Updated api pattern and target framework (#140)

* Updated api pattern and target framework

* api pattern_not mandatory requirement

* Updated graph api calls using Graph SDK

* Check client Id to access API

* Removed manual step to add platform

* Made a few fixes

* Updated the pattern for custom OnTokenValidated event

* small improvements

* README sync with code generator

* Adjusted KCA text

* Updated Readme files and topologies

* Rename the AddPop method (#146)

into AddProofOfPosession

* Update for Merge error

Co-authored-by: Kalyan Krishna <kalyan.krishna@microsoft.com>
Co-authored-by: Tiago Brenck <v-tibre@microsoft.com>
Co-authored-by: Jean-Marc Prieur <jmprieur@microsoft.com>

Author: 4 people

1. Desktop app calls Web API/README-incremental.md

@@ -7,6 +7,6 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Identity.Web" Version="0.1.5-preview" />
+    <PackageReference Include="Microsoft.Identity.Web" Version="0.1.2-preview" />
   </ItemGroup>
 </Project>

1. Desktop app calls Web API/README.md

@@ -1,4 +1,4 @@
-# Registering the sample apps with Microsoft Identity Platform and updating the configuration files using PowerShell scripts
+# Registering the sample apps with Microsoft identity platform and updating the configuration files using PowerShell scripts
 
 ## Overview
 
@@ -11,7 +11,8 @@
    ```
 1. Run the script to create your Azure AD application and configure the code of the sample application accordingly. (Other ways of running the scripts are described below)
    ```PowerShell
-   .\AppCreationScripts\Configure.ps1
+   cd .\AppCreationScripts\
+   .\Configure.ps1
    ```
 1. Open the Visual Studio solution and click start
 
@@ -26,6 +27,7 @@ The following paragraphs:
   - [Passing credentials](#option-2-non-interactive) to create the app in your home tenant
   - [Interactively in a specific tenant](#option-3-interactive-but-create-apps-in-a-specified-tenant)
   - [Passing credentials in a specific tenant](#option-4-non-interactive-and-create-apps-in-a-specified-tenant)
+  - [Passing environment name, for Sovereign clouds](#running-the-script-on-azure-sovereign-clouds)
 
 ## Goal of the scripts
 
@@ -49,7 +51,7 @@ These scripts are:
 
 The `Configure.ps1` will stop if it tries to create an Azure AD application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below.
 
-## How to use the app creation scripts ?
+## How to use the app creation scripts?
 
 ### Pre-requisites
 
@@ -107,7 +109,7 @@ Note that the script will choose the tenant in which to create the applications,
 
 #### Option 2 (non-interactive)
 
-When you know the indentity and credentials of the user in the name of whom you want to create the applications, you can use the non-interactive approach. It's more adapted to DevOps. Here is an example of script you'd want to run in a PowerShell Window
+When you know the identity and credentials of the user in the name of whom you want to create the applications, you can use the non-interactive approach. It's more adapted to DevOps. Here is an example of script you'd want to run in a PowerShell Window
 
 ```PowerShell
 $secpasswd = ConvertTo-SecureString "[Password here]" -AsPlainText -Force
@@ -144,3 +146,21 @@ $tenantId = "yourTenantIdGuid"
 . .\Cleanup.ps1 -Credential $mycreds -TenantId $tenantId
 . .\Configure.ps1 -Credential $mycreds -TenantId $tenantId
 ```
+
+### Running the script on Azure Sovereign clouds
+
+All the four options listed above, can be used on any Azure Sovereign clouds. By default, the script targets `AzureCloud`, but it can be changed using the parameter `-AzureEnvironmentName`.
+
+The acceptable values for this parameter are:
+
+- AzureCloud
+- AzureChinaCloud
+- AzureUSGovernment
+- AzureGermanyCloud
+
+Example:
+
+ ```PowerShell
+ . .\Cleanup.ps1 -AzureEnvironmentName "AzureGermanyCloud"
+ . .\Configure.ps1 -AzureEnvironmentName "AzureGermanyCloud"
+ ```

1. Desktop app calls Web API/ReadmeFiles/topology.png

@@ -2,9 +2,14 @@
 param(    
     [PSCredential] $Credential,
     [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
-    [string] $tenantId
+    [string] $tenantId,
+    [Parameter(Mandatory=$False, HelpMessage='Azure environment to use while running the script (it defaults to AzureCloud)')]
+    [string] $azureEnvironmentName
 )
 
+#Requires -Modules AzureAD
+
+
 if ($null -eq (Get-Module -ListAvailable -Name "AzureAD")) { 
     Install-Module "AzureAD" -Scope CurrentUser 
 } 
@@ -13,10 +18,15 @@ $ErrorActionPreference = "Stop"
 
 Function Cleanup
 {
-<#
-.Description
-This function removes the Azure AD applications for the sample. These applications were created by the Configure.ps1 script
-#>
+    if (!$azureEnvironmentName)
+    {
+        $azureEnvironmentName = "AzureCloud"
+    }
+
+    <#
+    .Description
+    This function removes the Azure AD applications for the sample. These applications were created by the Configure.ps1 script
+    #>
 
     # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant 
     # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD. 
@@ -25,17 +35,17 @@ This function removes the Azure AD applications for the sample. These applicatio
     # you'll need to sign-in with creds enabling your to create apps in the tenant)
     if (!$Credential -and $TenantId)
     {
-        $creds = Connect-AzureAD -TenantId $tenantId
+        $creds = Connect-AzureAD -TenantId $tenantId -AzureEnvironmentName $azureEnvironmentName
     }
     else
     {
         if (!$TenantId)
         {
-            $creds = Connect-AzureAD -Credential $Credential
+            $creds = Connect-AzureAD -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
         }
         else
         {
-            $creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential
+            $creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
         }
     }
 
@@ -49,9 +59,9 @@ This function removes the Azure AD applications for the sample. These applicatio
     # Removes the applications
     Write-Host "Cleaning-up applications from tenant '$tenantName'"
 
-    Write-Host "Removing 'service' (TodoListService (active-directory-dotnet-native-aspnetcore-v2)) if needed"
-    Get-AzureADApplication -Filter "DisplayName eq 'TodoListService (active-directory-dotnet-native-aspnetcore-v2)'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
-    $apps = Get-AzureADApplication -Filter "DisplayName eq 'TodoListService (active-directory-dotnet-native-aspnetcore-v2)'"
+    Write-Host "Removing 'service' (TodoListService(ms-identity-dotnet-native-aspnetcore-v2)) if needed"
+    Get-AzureADApplication -Filter "DisplayName eq 'TodoListService(ms-identity-dotnet-native-aspnetcore-v2)'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
+    $apps = Get-AzureADApplication -Filter "DisplayName eq 'TodoListService(ms-identity-dotnet-native-aspnetcore-v2)'"
     if ($apps)
     {
         Remove-AzureADApplication -ObjectId $apps.ObjectId
@@ -60,14 +70,14 @@ This function removes the Azure AD applications for the sample. These applicatio
     foreach ($app in $apps) 
     {
         Remove-AzureADApplication -ObjectId $app.ObjectId
-        Write-Host "Removed TodoListService (active-directory-dotnet-native-aspnetcore-v2).."
+        Write-Host "Removed TodoListService(ms-identity-dotnet-native-aspnetcore-v2).."
     }
     # also remove service principals of this app
-    Get-AzureADServicePrincipal -filter "DisplayName eq 'TodoListService (active-directory-dotnet-native-aspnetcore-v2)'" | ForEach-Object {Remove-AzureADServicePrincipal -ObjectId $_.Id -Confirm:$false}
+    Get-AzureADServicePrincipal -filter "DisplayName eq 'TodoListService(ms-identity-dotnet-native-aspnetcore-v2)'" | ForEach-Object {Remove-AzureADServicePrincipal -ObjectId $_.Id -Confirm:$false}
 
-    Write-Host "Removing 'client' (TodoListClient (active-directory-dotnet-native-aspnetcore-v2)) if needed"
-    Get-AzureADApplication -Filter "DisplayName eq 'TodoListClient (active-directory-dotnet-native-aspnetcore-v2)'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
-    $apps = Get-AzureADApplication -Filter "DisplayName eq 'TodoListClient (active-directory-dotnet-native-aspnetcore-v2)'"
+    Write-Host "Removing 'client' (TodoListClient(ms-identity-dotnet-native-aspnetcore-v2)) if needed"
+    Get-AzureADApplication -Filter "DisplayName eq 'TodoListClient(ms-identity-dotnet-native-aspnetcore-v2)'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
+    $apps = Get-AzureADApplication -Filter "DisplayName eq 'TodoListClient(ms-identity-dotnet-native-aspnetcore-v2)'"
     if ($apps)
     {
         Remove-AzureADApplication -ObjectId $apps.ObjectId
@@ -76,10 +86,10 @@ This function removes the Azure AD applications for the sample. These applicatio
     foreach ($app in $apps) 
     {
         Remove-AzureADApplication -ObjectId $app.ObjectId
-        Write-Host "Removed TodoListClient (active-directory-dotnet-native-aspnetcore-v2).."
+        Write-Host "Removed TodoListClient(ms-identity-dotnet-native-aspnetcore-v2).."
     }
     # also remove service principals of this app
-    Get-AzureADServicePrincipal -filter "DisplayName eq 'TodoListClient (active-directory-dotnet-native-aspnetcore-v2)'" | ForEach-Object {Remove-AzureADServicePrincipal -ObjectId $_.Id -Confirm:$false}
+    Get-AzureADServicePrincipal -filter "DisplayName eq 'TodoListClient(ms-identity-dotnet-native-aspnetcore-v2)'" | ForEach-Object {Remove-AzureADServicePrincipal -ObjectId $_.Id -Confirm:$false}
 
 }
 

1. Desktop app calls Web API/TodoListService/TodoListService.csproj

@@ -2,9 +2,13 @@
 param(
     [PSCredential] $Credential,
     [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
-    [string] $tenantId
+    [string] $tenantId,
+    [Parameter(Mandatory=$False, HelpMessage='Azure environment to use while running the script (it defaults to AzureCloud)')]
+    [string] $azureEnvironmentName
 )
 
+#Requires -Modules AzureAD
+
 <#
  This script creates the Azure AD applications needed for this sample and updates the configuration files
  for the visual Studio projects from the data in the Azure AD applications.
@@ -201,6 +205,11 @@ Function ConfigureApplications
    so that they are consistent with the Applications parameters
 #> 
     $commonendpoint = "common"
+    
+    if (!$azureEnvironmentName)
+    {
+        $azureEnvironmentName = "AzureCloud"
+    }
 
     # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant
     # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD.
@@ -209,17 +218,17 @@ Function ConfigureApplications
     # you'll need to sign-in with creds enabling your to create apps in the tenant)
     if (!$Credential -and $TenantId)
     {
-        $creds = Connect-AzureAD -TenantId $tenantId
+        $creds = Connect-AzureAD -TenantId $tenantId -AzureEnvironmentName $azureEnvironmentName
     }
     else
     {
         if (!$TenantId)
         {
-            $creds = Connect-AzureAD -Credential $Credential
+            $creds = Connect-AzureAD -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
         }
         else
         {
-            $creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential
+            $creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
         }
     }
 
@@ -228,21 +237,23 @@ Function ConfigureApplications
         $tenantId = $creds.Tenant.Id
     }
 
+    
+
     $tenant = Get-AzureADTenantDetail
     $tenantName =  ($tenant.VerifiedDomains | Where { $_._Default -eq $True }).Name
 
     # Get the user running the script to add the user as the app owner
     $user = Get-AzureADUser -ObjectId $creds.Account.Id
 
    # Create the service AAD application
-   Write-Host "Creating the AAD application (TodoListService (active-directory-dotnet-native-aspnetcore-v2))"
+   Write-Host "Creating the AAD application (TodoListService(ms-identity-dotnet-native-aspnetcore-v2))"
    # Get a 2 years application key for the service Application
    $pw = ComputePassword
    $fromDate = [DateTime]::Now;
    $key = CreateAppKey -fromDate $fromDate -durationInYears 2 -pw $pw
    $serviceAppKey = $pw
    # create the application 
-   $serviceAadApplication = New-AzureADApplication -DisplayName "TodoListService (active-directory-dotnet-native-aspnetcore-v2)" `
+   $serviceAadApplication = New-AzureADApplication -DisplayName "TodoListService(ms-identity-dotnet-native-aspnetcore-v2)" `
                                                    -HomePage "https://localhost:44351/" `
                                                    -ReplyUrls "https://localhost:44351/" `
                                                    -AvailableToOtherTenants $True `
@@ -281,9 +292,9 @@ Function ConfigureApplications
         {
             # Add scope
             $scope = CreateScope -value "access_as_user"  `
-                -userConsentDisplayName "Access TodoListService (active-directory-dotnet-native-aspnetcore-v2)"  `
-                -userConsentDescription "Allow the application to access TodoListService (active-directory-dotnet-native-aspnetcore-v2) on your behalf."  `
-                -adminConsentDisplayName "Access TodoListService (active-directory-dotnet-native-aspnetcore-v2)"  `
+                -userConsentDisplayName "Access TodoListService(ms-identity-dotnet-native-aspnetcore-v2)"  `
+                -userConsentDescription "Allow the application to access TodoListService(ms-identity-dotnet-native-aspnetcore-v2) on your behalf."  `
+                -adminConsentDisplayName "Access TodoListService(ms-identity-dotnet-native-aspnetcore-v2)"  `
                 -adminConsentDescription "Allows the app to have the same access to information in the directory on behalf of the signed-in user."
 
             $scopes.Add($scope)
@@ -293,12 +304,12 @@ Function ConfigureApplications
     # add/update scopes
     Set-AzureADApplication -ObjectId $serviceAadApplication.ObjectId -OAuth2Permission $scopes
 
-   Write-Host "Done creating the service application (TodoListService (active-directory-dotnet-native-aspnetcore-v2))"
+   Write-Host "Done creating the service application (TodoListService(ms-identity-dotnet-native-aspnetcore-v2))"
 
    # URL of the AAD application in the Azure portal
    # Future? $servicePortalUrl = "https://portal.azure.com/#@"+$tenantName+"/blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/"+$serviceAadApplication.AppId+"/objectId/"+$serviceAadApplication.ObjectId+"/isMSAApp/"
    $servicePortalUrl = "https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/"+$serviceAadApplication.AppId+"/objectId/"+$serviceAadApplication.ObjectId+"/isMSAApp/"
-   Add-Content -Value "<tr><td>service</td><td>$currentAppId</td><td><a href='$servicePortalUrl'>TodoListService (active-directory-dotnet-native-aspnetcore-v2)</a></td></tr>" -Path createdApps.html
+   Add-Content -Value "<tr><td>service</td><td>$currentAppId</td><td><a href='$servicePortalUrl'>TodoListService(ms-identity-dotnet-native-aspnetcore-v2)</a></td></tr>" -Path createdApps.html
 
    $requiredResourcesAccess = New-Object System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.RequiredResourceAccess]
 
@@ -314,9 +325,9 @@ Function ConfigureApplications
    Write-Host "Granted permissions."
 
    # Create the client AAD application
-   Write-Host "Creating the AAD application (TodoListClient (active-directory-dotnet-native-aspnetcore-v2))"
+   Write-Host "Creating the AAD application (TodoListClient(ms-identity-dotnet-native-aspnetcore-v2))"
    # create the application 
-   $clientAadApplication = New-AzureADApplication -DisplayName "TodoListClient (active-directory-dotnet-native-aspnetcore-v2)" `
+   $clientAadApplication = New-AzureADApplication -DisplayName "TodoListClient(ms-identity-dotnet-native-aspnetcore-v2)" `
                                                   -ReplyUrls "https://login.microsoftonline.com/common/oauth2/nativeclient" `
                                                   -AvailableToOtherTenants $True `
                                                   -PublicClient $True
@@ -334,18 +345,18 @@ Function ConfigureApplications
    }
 
 
-   Write-Host "Done creating the client application (TodoListClient (active-directory-dotnet-native-aspnetcore-v2))"
+   Write-Host "Done creating the client application (TodoListClient(ms-identity-dotnet-native-aspnetcore-v2))"
 
    # URL of the AAD application in the Azure portal
    # Future? $clientPortalUrl = "https://portal.azure.com/#@"+$tenantName+"/blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/"+$clientAadApplication.AppId+"/objectId/"+$clientAadApplication.ObjectId+"/isMSAApp/"
    $clientPortalUrl = "https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/"+$clientAadApplication.AppId+"/objectId/"+$clientAadApplication.ObjectId+"/isMSAApp/"
-   Add-Content -Value "<tr><td>client</td><td>$currentAppId</td><td><a href='$clientPortalUrl'>TodoListClient (active-directory-dotnet-native-aspnetcore-v2)</a></td></tr>" -Path createdApps.html
+   Add-Content -Value "<tr><td>client</td><td>$currentAppId</td><td><a href='$clientPortalUrl'>TodoListClient(ms-identity-dotnet-native-aspnetcore-v2)</a></td></tr>" -Path createdApps.html
 
    $requiredResourcesAccess = New-Object System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.RequiredResourceAccess]
 
    # Add Required Resources Access (from 'client' to 'service')
    Write-Host "Getting access from 'client' to 'service'"
-   $requiredPermissions = GetRequiredPermissions -applicationDisplayName "TodoListService (active-directory-dotnet-native-aspnetcore-v2)" `
+   $requiredPermissions = GetRequiredPermissions -applicationDisplayName "TodoListService(ms-identity-dotnet-native-aspnetcore-v2)" `
                                                 -requiredDelegatedPermissions "access_as_user" `
 
    $requiredResourcesAccess.Add($requiredPermissions)
@@ -371,9 +382,9 @@ Function ConfigureApplications
    # Update config file for 'client'
    $configFile = $pwd.Path + "\..\TodoListClient\App.Config"
    Write-Host "Updating the sample code ($configFile)"
-   ReplaceSetting -configFilePath $configFile -key "ida:ClientId" -newValue $clientAadApplication.AppId
-   ReplaceSetting -configFilePath $configFile -key "todo:TodoListScope" -newValue ("api://"+$serviceAadApplication.AppId+"/.default")
-   ReplaceSetting -configFilePath $configFile -key "todo:TodoListBaseAddress" -newValue $serviceAadApplication.HomePage
+   ReplaceSetting -configFilePath $configFile -key "ida:ClientId" -newValue ($clientAadApplication.AppId)
+   ReplaceSetting -configFilePath $configFile -key "todo:TodoListScope" -newValue (("api://"+$serviceAadApplication.AppId+"/.default"))
+   ReplaceSetting -configFilePath $configFile -key "todo:TodoListBaseAddress" -newValue ($serviceAadApplication.HomePage)
    Write-Host ""
    Write-Host -ForegroundColor Green "------------------------------------------------------------------------------------------------" 
    Write-Host "IMPORTANT: Please follow the instructions below to complete a few manual step(s) in the Azure portal":
@@ -383,7 +394,7 @@ Function ConfigureApplications
    Write-Host "- For 'client'"
    Write-Host "  - Navigate to '$clientPortalUrl'"
    Write-Host "  - Navigate to the Manifest page and change 'signInAudience' to 'AzureADandPersonalMicrosoftAccount'." -ForegroundColor Red 
-   Write-Host "  - [Optional] If you are a tenant admin, you can navigate to the API Permisions page and select 'Grant admin consent for (your tenant)'" -ForegroundColor Red 
+   Write-Host "  - [Optional] If you are a tenant admin, you can navigate to the API Permissions page and select 'Grant admin consent for (your tenant)'" -ForegroundColor Red 
 
    Write-Host -ForegroundColor Green "------------------------------------------------------------------------------------------------"