change method signature and update scopes

salman90 · salman90 · commit ef158f74b8b9 · 2023-05-15T10:46:52.000-07:00
diff --git a/6-AdvancedScenarios/3-call-api-acrs/API/auth/AuthProvider.js b/6-AdvancedScenarios/3-call-api-acrs/API/auth/AuthProvider.js
@@ -16,7 +16,7 @@ class AuthProvider {
         return new msal.ConfidentialClientApplication(msalConfig);
     }
 
-    async login(req, res, next) {
+    login = async (req, res, next) =>  {
         // create a GUID for csrf
         req.session.csrfToken = this.cryptoProvider.createNewGuid();
 
@@ -129,7 +129,7 @@ class AuthProvider {
         }
     }
 
-    async handleRedirect(req, res, next) {
+    handleRedirect = async (req, res, next) => {
         const authCodeRequest = {
             ...req.session.authCodeRequest,
             code: req.body.code, // authZ code
@@ -218,7 +218,7 @@ class AuthProvider {
      * @param res: Express response object
      * @param next: Express next function
      */
-    async logout(req, res, next) {
+    logout = async (req, res, next) => {
         /**
          * Construct a logout URI and redirect the user to end the
          * session with Azure AD. For more information, visit:
diff --git a/6-AdvancedScenarios/3-call-api-acrs/API/auth/claimsHelper.js b/6-AdvancedScenarios/3-call-api-acrs/API/auth/claimsHelper.js
diff --git a/6-AdvancedScenarios/3-call-api-acrs/API/auth/routeGuard.js b/6-AdvancedScenarios/3-call-api-acrs/API/auth/routeGuard.js
@@ -1,4 +1,4 @@
-const checkForRequiredAuthContext = require('./claimsManager');
+const checkForRequiredAuthContext = require('./claimsHelper');
 const AuthContext = require('../models/authContext');
 
 const authContextGuard = async (req, res, next) => {
diff --git a/6-AdvancedScenarios/3-call-api-acrs/API/authConfig.js b/6-AdvancedScenarios/3-call-api-acrs/API/authConfig.js
@@ -34,7 +34,7 @@ const msalConfig = {
 const protectedResources = {
     msGraphAcrs: {
         endpoint: 'https://graph.microsoft.com/beta/identity/conditionalAccess/policies',
-        scopes: ['Policy.ReadWrite.ConditionalAccess', 'Policy.Read.ConditionalAccess'],
+        scopes: ['Policy.Read.ConditionalAccess'],
     },
 };
 
diff --git a/6-AdvancedScenarios/3-call-api-acrs/API/routes/adminRoutes.js b/6-AdvancedScenarios/3-call-api-acrs/API/routes/adminRoutes.js
@@ -18,9 +18,9 @@ router.get('/', (req, res, next) => res.redirect('/admin/home'));
 router.get('/home', dashboardController.getHomePage);
 
 // authentication routes
-router.get('/signin', (req, res, next) =>  authProvider.login(req, res, next));
-router.get('/signout', (req, res, next) => authProvider.logout(req, res, next));
-router.post('/redirect', (req, res, next) => authProvider.handleRedirect(req, res, next));
+router.get('/signin', authProvider.login);
+router.get('/signout', authProvider.logout);
+router.post('/redirect', authProvider.handleRedirect);
 
 // check if user is authenticated, then obtain an access token for the specified resource
 router.get(
diff --git a/6-AdvancedScenarios/3-call-api-acrs/README.md b/6-AdvancedScenarios/3-call-api-acrs/README.md
@@ -38,7 +38,7 @@ The web API is protected using [passport-azure-ad](https://github.com/AzureAD/pa
 | `SPA/src/fetch.js`                  | Claims challenge for the client is handled here.                                      |
 | `API/authConfig.js`                 | Authentication parameters for the web API project.                                    |
 | `API/auth/routeGuard.js`            | Custom middleware protecting app routes                                               |
-| `API/auth/claimsManager.js`         | Custom middleware handling checking for auth context and generating claims challenge. |
+| `API/auth/claimsHelper.js`          | Custom middleware handling checking for auth context and generating claims challenge. |
 | `API/app.js`                        | passport-azure-ad is initialized here.                                                |
 
 ## Prerequisites
@@ -354,7 +354,7 @@ const authContextGuard = (req, res, next) => {
 }
 ```
 
-In [claimsManager.js](./API/auth/claimsManager.js):
+In [claimsHelper.js](./API/auth/claimsHelper.js):
 
 ```javascript
 const checkForRequiredAuthContext = (req, res, next, authContextId) => {
@@ -386,7 +386,7 @@ const isClientCapableOfClaimsChallenge = (accessTokenClaims) => {
 
 ### Generating claims challenge
 
-If there is an auth context entry in the database and the incoming request does not contain an access token with the necessary claims, the web API needs to create a **claims challenge** and send it to client application to allow the user to satisfy the challenge (for instance, perform multi-factor authentication). This is shown in [claimsManager.js](./API/auth/claimsManager.js):
+If there is an auth context entry in the database and the incoming request does not contain an access token with the necessary claims, the web API needs to create a **claims challenge** and send it to client application to allow the user to satisfy the challenge (for instance, perform multi-factor authentication). This is shown in [claimsHelper.js](./API/auth/claimsHelper.js):
 
 ```javascript
 const generateClaimsChallenge = (authContextId) => {

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-const checkForRequiredAuthContext = require('./claimsManager');`
	`1`	`+const checkForRequiredAuthContext = require('./claimsHelper');`
`2`	`2`	`const AuthContext = require('../models/authContext');`
`3`	`3`
`4`	`4`	`const authContextGuard = async (req, res, next) => {`