minor review changes

Author: derisen

2-Authorization-I/1-call-graph/App/authPopup.js

@@ -4,10 +4,15 @@ const myMSALObj = new msal.PublicClientApplication(msalConfig);
 
 let username = '';
 
+/**
+ * This method adds an event callback function to the MSAL object
+ * to handle the response from redirect flow. For more information, visit:
+ * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/events.md
+ */
 myMSALObj.addEventCallback((event) => {
     if (
         (event.eventType === msal.EventType.LOGIN_SUCCESS ||
-            event.eventType === msal.EventType.ACQUIRE_TOKEN_SUCCESS) &&
+        event.eventType === msal.EventType.ACQUIRE_TOKEN_SUCCESS) &&
         event.payload.account
     ) {
         const account = event.payload.account;
@@ -117,7 +122,6 @@ function signOut() {
     const account = myMSALObj.getAccountByUsername(username);
     const logoutRequest = {
         account: account,
-        redirectUri: '/redirect',
         mainWindowRedirectUri: '/',
     };
     clearStorage(account);
@@ -133,7 +137,7 @@ function seeProfile() {
         graphConfig.graphMeEndpoint.uri,
         msal.InteractionType.Popup,
         myMSALObj
-    ); 
+    );
 }
 
 function readContacts() {

2-Authorization-I/1-call-graph/App/authRedirect.js

@@ -4,7 +4,11 @@ const myMSALObj = new msal.PublicClientApplication(msalConfig);
 
 let username = '';
 
-
+/**
+ * This method adds an event callback function to the MSAL object
+ * to handle the response from redirect flow. For more information, visit:
+ * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/events.md
+ */
 myMSALObj.addEventCallback((event) => {
     if (
         (event.eventType === msal.EventType.LOGIN_SUCCESS ||
@@ -48,7 +52,7 @@ function selectAccount() {
         // Add your account choosing logic here
         username = myMSALObj.getActiveAccount().username;
         showWelcomeMessage(username, currentAccounts);
-    } 
+    }
 }
 
 async function addAnotherAccount(event) {
@@ -111,7 +115,7 @@ function signIn() {
 }
 
 function signOut() {
-    
+
     /**
      * You can pass a custom request object below. This will override the initial configuration. For more information, visit:
      * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/request-response-object.md#request
@@ -135,7 +139,7 @@ function seeProfile() {
         graphConfig.graphMeEndpoint.uri,
         msal.InteractionType.Redirect,
         myMSALObj
-    ); 
+    );
 }
 
 function readContacts() {

2-Authorization-I/1-call-graph/App/fetch.js

@@ -3,57 +3,6 @@
  * Licensed under the MIT License.
  */
 
-/**
- * This method inspects the HTTPS response from a fetch call for the "www-authenticate header"
- * If present, it grabs the claims challenge from the header and store it in the localStorage
- * For more information, visit: https://docs.microsoft.com/en-us/azure/active-directory/develop/claims-challenge#claims-challenge-header-format
- * @param {object} response
- * @returns response
- */
-const handleClaimsChallenge = async (account, response, apiEndpoint) => {
-    if (response.status === 200) {
-        return response.json();
-    } else if (response.status === 401) {
-        if (response.headers.get('www-authenticate')) {
-            const authenticateHeader = response.headers.get('www-authenticate');
-            const claimsChallenge = parseChallenges(authenticateHeader);
-            /**
-             * This method stores the claim challenge to the session storage in the browser to be used when acquiring a token.
-             * To ensure that we are fetching the correct claim from the storage, we are using the clientId
-             * of the application and oid (user’s object id) as the key identifier of the claim with schema
-             * cc.<clientId>.<oid>.<resource.hostname>
-             */
-            addClaimsToStorage(
-                claimsChallenge.claims,
-                `cc.${msalConfig.auth.clientId}.${account.idTokenClaims.oid}.${new URL(apiEndpoint).hostname}`
-            );
-            return { error: 'claims_challenge_occurred', payload: claimsChallenge.claims };
-        }
-
-        throw new Error(`Unauthorized: ${response.status}`);
-    } else {
-        throw new Error(`Something went wrong with the request: ${response.status}`);
-    }
-};
-
-/**
- * This method parses WWW-Authenticate authentication headers
- * @param header
- * @return {Object} challengeMap
- */
-const parseChallenges = (header) => {
-    const schemeSeparator = header.indexOf(' ');
-    const challenges = header.substring(schemeSeparator + 1).split(',');
-    const challengeMap = {};
-
-    challenges.forEach((challenge) => {
-        const [key, value] = challenge.split('=');
-        challengeMap[key.trim()] = window.decodeURI(value.replace(/['"]+/g, ''));
-    });
-
-    return challengeMap;
-};
-
 /**
  * This method calls the Graph API by utilizing the graph client instance.
  * @param {String} username 
@@ -74,6 +23,7 @@ const callGraph = async (username, scopes, uri, interactionType, myMSALObj) => {
             .api(uri)
             .responseType('raw')
             .get();
+
         response = await handleClaimsChallenge(account, response, uri);
         if (response && response.error === 'claims_challenge_occurred') throw response.error;
         updateUI(response, uri);
@@ -82,12 +32,12 @@ const callGraph = async (username, scopes, uri, interactionType, myMSALObj) => {
             const resource = new URL(uri).hostname;
             const claims =
                 account &&
-                getClaimsFromStorage(`cc.${msalConfig.auth.clientId}.${account.idTokenClaims.oid}.${resource}`)
+                    getClaimsFromStorage(`cc.${msalConfig.auth.clientId}.${account.idTokenClaims.oid}.${resource}`)
                     ? window.atob(
-                          getClaimsFromStorage(
-                              `cc.${msalConfig.auth.clientId}.${account.idTokenClaims.oid}.${resource}`
-                          )
-                      )
+                        getClaimsFromStorage(
+                            `cc.${msalConfig.auth.clientId}.${account.idTokenClaims.oid}.${resource}`
+                        )
+                    )
                     : undefined; // e.g {"access_token":{"xms_cc":{"values":["cp1"]}}}
             let request = {
                 account: account,
@@ -96,7 +46,7 @@ const callGraph = async (username, scopes, uri, interactionType, myMSALObj) => {
             };
             switch (interactionType) {
                 case msal.InteractionType.Popup:
-                    
+
                     await myMSALObj.acquireTokenPopup({
                         ...request,
                         redirectUri: '/redirect',
@@ -117,10 +67,53 @@ const callGraph = async (username, scopes, uri, interactionType, myMSALObj) => {
     }
 }
 
-// exporting config object for jest
-if (typeof exports !== 'undefined') {
-    module.exports = {
-        handleClaimsChallenge: handleClaimsChallenge,
-        callGraph: callGraph,
-    };
-}
+/**
+ * This method inspects the HTTPS response from a fetch call for the "www-authenticate header"
+ * If present, it grabs the claims challenge from the header and store it in the localStorage
+ * For more information, visit: https://docs.microsoft.com/en-us/azure/active-directory/develop/claims-challenge#claims-challenge-header-format
+ * @param {object} response
+ * @returns response
+ */
+const handleClaimsChallenge = async (account, response, apiEndpoint) => {
+    if (response.status === 200) {
+        return response.json();
+    } else if (response.status === 401) {
+        if (response.headers.get('WWW-Authenticate')) {
+            const authenticateHeader = response.headers.get('WWW-Authenticate');
+            const claimsChallenge = parseChallenges(authenticateHeader);
+            /**
+             * This method stores the claim challenge to the session storage in the browser to be used when acquiring a token.
+             * To ensure that we are fetching the correct claim from the storage, we are using the clientId
+             * of the application and oid (user’s object id) as the key identifier of the claim with schema
+             * cc.<clientId>.<oid>.<resource.hostname>
+             */
+            addClaimsToStorage(
+                claimsChallenge.claims,
+                `cc.${msalConfig.auth.clientId}.${account.idTokenClaims.oid}.${new URL(apiEndpoint).hostname}`
+            );
+            return { error: 'claims_challenge_occurred', payload: claimsChallenge.claims };
+        }
+
+        throw new Error(`Unauthorized: ${response.status}`);
+    } else {
+        throw new Error(`Something went wrong with the request: ${response.status}`);
+    }
+};
+
+/**
+ * This method parses WWW-Authenticate authentication headers
+ * @param header
+ * @return {Object} challengeMap
+ */
+const parseChallenges = (header) => {
+    const schemeSeparator = header.indexOf(' ');
+    const challenges = header.substring(schemeSeparator + 1).split(', ');
+    const challengeMap = {};
+
+    challenges.forEach((challenge) => {
+        const [key, value] = challenge.split('=');
+        challengeMap[key.trim()] = window.decodeURI(value.replace(/(^"|"$)/g, ''));
+    });
+
+    return challengeMap;
+}

2-Authorization-I/1-call-graph/App/index.html

@@ -35,7 +35,7 @@
     <body>
         <nav class="navbar navbar-expand-lg navbar-dark bg-primary navbarStyle">
             <a class="navbar-brand" href="/">Microsoft identity platform</a>
-            <div class="collapse navbar-collapse justify-content-end">
+            <div class="navbar navbar-collapse justify-content-end">
                 <button type="button" id="SignIn" class="btn btn-secondary" onclick="signIn()">Sign In</button>
                 <div class="dropdown">
                     <button
@@ -66,7 +66,7 @@ <h5 class="card-header text-center">Vanilla JavaScript SPA calling MS Graph API
                 <div class="card text-center">
                     <div class="card-body">
                         <h5 class="card-title" id="WelcomeMessage">
-                            Please sign-in to see your profile and read your mails
+                            Please sign-in to see your profile and contacts
                         </h5>
                         <div id="profile-div"></div>
                         <br />
@@ -100,7 +100,7 @@ <h5 class="modal-title" id="exampleModalLabel">Set active account</h5>
                     </div>
                     <div class="modal-body">
                       <ul class="list-group" id="list-group">
-                            <li class="list-group-item" onclick="addAnotherAccount(event)">Add Another account</li>
+                            <li class="list-group-item" onclick="addAnotherAccount(event)">Add another account</li>
                       </ul>
                     </div>
                     <div class="modal-footer">

2-Authorization-I/1-call-graph/App/redirect.html

@@ -3,5 +3,4 @@
     we recommend setting the redirectUri to a blank page or a page that does not implement MSAL.
     For more information, please follow this link: 
     https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/login-user.md#redirecturi-considerations 
--->
-<h1>MSAL Redirect</h1>
+-->

2-Authorization-I/1-call-graph/App/signout.html

@@ -14,21 +14,21 @@ function showWelcomeMessage(username, accounts) {
     signInButton.style.visibility = 'hidden';
     welcomeDiv.innerHTML = `Welcome ${username}`;
     dropdownButton.setAttribute('style', 'display:inline !important; visibility:visible');
-    dropdownButton.innerHTML = username; 
+    dropdownButton.innerHTML = username;
     accounts.forEach(account => {
         let item = document.getElementById(account.username);
-        if(!item) {
+        if (!item) {
             const listItem = document.createElement('li');
             listItem.setAttribute('onclick', 'addAnotherAccount(event)');
             listItem.setAttribute('id', account.username);
             listItem.innerHTML = account.username;
             if (account.username === username) {
                 listItem.setAttribute('class', 'list-group-item active');
-            }else {
+            } else {
                 listItem.setAttribute('class', 'list-group-item');
             }
             listGroup.appendChild(listItem);
-        }else {
+        } else {
             if (account.username === username) {
                 item.setAttribute('class', 'list-group-item active');
             } else {

2-Authorization-I/1-call-graph/App/ui.js

@@ -1,11 +1,16 @@
 /**
- *  This method stores the claim challenge to the localStorage in the browser to be used when acquiring a token
+ * This method stores the claim challenge to the localStorage in the browser to be used when acquiring a token
  * @param {String} claimsChallenge
  */
 const addClaimsToStorage = (claimsChallenge, claimsChallengeId) => {
     sessionStorage.setItem(claimsChallengeId, claimsChallenge);
 };
 
+/**
+ * This method retrieves the claims challenge from the localStorage
+ * @param {string} claimsChallengeId 
+ * @returns 
+ */
 const getClaimsFromStorage = (claimsChallengeId) => {
     return sessionStorage.getItem(claimsChallengeId);
 };
@@ -20,13 +25,3 @@ const clearStorage = (account) => {
             sessionStorage.removeItem(key);
     }
 };
-
-
-// exporting config object for jest
-if (typeof exports !== 'undefined') {
-    module.exports = {
-        addClaimsToStorage: addClaimsToStorage,
-        getClaimsFromStorage: getClaimsFromStorage,
-        clearStorage: clearStorage,
-    };
-}

2-Authorization-I/1-call-graph/App/utils/storageUtils.js

@@ -152,8 +152,7 @@ To manually register the apps, as a first step you'll need to:
     1. Select the **Add a permission** button and then:
     1. Ensure that the **Microsoft APIs** tab is selected.
     1. In the *Commonly used Microsoft APIs* section, select **Microsoft Graph**
-      * Since this app signs-in users, we will now proceed to select **delegated permissions**, which is requested by apps that signs-in users.
-      * In the **Delegated permissions** section, select **User.Read**, **Contacts.Read** in the list. Use the search box if necessary.
+    1. In the **Delegated permissions** section, select **User.Read**, **Contacts.Read** in the list. Use the search box if necessary.
     1. Select the **Add permissions** button at the bottom.
 
 ##### Configure Optional Claims