**. Consider: +In **Microsoft Entra ID**, the scopes (permissions) set directly on the application registration are called static scopes. Other scopes that are only defined within the code are called dynamic scopes. This has implications on the **login** (i.e. loginPopup, loginRedirect) and **acquireToken** (i.e. `acquireTokenPopup`, `acquireTokenRedirect`, `acquireTokenSilent`) methods of **MSAL.js**. Consider: ```javascript const loginRequest = { @@ -467,14 +467,14 @@ Configure your application: Learn more about Microsoft identity platform: -- [Microsoft identity platform (Azure Active Directory for developers)](https://docs.microsoft.com/azure/active-directory/develop/) +- [Microsoft identity platform (Microsoft Entra ID for developers)](https://docs.microsoft.com/azure/active-directory/develop/) - [Overview of Microsoft Authentication Library (MSAL)](https://docs.microsoft.com/azure/active-directory/develop/msal-overview) -- [Understanding Azure AD application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience) +- [Understanding Microsoft Entra application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience) - [Understand user and admin consent](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#understand-user-and-admin-consent) - [Microsoft identity platform and OpenID Connect protocol](https://docs.microsoft.com/azure/active-directory/develop/v2-protocols-oidc) - [Microsoft identity platform ID Tokens](https://docs.microsoft.com/azure/active-directory/develop/id-tokens) -For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see [Authentication Scenarios for Azure AD](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios). +For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see [Authentication Scenarios for Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios). ## Community Help and Support diff --git a/4-Deployment/README.md b/4-Deployment/README.md index 56ccc5c..9171209 100644 --- a/4-Deployment/README.md +++ b/4-Deployment/README.md @@ -18,7 +18,7 @@ This sample demonstrates how to deploy a JavaScript single-page application (SPA ## Scenario -1. The client application uses the **MSAL.js** library to sign-in a user and obtain a JWT **Access Token** from **Azure AD**. +1. The client application uses the **MSAL.js** library to sign-in a user and obtain a JWT **Access Token** from **Microsoft Entra ID**. 1. The **Access Token** is used as a **bearer** token to *authorize* the user to call the protected web API. 1. The protected web API responds with the claims in the **Access Token**. @@ -30,8 +30,8 @@ This sample demonstrates how to deploy a JavaScript single-page application (SPA - A modern web browser. This sample uses **ES6** conventions and will not run on **Internet Explorer**. - [Visual Studio Code](https://code.visualstudio.com/download) is recommended for running and editing this sample. - [VS Code Azure Tools Extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-node-azure-pack) extension is recommended for interacting with **Azure** through VS Code interface. -- An **Azure AD** tenant. For more information, see: [How to get an Azure AD tenant](https://azure.microsoft.com/documentation/articles/active-directory-howto-tenant/) -- A user account in your **Azure AD** tenant. +- An **Microsoft Entra ID** tenant. For more information, see: [How to get a Microsoft Entra tenant](https://azure.microsoft.com/documentation/articles/active-directory-howto-tenant/) +- A user account in your **Microsoft Entra ID** tenant. - An **Azure subscription**. This sample uses **Azure Storage** and **Azure App Service**. ## Setup @@ -68,7 +68,7 @@ Use the same app registration credentials that you've obtained during [**chapter There are basically **3** stages that you will have to go through in order to deploy your projects and enable authentication: 1. Upload your project files to **Azure** services and obtain published website URIs -1. Update **Azure AD** **App Registration** with URIs you have just obtained +1. Update **Microsoft Entra ID** **App Registration** with URIs you have just obtained 1. Update your configuration files with URIs you have just obtained ### Deploy the service app (Node.js web API) @@ -129,8 +129,8 @@ Create a distributable files folder, where your `html`, `css` and `javascript` f #### Step 2: Update the client app's authentication parameters -1. Navigate back to to the [Azure Portal](https://portal.azure.com). -1. In the left-hand navigation pane, select the **Azure Active Directory** service, and then select **App registrations**. +1. Navigate back to to the [Microsoft Entra admin center](https://entra.microsoft.com). +1. In the left-hand navigation pane, select the **Microsoft Entra ID** service, and then select **App registrations**. 1. In the resulting screen, select the name of your application. 1. From the *Branding* menu, update the **Home page URL**, to the address of your service, for example [https://javascriptspa1.z22.web.core.windows.net/](https://javascriptspa1.z22.web.core.windows.net/). Save the configuration. 1. Add the same URI in the list of values of the *Authentication -> Redirect URIs* menu. If you have multiple redirect URIs, make sure that there a new entry using the App service's URI for each redirect URI. @@ -163,7 +163,7 @@ Were we successful in addressing your learning objective? Consider taking a mome - [Azure Blob Storage](https://docs.microsoft.com/azure/storage/blobs/) - [Azure App Services](https://docs.microsoft.com/azure/app-service/) -For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see [Authentication Scenarios for Azure AD](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios). +For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see [Authentication Scenarios for Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios). ## Community Help and Support diff --git a/LICENSE.md b/LICENSE.md index 7965606..9e841e7 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -18,4 +18,4 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - SOFTWARE \ No newline at end of file + SOFTWARE diff --git a/README.md b/README.md index 2fd929c..a184ca1 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ products: - azure-storage - azure-key-vault - azure-functions -- azure-active-directory +- microsoft-entra-id - azure-active-directory-b2c - microsoft-identity-platform description: "Tutorial: Enable your JavaScript single-page application (SPA) to sign-in users and call APIs with the Microsoft identity platform" @@ -24,7 +24,7 @@ urlFragment: "ms-identity-javascript-tutorial" ![npm](https://img.shields.io/npm/v/@azure/msal-browser?label=msal-browser) ![GitHub](https://img.shields.io/github/license/Azure-Samples/ms-identity-javascript-tutorial) -The [Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/v2-overview), along with [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) (Azure AD) and [Azure Azure Active Directory B2C](https://docs.microsoft.com/azure/active-directory-b2c/overview) (Azure AD B2C) are central to the **Azure** cloud ecosystem. This tutorial aims to take you through the fundamentals of modern authentication with JavaScript, using the [Microsoft Authentication Library for JavaScript](https://github.com/AzureAD/microsoft-authentication-library-for-js) (MSAL.js). +The [Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/v2-overview), along with [Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) (Microsoft Entra ID) and [Azure Azure Active Directory B2C](https://docs.microsoft.com/azure/active-directory-b2c/overview) (Azure Active Directory B2C) are central to the **Azure** cloud ecosystem. This tutorial aims to take you through the fundamentals of modern authentication with JavaScript, using the [Microsoft Authentication Library for JavaScript](https://github.com/AzureAD/microsoft-authentication-library-for-js) (MSAL.js). We recommend following the chapters in successive order. However, the code samples are self-contained, so feel free to pick samples by topics that you may need at the moment. @@ -43,7 +43,7 @@ Please refer to each sample's README for sample-specific prerequisites. - [jwt.ms](https://jwt.ms) for inspecting your tokens - [Fiddler](https://www.telerik.com/fiddler) for monitoring your network activity and troubleshooting -- Follow the [Azure AD Blog](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity) to stay up-to-date with the latest developments +- Follow the [Microsoft Entra ID Blog](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity) to stay up-to-date with the latest developments Please refer to each sample's README for sample-specific recommendations. @@ -53,21 +53,21 @@ Please refer to each sample's README for sample-specific recommendations. | | | |---------------|---------------| -| | [**Sign-in with Azure AD**](./1-Authentication/1-sign-in)
Sign-in your users with the **Azure AD** and learn to work with **ID Tokens**. Learn how **single sign-on (SSO)** works. Learn to secure your apps to operate in **national clouds**. | -| | [**Sign-in with Azure AD B2C**](./1-Authentication/2-sign-in-b2c)
Sign-in your customers with **Azure AD B2C**. Learn to integrate with **external social identity providers**. Learn how to use **user-flows** and **custom policies**. | +| | [**Sign-in with Microsoft Entra ID**](./1-Authentication/1-sign-in)
Sign-in your users with the **Microsoft Entra ID** and learn to work with **ID Tokens**. Learn how **single sign-on (SSO)** works. Learn to secure your apps to operate in **national clouds**. | +| | [**Sign-in with Azure Active Directory B2C**](./1-Authentication/2-sign-in-b2c)
Sign-in your customers with **Azure Active Directory B2C**. Learn to integrate with **external social identity providers**. Learn how to use **user-flows** and **custom policies**. | ### Chapter 2: Sign-in a user and get an Access Token for Microsoft Graph | | | |----------------|---------------| -| | [**Get an Access Token from Azure AD and call Microsoft Graph**](./2-Authorization-I/1-call-graph)
Authenticate your users and acquire an **Access Token** for Microsoft Graph and then call the **Microsoft Graph API**. | +| | [**Get an Access Token from Microsoft Entra ID and call Microsoft Graph**](./2-Authorization-I/1-call-graph)
Authenticate your users and acquire an **Access Token** for Microsoft Graph and then call the **Microsoft Graph API**. | ### Chapter 3: Protect an API and call the API from your client app | | | |-----------------|---------------| -| | [**Protect and call a web API on Azure AD**](./3-Authorization-II/1-call-api)
Protect your web API with the **Azure AD**. Use a client application to sign-in a user, acquire an **Access Token** for your web API and call your protected Web API. | -| | [**Protect and call a web API on Azure AD B2C**](./3-Authorization-II/2-call-api-b2c)
Protect your web API with **Azure AD B2C**. Use a client application to sign-in a user, acquire an **Access Token** for your web API and call your protected web API. | +| | [**Protect and call a web API on Microsoft Entra ID**](./3-Authorization-II/1-call-api)
Protect your web API with the **Microsoft Entra ID**. Use a client application to sign-in a user, acquire an **Access Token** for your web API and call your protected Web API. | +| | [**Protect and call a web API on Azure Active Directory B2C**](./3-Authorization-II/2-call-api-b2c)
Protect your web API with **Azure Active Directory B2C**. Use a client application to sign-in a user, acquire an **Access Token** for your web API and call your protected web API. | ### Chapter 4: Deploy your applications to Azure @@ -87,9 +87,9 @@ Learn more about the **Microsoft identity platform**: - [Azure Active Directory B2C](https://docs.microsoft.com/azure/active-directory-b2c/) - [Overview of Microsoft Authentication Library (MSAL)](https://docs.microsoft.com/azure/active-directory/develop/msal-overview) - [Application types for Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/v2-app-types) -- [Understanding Azure AD application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience) +- [Understanding Microsoft Entra application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience) - [Understand user and admin consent](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#understand-user-and-admin-consent) -- [Application and service principal objects in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals) +- [Application and service principal objects in Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals) - [Microsoft identity platform best practices and recommendations](https://docs.microsoft.com/azure/active-directory/develop/identity-platform-integration-checklist) See more code samples: From d076beea8930849cb372958889e74ee892c2c6a3 Mon Sep 17 00:00:00 2001 From: DidunAyodeji <98491992+DidunAyodeji@users.noreply.github.com> Date: Fri, 14 Jun 2024 17:12:28 -0400 Subject: [PATCH 2/3] Update 1-Authentication/1-sign-in/README.md Co-authored-by: Dickson Mwendia <64727760+Dickson-Mwendia@users.noreply.github.com> --- 1-Authentication/1-sign-in/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/1-Authentication/1-sign-in/README.md b/1-Authentication/1-sign-in/README.md index 5c209e0..c964548 100644 --- a/1-Authentication/1-sign-in/README.md +++ b/1-Authentication/1-sign-in/README.md @@ -12,7 +12,7 @@ urlFragment: ms-identity-javascript-tutorial extensions: - services: ms-identity - platform: JavaScript -- endpoint: Microsoft Entra ID v2.0 +- endpoint: Microsoft identity platform - level: 100 - client: Vanilla JavaScript SPA --- From 5f7b88cf06d17ba8f1f570191128d03f6d31698e Mon Sep 17 00:00:00 2001 From: DidunAyodeji <98491992+DidunAyodeji@users.noreply.github.com> Date: Fri, 14 Jun 2024 17:12:34 -0400 Subject: [PATCH 3/3] Update 2-Authorization-I/1-call-graph/README.md Co-authored-by: Dickson Mwendia <64727760+Dickson-Mwendia@users.noreply.github.com> --- 2-Authorization-I/1-call-graph/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2-Authorization-I/1-call-graph/README.md b/2-Authorization-I/1-call-graph/README.md index ceb828a..7619b7d 100644 --- a/2-Authorization-I/1-call-graph/README.md +++ b/2-Authorization-I/1-call-graph/README.md @@ -12,7 +12,7 @@ urlFragment: ms-identity-javascript-tutorial extensions: - services: ms-identity - platform: JavaScript -- endpoint: Microsoft Entra ID v2.0 +- endpoint: Microsoft identity platform - level: 100 - client: Vanilla JavaScript SPA - service: Microsoft Graph