Merge pull request #82 from Azure-Samples/dev

Add cert usage information, update READMEs

Author: derisen

1-Authentication/1-sign-in/App/authConfig.js

@@ -1,8 +1,16 @@
+/**
+ * For enhanced security, consider using client certificates instead of secrets.
+ * See README-use-certificate.md for more.
+ */
 const authConfig = {
     auth: {
         authority: "https://login.microsoftonline.com/Enter_the_Tenant_Info_Here",
         clientId: "Enter_the_Application_Id_Here",
         clientSecret: "Enter_the_Client_Secret_Here",
+        // clientCertificate: {
+        //     thumbprint: "YOUR_CERT_THUMBPRINT",
+        //     privateKey: fs.readFileSync('PATH_TO_YOUR_PRIVATE_KEY_FILE'),
+        // }
         redirectUri: "/redirect",
     },
     system: {

1-Authentication/1-sign-in/AppCreationScripts/Cleanup-WithCertificates.ps1

@@ -0,0 +1,155 @@
+#Requires -Version 7
+
+[CmdletBinding()]
+param(    
+    [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
+    [string] $tenantId,
+    [Parameter(Mandatory=$False, HelpMessage='Azure environment to use while running the script. Default = Global')]
+    [string] $azureEnvironmentName
+)
+
+
+Function Cleanup
+{
+    if (!$azureEnvironmentName)
+    {
+        $azureEnvironmentName = "Global"
+    }
+
+    <#
+    .Description
+    This function removes the Azure AD applications for the sample. These applications were created by the Configure.ps1 script
+    #>
+
+    # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant 
+    # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD. 
+
+    # Connect to the Microsoft Graph API
+    Write-Host "Connecting to Microsoft Graph"
+
+
+    if ($tenantId -eq "") 
+    {
+        Connect-MgGraph -Scopes "User.Read.All Organization.Read.All Application.ReadWrite.All" -Environment $azureEnvironmentName
+    }
+    else 
+    {
+        Connect-MgGraph -TenantId $tenantId -Scopes "User.Read.All Organization.Read.All Application.ReadWrite.All" -Environment $azureEnvironmentName
+    }
+    
+    $context = Get-MgContext
+    $tenantId = $context.TenantId
+
+    # Get the user running the script
+    $currentUserPrincipalName = $context.Account
+    $user = Get-MgUser -Filter "UserPrincipalName eq '$($context.Account)'"
+
+    # get the tenant we signed in to
+    $Tenant = Get-MgOrganization
+    $tenantName = $Tenant.DisplayName
+    
+    $verifiedDomain = $Tenant.VerifiedDomains | where {$_.Isdefault -eq $true}
+    $verifiedDomainName = $verifiedDomain.Name
+    $tenantId = $Tenant.Id
+
+    Write-Host ("Connected to Tenant {0} ({1}) as account '{2}'. Domain is '{3}'" -f  $Tenant.DisplayName, $Tenant.Id, $currentUserPrincipalName, $verifiedDomainName)
+
+    # Removes the applications
+    Write-Host "Cleaning-up applications from tenant '$tenantId'"
+
+    Write-Host "Removing 'client' (msal-node-webapp) if needed"
+    try
+    {
+        Get-MgApplication -Filter "DisplayName eq 'msal-node-webapp'" | ForEach-Object {Remove-MgApplication -ApplicationId $_.Id }
+    }
+    catch
+    {
+        $message = $_
+        Write-Warning $Error[0]
+        Write-Host "Unable to remove the application 'msal-node-webapp'. Error is $message. Try deleting manually." -ForegroundColor White -BackgroundColor Red
+    }
+
+    Write-Host "Making sure there are no more (msal-node-webapp) applications found, will remove if needed..."
+    $apps = Get-MgApplication -Filter "DisplayName eq 'msal-node-webapp'" | Format-List Id, DisplayName, AppId, SignInAudience, PublisherDomain
+    
+    if ($apps)
+    {
+        Remove-MgApplication -ApplicationId $apps.Id
+    }
+
+    foreach ($app in $apps) 
+    {
+        Remove-MgApplication -ApplicationId $app.Id
+        Write-Host "Removed msal-node-webapp.."
+    }
+
+    # also remove service principals of this app
+    try
+    {
+        Get-MgServicePrincipal -filter "DisplayName eq 'msal-node-webapp'" | ForEach-Object {Remove-MgServicePrincipal -ServicePrincipalId $_.Id -Confirm:$false}
+    }
+    catch
+    {
+        $message = $_
+        Write-Warning $Error[0]
+        Write-Host "Unable to remove ServicePrincipal 'msal-node-webapp'. Error is $message. Try deleting manually from Enterprise applications." -ForegroundColor White -BackgroundColor Red
+    }
+    # remove self-signed certificate
+    Write-Host "Removing CN=msal-node-webapp certificate from Cert:/CurrentUser/My"
+    Get-ChildItem -Path Cert:\CurrentUser\My | where { $_.subject -eq "CN=msal-node-webapp" } | Remove-Item
+}
+
+# Pre-requisites
+if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph")) {
+    Install-Module "Microsoft.Graph" -Scope CurrentUser 
+}
+
+#Import-Module Microsoft.Graph
+
+if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Authentication")) {
+    Install-Module "Microsoft.Graph.Authentication" -Scope CurrentUser 
+}
+
+Import-Module Microsoft.Graph.Authentication
+
+if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Identity.DirectoryManagement")) {
+    Install-Module "Microsoft.Graph.Identity.DirectoryManagement" -Scope CurrentUser 
+}
+
+Import-Module Microsoft.Graph.Identity.DirectoryManagement
+
+if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Applications")) {
+    Install-Module "Microsoft.Graph.Applications" -Scope CurrentUser 
+}
+
+Import-Module Microsoft.Graph.Applications
+
+if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Groups")) {
+    Install-Module "Microsoft.Graph.Groups" -Scope CurrentUser 
+}
+
+Import-Module Microsoft.Graph.Groups
+
+if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Users")) {
+    Install-Module "Microsoft.Graph.Users" -Scope CurrentUser 
+}
+
+Import-Module Microsoft.Graph.Users
+
+$ErrorActionPreference = "Stop"
+
+
+try
+{
+    Cleanup -tenantId $tenantId -environment $azureEnvironmentName
+}
+catch
+{
+    $_.Exception.ToString() | out-host
+    $message = $_
+    Write-Warning $Error[0]    
+    Write-Host "Unable to register apps. Error is $message." -ForegroundColor White -BackgroundColor Red
+}
+
+Write-Host "Disconnecting from tenant"
+Disconnect-MgGraph