Merge branch 'master' into bogavril/fixcleanup

Author: jmprieur

1. Desktop app calls Web API/README.md

@@ -164,7 +164,7 @@ If you want to register your apps manually, as a first step you'll need to:
    - Select **Register** to create the application.
 1. On the app **Overview** page, find the **Application (client) ID** value and record it for later. You'll need it to configure the Visual Studio configuration file for this project (`ida:ClientId` in `TodoListClient\App.Config`).
 1. From the app's Overview page, select the **Authentication** section.
-   1. In the **Redirect URIs** list, select for **TYPE** Public client (mobile & desktop). Then paste this value **urn:ietf:wg:oauth:2.0:oob** in the **REDIRECT URI** column. 
+   1. In the **Redirect URIs** list, under **Suggested Redirect URIs for public clients (mobile, desktop)** check the box next to **https://login.microsoftonline.com/common/oauth2/nativeclient**.
    1. Select **Save**.
 1. Select the **API permissions** section
    - Click the **Add a permission** button and then,

1. Desktop app calls Web API/TodoListClient/MainWindow.xaml.cs

@@ -75,6 +75,7 @@ public MainWindow()
             InitializeComponent();
             _app = PublicClientApplicationBuilder.Create(ClientId)
                 .WithAuthority(Authority)
+                .WithDefaultRedirectUri()
                 .Build();
 
             TokenCacheHelper.EnableSerialization(_app.UserTokenCache);

1. Desktop app calls Web API/TodoListClient/TodoListClient.csproj

@@ -36,12 +36,6 @@
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="Microsoft.Identity.Client, Version=4.0.0.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.Identity.Client.4.0.0\lib\net45\Microsoft.Identity.Client.dll</HintPath>
-    </Reference>
-    <Reference Include="Newtonsoft.Json, Version=11.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
-      <HintPath>..\packages\Newtonsoft.Json.11.0.2\lib\net45\Newtonsoft.Json.dll</HintPath>
-    </Reference>
     <Reference Include="System" />
     <Reference Include="System.Configuration" />
     <Reference Include="System.Data" />
@@ -102,9 +96,6 @@
       <Generator>ResXFileCodeGenerator</Generator>
       <LastGenOutput>Resources.Designer.cs</LastGenOutput>
     </EmbeddedResource>
-    <None Include="packages.config">
-      <SubType>Designer</SubType>
-    </None>
     <None Include="Properties\Settings.settings">
       <Generator>SettingsSingleFileGenerator</Generator>
       <LastGenOutput>Settings.Designer.cs</LastGenOutput>
@@ -116,6 +107,14 @@
       <SubType>Designer</SubType>
     </None>
   </ItemGroup>
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Identity.Client">
+      <Version>4.1.0</Version>
+    </PackageReference>
+    <PackageReference Include="Newtonsoft.Json">
+      <Version>11.0.2</Version>
+    </PackageReference>
+  </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.

1. Desktop app calls Web API/TodoListClient/packages.config

@@ -186,7 +186,7 @@ If you want to register your apps manually, as a first step you'll need to:
    - Select **Register** to create the application.
 1. On the app **Overview** page, find the **Application (client) ID** value and record it for later. You'll need it to configure the Visual Studio configuration file for this project (`ida:ClientId` in `TodoListClient\App.Config`).
 1. From the app's Overview page, select the **Authentication** section.
-   1. In the **Redirect URIs** list, select for **TYPE** Public client (mobile & desktop). Then paste this value **urn:ietf:wg:oauth:2.0:oob** in the **REDIRECT URI** column. 
+   1. In the **Redirect URIs** list, under **Suggested Redirect URIs for public clients (mobile, desktop)** check the box next to **https://login.microsoftonline.com/common/oauth2/nativeclient**.
    1. Select **Save**.
 1. Select the **API permissions** section
    - Click the **Add a permission** button and then,

2. Web API now calls Microsoft Graph/README.md

@@ -79,6 +79,7 @@ public MainWindow()
             InitializeComponent();
             _app = PublicClientApplicationBuilder.Create(ClientId)
                 .WithAuthority(Authority)
+                .WithDefaultRedirectUri()
                 .Build();
 
             TokenCacheHelper.EnableSerialization(_app.UserTokenCache);
@@ -221,7 +222,8 @@ await _app.AcquireTokenInteractive(scopes)
             else if (proposedAction == "consent")
             {
                 IPublicClientApplication pca = PublicClientApplicationBuilder.Create(clientId)
-                    .Build();
+                .WithDefaultRedirectUri()
+                .Build();
                 await pca.AcquireTokenInteractive(scopes)
                     .WithPrompt(Prompt.Consent)
                     .WithLoginHint(loginHint)

2. Web API now calls Microsoft Graph/TodoListClient/MainWindow.xaml.cs

@@ -36,12 +36,6 @@
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="Microsoft.Identity.Client, Version=4.0.0.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.Identity.Client.4.0.0\lib\net45\Microsoft.Identity.Client.dll</HintPath>
-    </Reference>
-    <Reference Include="Newtonsoft.Json, Version=11.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
-      <HintPath>..\packages\Newtonsoft.Json.11.0.2\lib\net45\Newtonsoft.Json.dll</HintPath>
-    </Reference>
     <Reference Include="System" />
     <Reference Include="System.Configuration" />
     <Reference Include="System.Data" />
@@ -102,9 +96,6 @@
       <Generator>ResXFileCodeGenerator</Generator>
       <LastGenOutput>Resources.Designer.cs</LastGenOutput>
     </EmbeddedResource>
-    <None Include="packages.config">
-      <SubType>Designer</SubType>
-    </None>
     <None Include="Properties\Settings.settings">
       <Generator>SettingsSingleFileGenerator</Generator>
       <LastGenOutput>Settings.Designer.cs</LastGenOutput>
@@ -116,6 +107,14 @@
       <SubType>Designer</SubType>
     </None>
   </ItemGroup>
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Identity.Client">
+      <Version>4.1.0</Version>
+    </PackageReference>
+    <PackageReference Include="Newtonsoft.Json">
+      <Version>11.0.2</Version>
+    </PackageReference>
+  </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.

2. Web API now calls Microsoft Graph/TodoListClient/TodoListClient.csproj

@@ -172,7 +172,7 @@ What **differs from the previous chapter** is that you will use the same applica
 
 1. On the app **Overview** page, find the **Application (client) ID** value and record it for later. You'll need it to configure the Visual Studio configuration file for this project (`ida:ClientId` in `TodoListClient\App.Config`).
 1. From the app's Overview page, select the **Authentication** section.
-   - In the **Redirect URLs** | Add the following redirect URI: **urn:ietf:wg:oauth:2.0:oob**
+   - In the **Redirect URIs** list, under **Suggested Redirect URIs for public clients (mobile, desktop)** check the box next to **https://login.microsoftonline.com/common/oauth2/nativeclient**.
    - Select **Save**.
 
 ### Step 3:  Configure the sample to use your Azure AD tenant

2. Web API now calls Microsoft Graph/TodoListClient/packages.config

@@ -79,6 +79,7 @@ public MainWindow()
             InitializeComponent();
             _app = PublicClientApplicationBuilder.Create(ClientId)
                 .WithAuthority(Authority)
+                .WithDefaultRedirectUri()
                 .Build();
 
             TokenCacheHelper.EnableSerialization(_app.UserTokenCache);
@@ -221,6 +222,7 @@ await _app.AcquireTokenInteractive(scopes)
             else if (proposedAction == "consent")
             {
                 IPublicClientApplication pca = PublicClientApplicationBuilder.Create(clientId)
+                    .WithDefaultRedirectUri()
                     .Build();
                 await pca.AcquireTokenInteractive(scopes)
                     .WithPrompt(Prompt.Consent)

3.-Web-api-call-Microsoft-graph-for-personal-accounts/README.md

@@ -36,12 +36,6 @@
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="Microsoft.Identity.Client, Version=4.0.0.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.Identity.Client.4.0.0\lib\net45\Microsoft.Identity.Client.dll</HintPath>
-    </Reference>
-    <Reference Include="Newtonsoft.Json, Version=11.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
-      <HintPath>..\packages\Newtonsoft.Json.11.0.2\lib\net45\Newtonsoft.Json.dll</HintPath>
-    </Reference>
     <Reference Include="System" />
     <Reference Include="System.Configuration" />
     <Reference Include="System.Data" />
@@ -102,9 +96,6 @@
       <Generator>ResXFileCodeGenerator</Generator>
       <LastGenOutput>Resources.Designer.cs</LastGenOutput>
     </EmbeddedResource>
-    <None Include="packages.config">
-      <SubType>Designer</SubType>
-    </None>
     <None Include="Properties\Settings.settings">
       <Generator>SettingsSingleFileGenerator</Generator>
       <LastGenOutput>Settings.Designer.cs</LastGenOutput>
@@ -116,6 +107,14 @@
       <SubType>Designer</SubType>
     </None>
   </ItemGroup>
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Identity.Client">
+      <Version>4.1.0</Version>
+    </PackageReference>
+    <PackageReference Include="Newtonsoft.Json">
+      <Version>11.0.2</Version>
+    </PackageReference>
+  </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.

3.-Web-api-call-Microsoft-graph-for-personal-accounts/TodoListClient/MainWindow.xaml.cs

@@ -12,6 +12,7 @@ public class AadIssuerValidatorTests
     {
         private const string Tid = "9188040d-6c67-4c5b-b112-36a304b66dad";
         private static readonly string Iss = $"https://login.microsoftonline.com/{Tid}/v2.0";
+        private static readonly string Iss2 = $"https://sts.windows.net/{Tid}/v2.0";
         private static readonly IEnumerable<string> s_aliases = new[] { "login.microsoftonline.com", "sts.windows.net" };
 
         [Fact]
@@ -44,6 +45,20 @@ public void PassingValidation()
         }
 
 
+        [Fact]
+        public void PassingValidationWithAlias()
+        {
+            // Arrange
+            AadIssuerValidator validator = new AadIssuerValidator(s_aliases);
+            Claim issClaim = new Claim("tid", Tid);
+            Claim tidClaim = new Claim("iss", Iss2);  // sts.windows.net
+            JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(issuer: Iss2, claims: new[] { issClaim, tidClaim });
+
+            // Act & Assert
+            validator.Validate(Iss2, jwtSecurityToken,
+                new TokenValidationParameters() { ValidIssuers = new[] { "https://login.microsoftonline.com/{tenantid}/v2.0" } });
+        }
+
         [Fact]
         public void TokenValidationParameters_ValidIssuer()
         {

3.-Web-api-call-Microsoft-graph-for-personal-accounts/TodoListClient/TodoListClient.csproj

@@ -35,5 +35,7 @@ public static class ClaimConstants
         public const string PreferredUserName = "preferred_username";
         public const string TenantId = "http://schemas.microsoft.com/identity/claims/tenantid";
         public const string Tid = "tid";
+        public const string Scope = "http://schemas.microsoft.com/identity/claims/scope";
+        public const string Roles = "roles";
     }
 }

3.-Web-api-call-Microsoft-graph-for-personal-accounts/TodoListClient/packages.config

@@ -87,7 +87,7 @@ public static string GetLoginHint(this ClaimsPrincipal claimsPrincipal)
         /// <summary>
         /// Gets the domain-hint associated with an identity
         /// </summary>
-        /// <param name="claimsPrincipal">Identity for which to compte the domain-hint</param>
+        /// <param name="claimsPrincipal">Identity for which to compute the domain-hint</param>
         /// <returns>domain-hint for the identity, or <c>null</c> if it cannot be found</returns>
         public static string GetDomainHint(this ClaimsPrincipal claimsPrincipal)
         {

Microsoft.Identity.Web.Test/AadIssuerValidatorTests.cs

@@ -19,7 +19,7 @@ public interface ITokenAcquisition
         /// From the configuration of the Authentication of the ASP.NET Core Web API: 
         /// <code>OpenIdConnectOptions options;</code>
         /// 
-        /// Subscribe to the authorization code recieved event:
+        /// Subscribe to the authorization code received event:
         /// <code>
         ///  options.Events = new OpenIdConnectEvents();
         ///  options.Events.OnAuthorizationCodeReceived = OnAuthorizationCodeReceived;

Microsoft.Identity.Web/ClaimConstants.cs

@@ -1,19 +1,19 @@
-using System.Collections.Generic;
-using System.Linq;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
 using Microsoft.Identity.Client;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using System.Collections.Generic;
+using System.Linq;
 
 namespace Microsoft.Identity.Web.Client
 {
     /// <summary>
     /// Filter used on a controller action to trigger an incremental consent.
     /// </summary>
     /// <example>
-    /// The following controller action will trigger 
+    /// The following controller action will trigger
     /// <code>
     /// [MsalUiRequiredExceptionFilter(Scopes = new[] {"Mail.Send"})]
     /// public async Task<IActionResult> SendEmail()
@@ -24,7 +24,7 @@ namespace Microsoft.Identity.Web.Client
     public class MsalUiRequiredExceptionFilterAttribute : ExceptionFilterAttribute
     {
         public string[] Scopes { get; set; }
-        
+
         public override void OnException(ExceptionContext context)
         {
             MsalUiRequiredException msalUiRequiredException = context.Exception as MsalUiRequiredException;
@@ -33,7 +33,7 @@ public override void OnException(ExceptionContext context)
                 msalUiRequiredException = context.Exception?.InnerException as MsalUiRequiredException;
             }
 
-            if (msalUiRequiredException!=null)
+            if (msalUiRequiredException != null)
             {
                 if (CanBeSolvedByReSignInUser(msalUiRequiredException))
                 {
@@ -42,10 +42,10 @@ public override void OnException(ExceptionContext context)
                     context.Result = new ChallengeResult(properties);
                 }
             }
-            
+
             base.OnException(context);
         }
-        
+
         private bool CanBeSolvedByReSignInUser(MsalUiRequiredException ex)
         {
             // ex.ErrorCode != MsalUiRequiredException.UserNullError indicates a cache problem.
@@ -61,7 +61,7 @@ private bool CanBeSolvedByReSignInUser(MsalUiRequiredException ex)
         /// Build Authentication properties needed for an incremental consent.
         /// </summary>
         /// <param name="scopes">Scopes to request</param>
-        /// <param name="ex">ui is present</param>
+        /// <param name="ex">MsalUiRequiredException instance</param>
         /// <param name="context">current http context in the pipeline</param>
         /// <returns>AuthenticationProperties</returns>
         private AuthenticationProperties BuildAuthenticationPropertiesForIncrementalConsent(
@@ -94,4 +94,4 @@ private AuthenticationProperties BuildAuthenticationPropertiesForIncrementalCons
             return properties;
         }
     }
-}
+}