responed to comments

Author: salman90

2-Authorization-I/1-call-graph/App/authConfig.js

@@ -6,7 +6,7 @@
 const msalConfig = {
     auth: {
         clientId: 'Enter_the_Application_Id_Here', // This is the ONLY mandatory field that you need to supply.
-        authority: 'https://login.microsoftonline.com/Enter_the_Tenant_Info_Here', // Defaults to "https://login.microsoftonline.com/common"
+        authority: 'https://login.microsoftonline.com/Enter_the_Tenant_Id_Here', // Defaults to "https://login.microsoftonline.com/common"
         redirectUri: '/', // You must register this URI on Azure Portal/App Registration. Defaults to window.location.href
         postLogoutRedirectUri: '/', //Indicates the page to navigate after logout.
         clientCapabilities: ['CP1'], // this lets the resource owner know that this client is capable of handling claims challenge.

2-Authorization-I/1-call-graph/App/authPopup.js

@@ -6,7 +6,8 @@ let username = '';
 
 myMSALObj.addEventCallback((event) => {
     if (
-        (event.eventType === msal.EventType.LOGIN_SUCCESS || event.eventType === msal.EventType.ACQUIRE_TOKEN_SUCCESS) &&
+        (event.eventType === msal.EventType.LOGIN_SUCCESS ||
+            event.eventType === msal.EventType.ACQUIRE_TOKEN_SUCCESS) &&
         event.payload.account
     ) {
         const account = event.payload.account;
@@ -32,11 +33,11 @@ function selectAccount() {
         // Add choose account code here
         username = myMSALObj.getActiveAccount().username;
         showWelcomeMessage(username, currentAccounts);
-    } 
+    }
 }
 
 async function addAnotherAccount(event) {
-    if (event.target.innerHTML.includes("@")) {
+    if (event.target.innerHTML.includes('@')) {
         const username = event.target.innerHTML;
         const account = myMSALObj.getAllAccounts().find((account) => account.username === username);
         const activeAccount = myMSALObj.getActiveAccount();
@@ -117,7 +118,7 @@ function signOut() {
     const logoutRequest = {
         account: account,
         redirectUri: '/redirect',
-        mainWindowRedirectUri: '/signout',
+        mainWindowRedirectUri: '/',
     };
     clearStorage(account);
     myMSALObj.logoutPopup(logoutRequest).catch((error) => {
@@ -126,95 +127,23 @@ function signOut() {
 }
 
 function seeProfile() {
-    const account = myMSALObj.getAccountByUsername(username);
-    getGraphClient({
-        account: account,
-        scopes: graphConfig.graphMeEndpoint.scopes,
-        interactionType: msal.InteractionType.Popup,
-    })
-        .api('/me')
-        .responseType('raw')
-        .get()
-        .then((response) => {
-            return handleClaimsChallenge(account, response, graphConfig.graphMeEndpoint.uri);
-        })
-        .then((response) => {
-            if (response && response.error === 'claims_challenge_occurred') throw response.error;
-            return updateUI(response, graphConfig.graphMeEndpoint.uri);
-        })
-        .catch((error) => {
-            if (error === 'claims_challenge_occurred') {
-                const resource = new URL(graphConfig.graphMeEndpoint.uri).hostname;
-                const claims =
-                    account &&
-                    getClaimsFromStorage(`cc.${msalConfig.auth.clientId}.${account.idTokenClaims.oid}.${resource}`)
-                        ? window.atob(
-                              getClaimsFromStorage(
-                                  `cc.${msalConfig.auth.clientId}.${account.idTokenClaims.oid}.${resource}`
-                              )
-                          )
-                        : undefined; // e.g {"access_token":{"xms_cc":{"values":["cp1"]}}}
-                let request = {
-                    account: account,
-                    scopes: graphConfig.graphMeEndpoint.scopes,
-                    claims: claims,
-                    redirectUri: '/redirect',
-                };
-
-                myMSALObj.acquireTokenPopup(request).catch((error) => {
-                    console.log(error);
-                });
-            } else {
-                console.log(error);
-            }
-        });
+    callGraph(
+        username,
+        graphConfig.graphMeEndpoint.scopes,
+        graphConfig.graphMeEndpoint.uri,
+        msal.InteractionType.Popup,
+        myMSALObj
+    ); 
 }
 
 function readContacts() {
-    const account = myMSALObj.getAccountByUsername(username);
-    getGraphClient({
-        account: account,
-        scopes: graphConfig.graphContactsEndpoint.scopes,
-        interactionType: msal.InteractionType.Popup,
-    })
-        .api('/me/contacts')
-        .responseType('raw')
-        .get()
-        .then((response) => {
-            return handleClaimsChallenge(account, response, graphConfig.graphContactsEndpoint.uri);
-        })
-        .then((response) => {
-            if (response && response.error === 'claims_challenge_occurred') throw response.error;
-            return updateUI(response, graphConfig.graphContactsEndpoint.uri);
-        })
-        .catch((error) => {
-            if (error === 'claims_challenge_occurred') {
-                const resource = new URL(graphConfig.graphContactsEndpoint.uri).hostname;
-                const claims =
-                    account &&
-                    getClaimsFromStorage(`cc.${msalConfig.auth.clientId}.${account.idTokenClaims.oid}.${resource}`)
-                        ? window.atob(
-                              getClaimsFromStorage(
-                                  `cc.${msalConfig.auth.clientId}.${account.idTokenClaims.oid}.${resource}`
-                              )
-                          )
-                        : undefined; // e.g {"access_token":{"xms_cc":{"values":["cp1"]}}}
-                let request = {
-                    account: account,
-                    scopes: graphConfig.graphContactsEndpoint.scopes,
-                    claims: claims,
-                    redirectUri: '/redirect',
-                };
-
-                myMSALObj.acquireTokenPopup(request).catch((error) => {
-                    console.log(error);
-                });
-            } else if (error.toString().includes('404')) {
-                return updateUI(null, graphConfig.graphContactsEndpoint.uri);
-            } else {
-                console.log(error);
-            }
-        });
+    callGraph(
+        username,
+        graphConfig.graphContactsEndpoint.scopes,
+        graphConfig.graphContactsEndpoint.uri,
+        msal.InteractionType.Popup,
+        myMSALObj
+    );
 }
 
 selectAccount();

2-Authorization-I/1-call-graph/App/authRedirect.js

@@ -121,96 +121,29 @@ function signOut() {
     const account = myMSALObj.getAccountByUsername(username);
     const logoutRequest = {
         account: account,
+        loginHint: account.idTokenClaims.login_hint,
     };
 
     clearStorage(account);
     myMSALObj.logoutRedirect(logoutRequest);
 }
 
 function seeProfile() {
-    const account = myMSALObj.getAccountByUsername(username);
-
-    getGraphClient({
-        account: account,
-        scopes: graphConfig.graphMeEndpoint.scopes,
-        interactionType: msal.InteractionType.Redirect,
-    })
-        .api('/me')
-        .responseType('raw')
-        .get()
-        .then((response) => {
-            return handleClaimsChallenge(account, response, graphConfig.graphMeEndpoint.uri);
-        })
-        .then((response) => {
-            if (response && response.error === 'claims_challenge_occurred') throw response.error;
-            return updateUI(response, graphConfig.graphMeEndpoint.uri);
-        })
-        .catch((error) => {
-            if (error === 'claims_challenge_occurred') {
-                const resource = new URL(graphConfig.graphMeEndpoint.uri).hostname;
-                const claims =
-                    account &&
-                    getClaimsFromStorage(`cc.${msalConfig.auth.clientId}.${account.idTokenClaims.oid}.${resource}`)
-                        ? window.atob(
-                              getClaimsFromStorage(
-                                  `cc.${msalConfig.auth.clientId}.${account.idTokenClaims.oid}.${resource}`
-                              )
-                          )
-                        : undefined; // e.g {"access_token":{"xms_cc":{"values":["cp1"]}}}
-                let request = {
-                    account: account,
-                    scopes: graphConfig.graphMeEndpoint.scopes,
-                    claims: claims,
-                };
-
-                myMSALObj.acquireTokenRedirect(request);
-            } else {
-                console.log(error);
-            }
-        });
+    callGraph(
+        username,
+        graphConfig.graphMeEndpoint.scopes,
+        graphConfig.graphMeEndpoint.uri,
+        msal.InteractionType.Redirect,
+        myMSALObj
+    ); 
 }
 
 function readContacts() {
-    const account = myMSALObj.getAccountByUsername(username);
-    getGraphClient({
-        account: account,
-        scopes: graphConfig.graphContactsEndpoint.scopes,
-        interactionType: msal.InteractionType.Redirect,
-    })
-        .api('/me/contacts')
-        .responseType('raw')
-        .get()
-        .then((response) => {
-            return handleClaimsChallenge(account, response, graphConfig.graphContactsEndpoint.uri);
-        })
-        .then((response) => {
-            if (response && response.error === 'claims_challenge_occurred') throw response.error;
-            return updateUI(response, graphConfig.graphContactsEndpoint.uri);
-        })
-        .catch((error) => {
-            if (error === 'claims_challenge_occurred') {
-                const resource = new URL(graphConfig.graphContactsEndpoint.uri).hostname;
-                const claims =
-                    account &&
-                    getClaimsFromStorage(`cc.${msalConfig.auth.clientId}.${account.idTokenClaims.oid}.${resource}`)
-                        ? window.atob(
-                              getClaimsFromStorage(
-                                  `cc.${msalConfig.auth.clientId}.${account.idTokenClaims.oid}.${resource}`
-                              )
-                          )
-                        : undefined; // e.g {"access_token":{"xms_cc":{"values":["cp1"]}}}
-
-                let request = {
-                    account: account,
-                    scopes: graphConfig.graphContactsEndpoint.scopes,
-                    claims: claims,
-                };
-
-                myMSALObj.acquireTokenRedirect(request);
-            } else if (error.toString().includes('404')) {
-                return updateUI(null, graphConfig.graphContactsEndpoint.uri);
-            } else {
-                console.log(error);
-            }
-        });
+    callGraph(
+        username,
+        graphConfig.graphContactsEndpoint.scopes,
+        graphConfig.graphContactsEndpoint.uri,
+        msal.InteractionType.Redirect,
+        myMSALObj
+    );
 }

2-Authorization-I/1-call-graph/App/fetch.js

@@ -10,7 +10,7 @@
  * @param {object} response
  * @returns response
  */
-const handleClaimsChallenge = async (account,response, apiEndpoint) => {
+const handleClaimsChallenge = async (account, response, apiEndpoint) => {
     if (response.status === 200) {
         return response.json();
     } else if (response.status === 401) {
@@ -37,10 +37,10 @@ const handleClaimsChallenge = async (account,response, apiEndpoint) => {
 };
 
 /**
-* This method parses WWW-Authenticate authentication headers 
-* @param header
-* @return {Object} challengeMap
-*/
+ * This method parses WWW-Authenticate authentication headers
+ * @param header
+ * @return {Object} challengeMap
+ */
 const parseChallenges = (header) => {
     const schemeSeparator = header.indexOf(' ');
     const challenges = header.substring(schemeSeparator + 1).split(',');
@@ -52,12 +52,75 @@ const parseChallenges = (header) => {
     });
 
     return challengeMap;
-}
+};
 
+/**
+ * This method calls the Graph API by utilizing the graph client instance.
+ * @param {String} username 
+ * @param {Array} scopes 
+ * @param {String} uri 
+ * @param {String} interactionType 
+ * @param {Object} myMSALObj 
+ * @returns 
+ */
+const callGraph = async (username, scopes, uri, interactionType, myMSALObj) => {
+    const account = myMSALObj.getAccountByUsername(username);
+    try {
+        let response = await getGraphClient({
+            account: account,
+            scopes: scopes,
+            interactionType: interactionType,
+        })
+            .api(uri)
+            .responseType('raw')
+            .get();
+        response = await handleClaimsChallenge(account, response, uri);
+        if (response && response.error === 'claims_challenge_occurred') throw response.error;
+        updateUI(response, uri);
+    } catch (error) {
+        if (error === 'claims_challenge_occurred') {
+            const resource = new URL(uri).hostname;
+            const claims =
+                account &&
+                getClaimsFromStorage(`cc.${msalConfig.auth.clientId}.${account.idTokenClaims.oid}.${resource}`)
+                    ? window.atob(
+                          getClaimsFromStorage(
+                              `cc.${msalConfig.auth.clientId}.${account.idTokenClaims.oid}.${resource}`
+                          )
+                      )
+                    : undefined; // e.g {"access_token":{"xms_cc":{"values":["cp1"]}}}
+            let request = {
+                account: account,
+                scopes: scopes,
+                claims: claims,
+            };
+            switch (interactionType) {
+                case msal.InteractionType.Popup:
+                    
+                    await myMSALObj.acquireTokenPopup({
+                        ...request,
+                        redirectUri: '/redirect',
+                    });
+                    break;
+                case msal.InteractionType.Redirect:
+                    await myMSALObj.acquireTokenRedirect(request);
+                    break;
+                default:
+                    await myMSALObj.acquireTokenRedirect(request);
+                    break;
+            }
+        } else if (error.toString().includes('404')) {
+            return updateUI(null, uri);
+        } else {
+            console.log(error);
+        }
+    }
+}
 
 // exporting config object for jest
 if (typeof exports !== 'undefined') {
     module.exports = {
         handleClaimsChallenge: handleClaimsChallenge,
+        callGraph: callGraph,
     };
-}
+}

2-Authorization-I/1-call-graph/AppCreationScripts/Configure.ps1

@@ -249,12 +249,14 @@ Function ConfigureApplications
 
     $newClaim =  CreateOptionalClaim  -name "acct" 
     $optionalClaims.IdToken += ($newClaim)
+    $newClaim =  CreateOptionalClaim  -name "login_hint" 
+    $optionalClaims.IdToken += ($newClaim)
     Update-MgApplication -ApplicationId $currentAppObjectId -OptionalClaims $optionalClaims
     Write-Host "Done creating the client application (ms-identity-javascript-c2s1)"
 
     # URL of the AAD application in the Azure portal
     # Future? $clientPortalUrl = "https://portal.azure.com/#@"+$tenantName+"/blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/"+$currentAppId+"/objectId/"+$currentAppObjectId+"/isMSAApp/"
-    $clientPortalUrl = "https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/~/Overview/appId/"+$currentAppId+"/isMSAApp~/false"
+    $clientPortalUrl = "https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/"+$currentAppId+"/objectId/"+$currentAppObjectId+"/isMSAApp/"
 
     Add-Content -Value "<tr><td>client</td><td>$currentAppId</td><td><a href='$clientPortalUrl'>ms-identity-javascript-c2s1</a></td></tr>" -Path createdApps.html
     # Declare a list to hold RRA items    
@@ -282,7 +284,7 @@ Function ConfigureApplications
     # $configFile = $pwd.Path + "\..\App\authConfig.js"
     $configFile = $(Resolve-Path ($pwd.Path + "\..\App\authConfig.js"))
 
-    $dictionary = @{ "Enter_the_Application_Id_Here" = $clientAadApplication.AppId;"Enter_the_Tenant_Info_Here" = $tenantId };
+    $dictionary = @{ "Enter_the_Application_Id_Here" = $clientAadApplication.AppId;"Enter_the_Tenant_Id_Here" = $tenantId };
 
     Write-Host "Updating the sample config '$configFile' with the following config values:" -ForegroundColor Yellow 
     $dictionary