Jmprieur/update to microsoft identity web 0 2 0 (#148)

* Update to Microsoft.Identity.Web 0.2.0 and MSAL.NET 4.16.0

* Updating the 2nd folder

* Updating the 3rd folder

* Updating folder 4

Author: jmprieur

1. Desktop app calls Web API/README-incremental.md

@@ -289,10 +289,10 @@ Replace:
 With:
 
 ```CSharp
-services.AddProtectedWebApi(Configuration);
+services.AddMicrosoftWebApiAuthentication(Configuration);
 ```
 
-The method `AddProtectedWebApi` in Microsoft.Identity.Web ensures that:
+The method `AddMicrosoftWebApiAuthentication` in Microsoft.Identity.Web ensures that:
 
 - the tokens are validated with Microsoft Identity Platform 
 - the valid audiences are both the ClientID of our Web API (default value of `options.Audience` with the ASP.NET Core template) and api://{ClientID}
@@ -314,10 +314,14 @@ If you are not using Visual Studio, edit the `TodoListService\Properties\launchs
 
 ## Choosing which scopes to expose
 
-This sample exposes a delegated permission (access_as_user) that will be presented in the access token claim. The method `AddProtectedWebApi` does not validate the scope, but Microsoft.Identity.Web has a HttpContext extension method, `VerifyUserHasAnyAcceptedScope`, where you can validate the scope as below:
+This sample exposes a delegated permission (access_as_user) that will be presented in the access token claim. The method `AddMicrosoftWebApiAuthentication` does not validate the scope, but Microsoft.Identity.Web has a HttpContext extension method, `VerifyUserHasAnyAcceptedScope`, where you can validate the scope from a controller action, as below:
 
 ```csharp
-HttpContext.VerifyUserHasAnyAcceptedScope(scopeRequiredByApi);
+public IEnumerable<TodoItem> Get()
+{
+ HttpContext.VerifyUserHasAnyAcceptedScope(scopeRequiredByApi);
+ // process the action
+}
 ```
 
 ### For delegated permissions how to access scopes

1. Desktop app calls Web API/README.md

@@ -298,10 +298,10 @@ Replace:
 With:
 
 ```CSharp
-services.AddProtectedWebApi(Configuration);
+services.AddMicrosoftWebApiAuthentication(Configuration);
 ```
 
-The method `AddProtectedWebApi` in Microsoft.Identity.Web ensures that:
+The method `AddMicrosoftWebApiAuthentication` in Microsoft.Identity.Web ensures that:
 
 - the tokens are validated with Microsoft Identity Platform 
 - the valid audiences are both the ClientID of our Web API (default value of `options.Audience` with the ASP.NET Core template) and api://{ClientID}
@@ -323,12 +323,15 @@ If you are not using Visual Studio, edit the `TodoListService\Properties\launchs
 
 ## Choosing which scopes to expose
 
-This sample exposes a delegated permission (access_as_user) that will be presented in the access token claim. The method `AddProtectedWebApi` does not validate the scope, but Microsoft.Identity.Web has a HttpContext extension method, `VerifyUserHasAnyAcceptedScope`, where you can validate the scope as below:
+This sample exposes a delegated permission (access_as_user) that will be presented in the access token claim. The method `AddMicrosoftWebApiAuthentication` does not validate the scope, but Microsoft.Identity.Web has a HttpContext extension method, `VerifyUserHasAnyAcceptedScope`, where you can validate the scope, from a controller action, as below:
 
 ```csharp
-HttpContext.VerifyUserHasAnyAcceptedScope(scopeRequiredByApi);
+public IEnumerable<TodoItem> Get()
+{
+ HttpContext.VerifyUserHasAnyAcceptedScope(scopeRequiredByApi);
+ // process the action
+}
 ```
-
 ### For delegated permissions how to access scopes
 
 If a token has delegated permission scopes, they will be in the `scp` or `http://schemas.microsoft.com/identity/claims/scope` claim.

1. Desktop app calls Web API/TodoListClient/TodoListClient.csproj

@@ -109,7 +109,7 @@
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.Identity.Client">
-      <Version>4.11.0</Version>
+      <Version>4.16.0</Version>
     </PackageReference>
     <PackageReference Include="Newtonsoft.Json">
       <Version>11.0.2</Version>

1. Desktop app calls Web API/TodoListService/Properties/serviceDependencies.json

@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets"
+    }
+  }
+}

1. Desktop app calls Web API/TodoListService/Properties/serviceDependencies.local.json

@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets.user"
+    }
+  }
+}

1. Desktop app calls Web API/TodoListService/Startup.cs

@@ -22,7 +22,7 @@ public Startup(IConfiguration configuration)
         // This method gets called by the runtime. Use this method to add services to the container.
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddProtectedWebApi(Configuration);
+            services.AddMicrosoftWebApiAuthentication(Configuration);
 
             services.AddControllers();
         }

1. Desktop app calls Web API/TodoListService/TodoListService.csproj

@@ -7,6 +7,6 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Identity.Web" Version="0.1.2-preview" />
+    <PackageReference Include="Microsoft.Identity.Web" Version="0.2.0-preview" />
   </ItemGroup>
 </Project>

2. Web API now calls Microsoft Graph/README-incremental.md

@@ -187,12 +187,12 @@ Update `Startup.cs` file:
   by
 
   ```csharp
-  services.AddProtectedWebApi(Configuration)
-          .AddProtectedApiCallsWebApis(Configuration)
+  services.AddMicrosoftWebApiAuthentication(Configuration)
+          .AddMicrosoftWebApiCallsWebApi(Configuration)
           .AddInMemoryTokenCaches();
   ```
 
-  `AddProtectedWebApi` does the following:
+  `AddMicrosoftWebApiAuthentication` does the following:
   - add the **Jwt**BearerAuthenticationScheme (Note the replacement of BearerAuthenticationScheme by **Jwt**BearerAuthenticationScheme)
   - set the authority to be the Microsoft identity platform identity
   - sets the audiences to validate
@@ -231,7 +231,7 @@ Update `Startup.cs` file:
 
   The implementations of these classes are in the Microsoft.Identity.Web library (and folder), and they are designed to be reusable in your applications (Web apps and Web apis)
 
-  `AddProtectedApiCallsWebApis` subscribes to the `OnTokenValidated` JwtBearerAuthentication event, and, in this event, adds the user account into MSAL.NET's user token cache by using the AcquireTokenOnBehalfOfUser method. This is done by the `AddAccountToCacheFromJwt` method of the `ITokenAcquisition` micro-service, which wraps MSAL.NET
+  `AddMicrosoftWebApiCallsWebApi` subscribes to the `OnTokenValidated` JwtBearerAuthentication event, and, in this event, adds the user account into MSAL.NET's user token cache by using the AcquireTokenOnBehalfOfUser method. This is done by the `AddAccountToCacheFromJwt` method of the `ITokenAcquisition` micro-service, which wraps MSAL.NET
 
   ```CSharp
   services.Configure<JwtBearerOptions>(AzureADDefaults.JwtBearerAuthenticationScheme, options =>
@@ -293,7 +293,7 @@ This method is the following. It:
         }
         catch (MsalUiRequiredException ex)
         {
-            tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(scopes, ex);
+            await tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeaderAsync(scopes, ex);
             return string.Empty;
         }
     }
@@ -305,7 +305,7 @@ This method is the following. It:
 
 An interesting piece is how `MsalUiRequiredException` are handled. These exceptions are typically sent by Azure AD when there is a need for a user interaction. This can be the case when the user needs to re-sign-in, or needs to grant some additional consent, or to obtain additional claims. For instance, the user might need to do multi-factor authentication required specifically by a specific downstream API. When these exceptions happen, given that the Web API does not have any UI, it needs to challenge the client passing all the information enabling this client to handle the interaction with the user.
 
-This sample uses the `ReplyForbiddenWithWwwAuthenticateHeader` method of the `TokenAcquisition` service. This method uses the HttpResponse to:
+This sample uses the `ReplyForbiddenWithWwwAuthenticateHeaderAsync` method of the `TokenAcquisition` service. This method uses the HttpResponse to:
 
 - Send an HTTP 404 (Forbidden) to the client
 - Set information in the www-Authenticate header of the HttpResponse with information that would enable a client to get more consent from the user that is:

2. Web API now calls Microsoft Graph/README.md

@@ -304,12 +304,12 @@ Update `Startup.cs` file:
   by
 
   ```csharp
-  services.AddProtectedWebApi(Configuration)
-          .AddProtectedApiCallsWebApis(Configuration)
+  services.AddMicrosoftWebApiAuthentication(Configuration)
+          .AddMicrosoftWebApiCallsWebApi(Configuration)
           .AddInMemoryTokenCaches();
   ```
 
-  `AddProtectedWebApi` does the following:
+  `AddMicrosoftWebApiAuthentication` does the following:
   - add the **JwtBearerAuthenticationScheme** (Note the replacement of BearerAuthenticationScheme by JwtBearerAuthenticationScheme)
   - set the authority to be the Microsoft identity platform identity
   - set the audiences to be validated
@@ -322,7 +322,7 @@ Update `Startup.cs` file:
 
   The implementations of these classes are in the [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) library, and they are designed to be reusable in your applications (Web apps and Web apis).
 
-  `AddProtectedApiCallsWebApis` subscribes to the `OnTokenValidated` JwtBearerAuthentication event, and in this event, adds the user account into MSAL.NET's user token cache.
+  `AddMicrosoftWebApiCallsWebApi` subscribes to the `OnTokenValidated` JwtBearerAuthentication event, and in this event, adds the user account into MSAL.NET's user token cache.
 
   `AddInMemoryTokenCaches` adds an in memory token cache provider, which will cache the Access Tokens acquired for the downstream Web API.
 
@@ -363,7 +363,7 @@ This method:
         }
         catch (MsalUiRequiredException ex)
         {
-            tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(scopes, ex);
+            await tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeaderAsync(scopes, ex);
             return string.Empty;
         }
     }
@@ -375,7 +375,7 @@ This method:
 
 An interesting piece is how `MsalUiRequiredException` are handled. These exceptions are typically sent by Azure AD when there is a need for a user interaction. This can be the case when the user needs to re-sign-in, or needs to grant some additional consent, or to obtain additional claims. For instance, the user might need to do multi-factor authentication required specifically by a specific downstream API. When these exceptions happen, given that the Web API does not have any UI, it needs to challenge the client app passing all the required information, so this client app can handle the interaction with the user.
 
-This sample uses the `ReplyForbiddenWithWwwAuthenticateHeader` available on the `TokenAcquisition` service (part of Microsoft.Identity.Web library), which uses the HttpResponse to:
+This sample uses the `ReplyForbiddenWithWwwAuthenticateHeaderAsync` available on the `TokenAcquisition` service (part of Microsoft.Identity.Web library), which uses the HttpResponse to:
 
 - Send an HTTP 403 (Forbidden) to the client app
 - Set information in the www-Authenticate header of the HttpResponse with information that would enable a client to get more consent from the user that is:

2. Web API now calls Microsoft Graph/TodoListClient/TodoListClient.csproj

@@ -109,7 +109,7 @@
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.Identity.Client">
-      <Version>4.11.0</Version>
+      <Version>4.16.0</Version>
     </PackageReference>
     <PackageReference Include="Newtonsoft.Json">
       <Version>11.0.2</Version>