Merge pull request #115294 from mmacy/msid-spa-auth-code-appreg-protocol

[msid] SPA app reg w/auth code & MSAL.js 2.0 (preview)

Author: v-shils

articles/active-directory/develop/TOC.yml

@@ -28,7 +28,9 @@
     items:
     - name: Angular
       href: quickstart-v2-angular.md
-    - name: JavaScript
+    - name: JavaScript - Auth code flow
+      href: quickstart-v2-javascript-auth-code.md
+    - name: JavaScript - Implicit flow 
       href: quickstart-v2-javascript.md
   - name: Web apps
     items:
@@ -73,7 +75,9 @@
     items:
     - name: Angular
       href: tutorial-v2-angular.md
-    - name: JavaScript
+    - name: JavaScript - Auth code flow
+      href: tutorial-v2-javascript-auth-code.md  
+    - name: JavaScript - Implicit flow
       href: tutorial-v2-javascript-spa.md
   - name: Web apps
     items:
@@ -479,6 +483,10 @@
       href: active-directory-optional-claims.md
     - name: Configure token lifetimes
       href: active-directory-configurable-token-lifetimes.md
+    - name: Handle SameSite cookie changes in Chrome browser
+      href: howto-handle-samesite-cookie-changes-chrome-browser.md
+    - name: Handle ITP in Safari 
+      href: reference-third-party-cookies-spas.md
   - name: Application configuration
     displayName: App configuration
     items:

articles/active-directory/develop/index.yml

@@ -45,13 +45,17 @@ landingContent:
             url: scenario-spa-overview.md
       - linkListType: quickstart
         links:
-          - text: JavaScript
+          - text: JavaScript - Auth code
+            url: quickstart-v2-javascript-auth-code.md
+          - text: JavaScript - Implicit
             url: quickstart-v2-javascript.md
           - text: Angular
             url: quickstart-v2-angular.md
       - linkListType: tutorial
         links:
-          - text: JavaScript
+          - text: JavaScript - Auth code
+            url: tutorial-v2-javascript-auth-code.md
+          - text: JavaScript - Implicit
             url: tutorial-v2-javascript-spa.md
       - linkListType: download
         links:

articles/active-directory/develop/media/quickstart-v2-javascript-auth-code/diagram-01-auth-code-flow.png

@@ -1,5 +1,5 @@
 ---
-title: Sign in users in JavaScript single-page apps with auth code | Azure
+title: Sign in users in JavaScript single-page apps (SPA) with auth code | Azure
 titleSuffix: Microsoft identity platform
 description: Learn how a JavaScript app can call an API that requires access tokens using the Microsoft identity platform.
 services: active-directory
@@ -10,29 +10,26 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: quickstart
 ms.workload: identity
-ms.date: 04/22/2020
+ms.date: 05/19/2020
 ms.author: hahamil
-ms.custom: aaddev, identityplatformtop40, scenarios:getting-started, languages:JavaScript
-ROBOTS: NOINDEX
+ms.custom: aaddev, scenarios:getting-started, languages:JavaScript
 #Customer intent: As an app developer, I want to learn how to get access tokens and refresh tokens by using the Microsoft identity platform endpoint so that my JavaScript app can sign in users of personal accounts, work accounts, and school accounts.
 ---
 
-# Quickstart: Sign in users and get an access token in a JavaScript SPA using the Auth Code Flow 
+# Quickstart: Sign in users and get an access token in a JavaScript SPA using the auth code flow
 
 > [!IMPORTANT]
 > This feature is currently in preview. Previews are made available to you on the condition that you agree to the [supplemental terms of use](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). Some aspects of this feature might change before general availability (GA).
 
+In this quickstart, you run a code sample that demonstrates how a JavaScript single-page application (SPA) can sign in users of personal accounts, work accounts, and school accounts by using the authorization code flow. The code sample also demonstrates obtaining an access token to call a web API, in this case the Microsoft Graph API. See [How the sample works](#how-the-sample-works) for an illustration.
 
-This quickstart uses MSAL.js 2.0 with the Authorization Code flow. To use MSAL.js 1.0 with the implicit flow, view [this quickstart](https://docs.microsoft.com/azure/active-directory/develop/quickstart-v2-javascript).
-
-In this quickstart, you use a code sample to learn how a JavaScript single-page application (SPA) can sign in users of personal accounts, work accounts, and school accounts. A JavaScript SPA can also get an access token to call the Microsoft Graph API or any web API. See [How the sample works](#how-the-sample-works) for an illustration.
+This quickstart uses MSAL.js 2.0 with the authorization code flow. For a similar quickstart that uses MSAL.js 1.0 with the implicit flow, see [Quickstart: Sign in users in JavaScript single-page apps](https://docs.microsoft.com/azure/active-directory/develop/quickstart-v2-javascript).
 
 ## Prerequisites
 
 * Azure subscription - [Create an Azure subscription for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F)
 * [Node.js](https://nodejs.org/en/download/)
-* [Visual Studio Code](https://code.visualstudio.com/download) (to edit project files)
-
+* [Visual Studio Code](https://code.visualstudio.com/download) or another code editor
 
 > [!div renderon="docs"]
 > ## Register and download your quickstart application
@@ -53,16 +50,15 @@ In this quickstart, you use a code sample to learn how a JavaScript single-page
 > #### Step 1: Register your application
 >
 > 1. Sign in to the [Azure portal](https://portal.azure.com).
->
 > 1. If your account gives you access to more than one tenant, select your account at the top right, and then set your portal session to the Azure AD tenant you want to use.
 > 1. Select [App registrations](https://go.microsoft.com/fwlink/?linkid=2083908).
 > 1. Select **New registration**.
 > 1. When the **Register an application** page appears, enter a name for your application.
 > 1. Under **Supported account types**, select **Accounts in any organizational directory and personal Microsoft accounts**.
 > 1. Select **Register**. On the app **Overview** page, note the **Application (client) ID** value for later use.
 > 1. In the left pane of the registered application, select **Authentication**.
-> 1. Under **Platform Configurations**, select **Add a platform**. A panel opens on the left. There, select the **Single-Page Applications** region.
-> 1. Still on the left, set the **Redirect URI** value to `http://localhost:3000/`. 
+> 1. Under **Platform configurations**, select **Add a platform**. In the pane that opens select **Single-page application**.
+> 1. Set the **Redirect URI** value to `http://localhost:3000/`.
 > 1. Select **Configure**.
 
 > [!div class="sxs-lookup" renderon="portal"]
@@ -82,45 +78,52 @@ In this quickstart, you use a code sample to learn how a JavaScript single-page
 > [!div renderon="portal" class="sxs-lookup"]
 > Run the project with a web server by using Node.js
 
-> [!div renderon="portal" id="autoupdate" class="nextstepaction" class="sxs-lookup"]
+> [!div renderon="portal" class="sxs-lookup" id="autoupdate" class="nextstepaction"]
 > [Download the code sample](https://github.com/Azure-Samples/ms-identity-javascript-v2/archive/master.zip)
 
 > [!div renderon="docs"]
 > #### Step 3: Configure your JavaScript app
 >
-> In the *app* folder, edit *authConfig.js*, and set the `clientID`, `authority` and `redirectUri` values under `msalConfig`.
+> In the *app* folder, open the *authConfig.js* file and update the `clientID`, `authority`, and `redirectUri` values in the `msalConfig` object.
 >
 > ```javascript
->
->  // Config object to be passed to Msal on creation
->  const msalConfig = {
->    auth: {
->      clientId: "Enter_the_Application_Id_Here",
->      authority: "Enter_the_Cloud_Instance_Id_HereEnter_the_Tenant_Info_Here",
->      redirectUri: "Enter_the_Redirect_Uri_Here",
->    },
->    cache: {
->      cacheLocation: "sessionStorage", // This configures where your cache will be stored
->      storeAuthStateInCookie: false, // Set this to "true" if you are having issues on IE11 or Edge
->    }
->  };
->
->```
+> // Config object to be passed to Msal on creation
+> const msalConfig = {
+>   auth: {
+>     clientId: "Enter_the_Application_Id_Here",
+>     authority: "Enter_the_Cloud_Instance_Id_HereEnter_the_Tenant_Info_Here",
+>     redirectUri: "Enter_the_Redirect_Uri_Here",
+>   },
+>   cache: {
+>     cacheLocation: "sessionStorage", // This configures where your cache will be stored
+>     storeAuthStateInCookie: false, // Set this to "true" if you are having issues on IE11 or Edge
+>   }
+> };
+> ```
 
 > [!div renderon="portal" class="sxs-lookup"]
 > > [!NOTE]
-> > :::no-loc text="Enter_the_Supported_Account_Info_Here":::
+> > `Enter_the_Supported_Account_Info_Here`
 
 > [!div renderon="docs"]
 >
-> Where:
-> - *\<Enter_the_Application_Id_Here>* is the **Application (client) ID** for the application you registered.
-> - *\<Enter_the_Cloud_Instance_Id_Here>* is the instance of the Azure cloud. For the main or global Azure cloud, simply enter *https://login.microsoftonline.com/*. For **national** clouds (for example, China), see [National clouds](https://docs.microsoft.com/azure/active-directory/develop/authentication-national-cloud).
-> - *\<Enter_the_Tenant_info_here>* is set to one of the following options:
->    - If your application supports *accounts in this organizational directory*, replace this value with the **Tenant ID** or **Tenant name** (for example, *contoso.microsoft.com*).
->    - If your application supports *accounts in any organizational directory*, replace this value with **organizations**.
->    - If your application supports *accounts in any organizational directory and personal Microsoft accounts*, replace this value with **common**. To restrict support to *personal Microsoft accounts only*, replace this value with **consumers**.
-> - *\<Enter_the_Redirect_Uri_Here>* is `http://localhost:3000`
+> Modify the values in the `msalConfig` section as described here:
+>
+> - `Enter_the_Application_Id_Here` is the **Application (client) ID** for the application you registered.
+> - `Enter_the_Cloud_Instance_Id_Here` is the instance of the Azure cloud. For the main or global Azure cloud, enter `https://login.microsoftonline.com/`. For **national** clouds (for example, China), see [National clouds](authentication-national-cloud.md).
+> - `Enter_the_Tenant_info_here` is set to one of the following:
+>   - If your application supports *accounts in this organizational directory*, replace this value with the **Tenant ID** or **Tenant name**. For example, `contoso.microsoft.com`.
+>   - If your application supports *accounts in any organizational directory*, replace this value with `organizations`.
+>   - If your application supports *accounts in any organizational directory and personal Microsoft accounts*, replace this value with `common`. **For this quickstart**, use `common`.
+>   - To restrict support to *personal Microsoft accounts only*, replace this value with `consumers`.
+> - `Enter_the_Redirect_Uri_Here` is `http://localhost:3000/`.
+>
+> The `authority` value in your *authConfig.js* should be similar to the following if you're using the main (global) Azure cloud:
+>
+> ```javascript
+> authority: "https://login.microsoftonline.com/common",
+> ```
+>
 > > [!TIP]
 > > To find the values of **Application (client) ID**, **Directory (tenant) ID**, and **Supported account types**, go to the app registration's **Overview** page in the Azure portal.
 >
@@ -130,7 +133,8 @@ In this quickstart, you use a code sample to learn how a JavaScript single-page
 
 > [!div renderon="docs"]
 >
-> Then, still in the same folder, edit *graphConfig.js* file to set the `graphMeEndpoint` and `graphMailEndpoint` for the `apiConfig` object.
+> Then, still in the same folder, edit the *graphConfig.js* file and update the `graphMeEndpoint` and `graphMailEndpoint` values in the `apiConfig` object.
+>
 > ```javascript
 >   // Add here the endpoints for MS Graph API services you would like to use.
 >   const graphConfig = {
@@ -144,31 +148,37 @@ In this quickstart, you use a code sample to learn how a JavaScript single-page
 >   };
 > ```
 >
-
 > [!div renderon="docs"]
 >
-> *\<Enter_the_Graph_Endpoint_Here>* is the endpoint that API calls will be made against. For the main or global Microsoft Graph API service, enter `https://graph.microsoft.com`. For more information, see [National cloud deployment](https://docs.microsoft.com/graph/deployments).
+> `Enter_the_Graph_Endpoint_Here` is the endpoint that API calls will be made against. For the main (global) Microsoft Graph API service, enter `https://graph.microsoft.com/` (include the trailing forward-slash). For more information about Microsoft Graph on national clouds, see [National cloud deployment](https://docs.microsoft.com/graph/deployments).
+>
+> The `graphMeEndpoint` and `graphMailEndpoint` values in the *graphConfig.js* file should be similar to the following if you're using the main (global) Microsoft Graph API service:
+>
+> ```javascript
+> graphMeEndpoint: "https://graph.microsoft.com/v1.0/me",
+> graphMailEndpoint: "https://graph.microsoft.com/v1.0/me/messages"
+> ```
 >
 > #### Step 4: Run the project
 
-Run the project with a web server by using [Node.js](https://nodejs.org/en/download/):
+Run the project with a web server by using Node.js:
 
 1. To start the server, run the following commands from within the project directory:
-    ```bash
+    ```console
     npm install
     npm start
     ```
 1. Browse to `http://localhost:3000/`.
 
-1. Select **Sign In** to start the sign-in process and then call Microsoft Graph API.
+1. Select **Sign In** to start the sign-in process and then call the Microsoft Graph API.
 
     The first time you sign in, you're prompted to provide your consent to allow the application to access your profile and sign you in. After you're signed in successfully, your user profile information should be displayed on the page.
 
 ## More information
 
 ### How the sample works
 
-![How the sample JavaScript SPA works: 1. The SPA initiates sign in. 2. The SPA acquires an ID token from the Microsoft identity platform. 3. The SPA calls acquire token. 4. The Microsoft identity platform returns an Access token to the SPA. 5. The SPA makes and HTTP GET request with the Access Token to the Microsoft Graph API. 6. The Graph API returns an HTTP response to the SPA.](media/quickstart-v2-javascript/javascriptspa-intro.svg)
+:::image type="content" source="media/quickstart-v2-javascript-auth-code/diagram-01-auth-code-flow.png" alt-text="Diagram showing the authorization code flow for a single-page application":::
 
 ### msal.js
 
@@ -178,20 +188,16 @@ The MSAL.js library signs in users and requests the tokens that are used to acce
 <script type="text/javascript" src="https://alcdn.msauth.net/browser/2.0.0-beta.0/js/msal-browser.js" integrity=
 "sha384-r7Qxfs6PYHyfoBR6zG62DGzptfLBxnREThAlcJyEfzJ4dq5rqExc1Xj3TPFE/9TH" crossorigin="anonymous"></script>
 ```
-> [!TIP]
-> You can replace the preceding version with the latest released version under [MSAL.js releases](https://github.com/AzureAD/microsoft-authentication-library-for-js/releases).
 
-Alternatively, if you have Node.js installed, you can download the latest version by using the Node.js Package Manager (npm):
+If you have Node.js installed, you can download the latest version by using the Node.js Package Manager (npm):
 
-```batch
+```console
 npm install @azure/msal-browser
 ```
 
 ## Next steps
 
-The [MSAL.js GitHub repo](https://github.com/AzureAD/microsoft-authentication-library-for-js) contains additional library documentation, a FAQ, and provides issue support.
-
-For a more detailed step-by-step guide on building the application for this quickstart, see:
+For a more detailed step-by-step guide on building the application used in this quickstart, see the following tutorial:
 
 > [!div class="nextstepaction"]
-> [Tutorial to sign in and call MS Graph](https://docs.microsoft.com/azure/active-directory/develop/tutorial-v2-javascript-auth-code)
+> [Tutorial to sign in and call MS Graph >](https://docs.microsoft.com/azure/active-directory/develop/tutorial-v2-javascript-auth-code)