Skip to content

Commit

Permalink
Update documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
localden committed Jul 5, 2023
1 parent 768865b commit 5b246d5
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 7 deletions.
9 changes: 3 additions & 6 deletions msal-java-articles/advanced/best-practices-enterprise.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,7 @@ description: "To build robust, enterprise-ready applications, you will need to f

# Best practices for enterprises

You've seen that with MSAL4J you can quite simply acquire a token for a protected Web API. You also don't have to handle refreshing tokens yourself.
To build robust, enterprise-ready applications, you will need to ensure that you implement a few additional guardrails. We recommend developers to:

However, to build robust, enterprise ready applications, you will need to do a bit more. For instance you'll want to:

- Handle exceptions, both when you acquire a token, but also when you call the protected Web API. In particular, if your application runs in an Azure AD tenant where the tenant admins have set Conditional Access policies to enforce Multiple Factor Authentication (MFA), you will need to handle a Claim challenge which is described in [Exceptions](https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki/Exceptions).

- You might want to enable [Logging](/azure/active-directory/develop/msal-logging?tabs=java) to troubleshoot your application and help your users, while respecting their privacy and being compliant with GDPR.
- Handle exceptions, both when acquiring a token, but also when calling a protected web API. In particular, if an application runs in an Azure AD tenant where the tenant admins have set [Conditional Access](/azure/active-directory/conditional-access/overview) policies to enforce Multiple Factor Authentication (MFA), you will need to handle a claim challenge which is described in [Exceptions](./exceptions.md).
- Enable [Logging](/azure/active-directory/develop/msal-logging?tabs=java) to troubleshoot applications, while respecting user privacy and remain compliant with privacy regulations, such as GDPR.
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ description: "The Authorization Code flow is suitable when the application requi

The Authorization Code flow is suitable when the application requires the user's interaction with the Azure AD STS during authentication. One such case is when users login to Web applications (web sites) using Open Id connect. The web application receives an authorization code which it can redeem to acquire a token for Web APIs.

Requests for authorization codes are delegated to the developer. To understand how to request an authorization code, see [Authorization code flow](/azure/active-directory/develop/active-directory-protocols-oauth-code). To construct the authorization code URL where the user will input their credentials, you can use the [authorization code URL builder](https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki/Authorization-Code-URL-Builder)
Requests for authorization codes are delegated to the developer. To understand how to request an authorization code, see [Authorization code flow](/azure/active-directory/develop/active-directory-protocols-oauth-code). To construct the authorization code URL where the user will input their credentials, you can use the [authorization code URL builder](../advanced/authorization-code-url-builder.md)

## Code snippet

Expand Down

0 comments on commit 5b246d5

Please sign in to comment.