Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into report14

Author: farah-alyasari

.openpublishing.redirection.json

@@ -382,6 +382,7 @@
     href: https://azure.microsoft.com/resources/samples/?service=active-directory-b2c
   - name: Cookie definitions
     href: cookie-definitions.md
+    displayName: cookies, SameSite
   - name: Error codes
     href: error-codes.md
   - name: Region availability & data residency

articles/active-directory-b2c/TOC.yml

@@ -68,7 +68,7 @@ GET https://<tenant-name>.b2clogin.com/tfp/<tenant-name>.onmicrosoft.com/<policy
 client_id=<application-ID>
 &nonce=anyRandomValue
 &redirect_uri=https://jwt.ms
-&scope=https://tenant-name>.onmicrosoft.com/api/read
+&scope=https://<tenant-name>.onmicrosoft.com/api/read
 &response_type=code
 ```
 

articles/active-directory-b2c/access-tokens.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/10/2018
+ms.date: 02/03/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -110,6 +110,44 @@ The self-asserted technical profile calls the validation **login-NonInteractive*
     - **valueToCompareTo**: true
 - Result: Error thrown
 
+## CompareBooleanClaimToValue
+
+Checks that boolean value of a claims is equal to `true` or `false`, and return the result of the compression. 
+
+| Item | TransformationClaimType  | Data Type  | Notes |
+| ---- | ------------------------ | ---------- | ----- |
+| inputClaim | inputClaim | boolean | The ClaimType to be asserted. |
+| InputParameter |valueToCompareTo | boolean | The value to compare (true or false). |
+| OutputClaim | inputClaim | boolean | The ClaimType that is produced after this ClaimsTransformation has been invoked. |
+
+
+The following claims transformation demonstrates how to check the value of a boolean ClaimType with a `true` value. If the value of the `IsAgeOver21Years` ClaimType is equal to `true`, the claims transformation returns `true`, otherwise `false`.
+
+```XML
+<ClaimsTransformation Id="AssertAccountEnabled" TransformationMethod="CompareBooleanClaimToValue">
+  <InputClaims>
+    <InputClaim ClaimTypeReferenceId="IsAgeOver21Years" TransformationClaimType="inputClaim" />
+  </InputClaims>
+  <InputParameters>
+    <InputParameter Id="valueToCompareTo" DataType="boolean" Value="true" />
+  </InputParameters>
+  <OutputClaims>
+      <OutputClaim  ClaimTypeReferenceId="accountEnabled" TransformationClaimType="compareResult"/>
+  </OutputClaims>
+</ClaimsTransformation>
+```
+
+### Example
+
+- Input claims:
+    - **inputClaim**: false
+- Input parameters:
+    - **valueToCompareTo**: true
+- Output claims:
+    - **compareResult**: false 
+
+
+
 ## NotClaims
 
 Performs a Not operation of the boolean inputClaim and sets the outputClaim with result of the operation.
@@ -170,4 +208,3 @@ The following claims transformation demonstrates how to `Or` two boolean ClaimTy
     - **inputClaim2**: false
 - Output claims:
     - **outputClaim**: true
-

articles/active-directory-b2c/boolean-transformations.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/10/2018
+ms.date: 01/29/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -48,7 +48,7 @@ The **ClaimsProvider** element contains the following child elements:
 | Element | Occurrences | Description |
 | ------- | ---------- | ----------- |
 | Domain | 0:1 | A string that contains the domain name for the claim provider. For example, if your claims provider includes the Facebook technical profile, the domain name is Facebook.com. This domain name is used for all technical profiles defined in the claims provider unless overridden by the technical profile. The domain name can also be referenced in a **domain_hint**. For more information, see the **Redirect sign-in to a social provider** section of [Set up direct sign-in using Azure Active Directory B2C](direct-signin.md). |
-| DisplayName | 1:1 | A string that contains the name of the claims provider that can be displayed to users. |
+| DisplayName | 1:1 | A string that contains the name of the claims provider. |
 | [TechnicalProfiles](technicalprofiles.md) | 0:1 | A set of technical profiles supported by the claim provider |
 
 **ClaimsProvider** organizes how your technical profiles relate to the claims provider. The following example shows the Azure Active Directory claims provider with the Azure Active Directory technical profiles:

articles/active-directory-b2c/claimsproviders.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/10/2018
+ms.date: 03/02/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -46,8 +46,8 @@ The **ClaimType** element contains the following elements:
 
 | Element | Occurrences | Description |
 | ------- | ----------- | ----------- |
-| DisplayName | 0:1 | The title that's displayed to users on various screens. The value can be [localized](localization.md). |
-| DataType | 0:1 | The type of the claim. The data types of boolean, date, dateTime, int, long, string, stringCollection, alternativeSecurityIdCollection can be used. |
+| DisplayName | 1:1 | The title that's displayed to users on various screens. The value can be [localized](localization.md). |
+| DataType | 1:1 | The type of the claim. The data types of boolean, date, dateTime, int, long, string, stringCollection can be used. Primitive data type represents the equivalent of C# variable data type. stringCollection represents a collection of strings. For more information see [C# Types and variables](https://docs.microsoft.com/dotnet/csharp/tour-of-csharp/types-and-variables). Date follows ISO 8601 convention. |
 | DefaultPartnerClaimTypes | 0:1 | The partner default claim types to use for a specified protocol. The value can be overwritten in the **PartnerClaimType** specified in the **InputClaim** or **OutputClaim** elements. Use this element to specify the default name for a protocol.  |
 | Mask | 0:1 | An optional string of masking characters that can be applied when displaying the claim. For example, the phone number 324-232-4343 can be masked as XXX-XXX-4343. |
 | UserHelpText | 0:1 | A description of the claim type that can be helpful for users to understand its purpose. The value can be [localized](localization.md). |
@@ -61,7 +61,7 @@ The **DefaultPartnerClaimTypes** may contain the following element:
 
 | Element | Occurrences | Description |
 | ------- | ----------- | ----------- |
-| Protocol | 0:n | List of protocols with their default partner claim type name. |
+| Protocol | 1:n | List of protocols with their default partner claim type name. |
 
 The **Protocol** element contains the following attributes:
 

articles/active-directory-b2c/claimsschema.md

@@ -6,7 +6,7 @@ author: mmacy
 manager: celestedg
 
 ms.author: marsma
-ms.date: 01/23/2018
+ms.date: 01/29/2020
 ms.custom: mvc
 ms.topic: sample
 ms.service: active-directory
@@ -37,6 +37,7 @@ The following tables provide links to samples for applications including iOS, An
 | [openidconnect-nodejs](https://github.com/AzureADQuickStarts/B2C-WebApp-OpenIDConnect-NodeJS) | A Node.js app that provides a quick and easy way to set up a Web application with Express using OpenID Connect. |
 | [javascript-nodejs-webapp](https://github.com/AzureADQuickStarts/active-directory-b2c-javascript-nodejs-webapp) | A node.js server that provides a quick and easy way to set up a REST API service using the OAuth2 protocol. |
 | [javascript-nodejs-webapi](https://github.com/Azure-Samples/active-directory-b2c-javascript-nodejs-webapi) | A small node.js Web API for Azure AD B2C that shows how to protect your web api and accept B2C access tokens using passport.js. |
+| [ms-identity-python-webapp](https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/README_B2C.md) | Demonstrate how to Integrate B2C of Microsoft identity platform with a Python web application.  |
 
 ## Single page apps
 

articles/active-directory-b2c/code-samples.md

@@ -142,11 +142,11 @@ The ID attribute of the **ContentDefinition** element specifies the type of page
 | **api.error** | [exception.cshtml](https://login.microsoftonline.com/static/tenant/default/exception.cshtml) | **Error page** - Displays an error page when an exception or an error is encountered. |
 | **api.idpselections** | [idpSelector.cshtml](https://login.microsoftonline.com/static/tenant/default/idpSelector.cshtml) | **Identity provider selection page** - Lists identity providers that users can choose from during sign-in. The options are usually enterprise identity providers, social identity providers such as Facebook and Google+, or local accounts. |
 | **api.idpselections.signup** | [idpSelector.cshtml](https://login.microsoftonline.com/static/tenant/default/idpSelector.cshtml) | **Identity provider selection for sign-up** - Lists identity providers that users can choose from during sign-up. The options are usually enterprise identity providers, social identity providers such as Facebook and Google+, or local accounts. |
-| **api.localaccountpasswordreset** | [selfasserted.html](https://login.microsoftonline.com/static/tenant/default/selfAsserted.cshtml) | **Forgot password page** - Displays a form that users must complete to initiate a password reset. |
-| **api.localaccountsignin** | [selfasserted.html](https://login.microsoftonline.com/static/tenant/default/selfAsserted.cshtml) | **Local account sign-in page** - Displays a form for signing in with a local account that's based on an email address or a user name. The form can contain a text input box and password entry box. |
-| **api.localaccountsignup** | [selfasserted.html](https://login.microsoftonline.com/static/tenant/default/selfAsserted.cshtml) | **Local account sign-up page** - Displays a form for signing up for a local account that's based on an email address or a user name. The form can contain various input controls, such as: a text input box, a password entry box, a radio button, single-select drop-down boxes, and multi-select check boxes. |
+| **api.localaccountpasswordreset** | [selfasserted.cshtml](https://login.microsoftonline.com/static/tenant/default/selfAsserted.cshtml) | **Forgot password page** - Displays a form that users must complete to initiate a password reset. |
+| **api.localaccountsignin** | [selfasserted.cshtml](https://login.microsoftonline.com/static/tenant/default/selfAsserted.cshtml) | **Local account sign-in page** - Displays a form for signing in with a local account that's based on an email address or a user name. The form can contain a text input box and password entry box. |
+| **api.localaccountsignup** | [selfasserted.cshtml](https://login.microsoftonline.com/static/tenant/default/selfAsserted.cshtml) | **Local account sign-up page** - Displays a form for signing up for a local account that's based on an email address or a user name. The form can contain various input controls, such as: a text input box, a password entry box, a radio button, single-select drop-down boxes, and multi-select check boxes. |
 | **api.phonefactor** | [multifactor-1.0.0.cshtml](https://login.microsoftonline.com/static/tenant/default/multifactor-1.0.0.cshtml) | **Multi-factor authentication page** - Verifies phone numbers, by using text or voice, during sign-up or sign-in. |
-| **api.selfasserted** | [selfasserted.html](https://login.microsoftonline.com/static/tenant/default/selfAsserted.cshtml) | **Social account sign-up page** - Displays a form that users must complete when they sign up by using an existing account from a social identity provider. This page is similar to the preceding social account sign up page, except for the password entry fields. |
-| **api.selfasserted.profileupdate** | [updateprofile.html](https://login.microsoftonline.com/static/tenant/default/updateProfile.cshtml) | **Profile update page** - Displays a form that users can access to update their profile. This page is similar to the social account sign up page, except for the password entry fields. |
-| **api.signuporsignin** | [unified.html](https://login.microsoftonline.com/static/tenant/default/unified.cshtml) | **Unified sign-up or sign-in page** - Handles the user sign-up and sign-in process. Users can use enterprise identity providers, social identity providers such as Facebook or Google+, or local accounts. |
+| **api.selfasserted** | [selfasserted.cshtml](https://login.microsoftonline.com/static/tenant/default/selfAsserted.cshtml) | **Social account sign-up page** - Displays a form that users must complete when they sign up by using an existing account from a social identity provider. This page is similar to the preceding social account sign up page, except for the password entry fields. |
+| **api.selfasserted.profileupdate** | [updateprofile.cshtml](https://login.microsoftonline.com/static/tenant/default/updateProfile.cshtml) | **Profile update page** - Displays a form that users can access to update their profile. This page is similar to the social account sign up page, except for the password entry fields. |
+| **api.signuporsignin** | [unified.cshtml](https://login.microsoftonline.com/static/tenant/default/unified.cshtml) | **Unified sign-up or sign-in page** - Handles the user sign-up and sign-in process. Users can use enterprise identity providers, social identity providers such as Facebook or Google+, or local accounts. |
 

articles/active-directory-b2c/contentdefinitions.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/10/2018
+ms.date: 02/03/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -110,6 +110,35 @@ The following example demonstrates the conversion of the claim `dateOfBirth` (da
 - Output claims:
     - **outputClaim**: 1559347200 (June 1, 2019 12:00:00 AM)
 
+## ConvertDateTimeToDateClaim 
+
+Converts a **DateTime** ClaimType to a **Date** ClaimType. The claims transformation removes the time format from the date.
+
+| Item | TransformationClaimType | Data Type | Notes |
+| ---- | ----------------------- | --------- | ----- |
+| InputClaim | inputClaim | dateTime | The ClaimType to be converted. |
+| OutputClaim | outputClaim | date | The ClaimType that is produced after this ClaimsTransformation has been invoked. |
+
+The following example demonstrates the conversion of the claim `systemDateTime` (dateTime data type) to another claim `systemDate` (date data type).
+
+```XML
+<ClaimsTransformation Id="ConvertToDate" TransformationMethod="ConvertDateTimeToDateClaim">
+  <InputClaims>
+    <InputClaim ClaimTypeReferenceId="systemDateTime" TransformationClaimType="inputClaim" />
+  </InputClaims>
+  <OutputClaims>
+    <OutputClaim ClaimTypeReferenceId="systemDate" TransformationClaimType="outputClaim" />
+  </OutputClaims>
+</ClaimsTransformation>
+```
+
+### Example
+
+- Input claims:
+  - **inputClaim**: 1559347200 (June 1, 2019 12:00:00 AM)
+- Output claims:
+  - **outputClaim**: 2019-06-01
+
 ## GetCurrentDateTime
 
 Get the current UTC date and time and add the value to a ClaimType.

articles/active-directory-b2c/date-transformations.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 08/27/2019
+ms.date: 02/03/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -20,6 +20,35 @@ ms.subservice: B2C
 
 This article provides examples for using general claims transformations of the Identity Experience Framework schema in Azure Active Directory B2C (Azure AD B2C). For more information, see [ClaimsTransformations](claimstransformations.md).
 
+## CopyClaim
+
+Copy value of a claim to another. Both claims must be from the same type.
+
+| Item | TransformationClaimType | Data Type | Notes |
+| ---- | ----------------------- | --------- | ----- |
+| InputClaim | inputClaim | string, int | The claim type which is to be copied. |
+| OutputClaim | outputClaim | string, int | The ClaimType that is produced after this ClaimsTransformation has been invoked. |
+
+Use this claims transformation to copy a value from a string or numeric claim, to another claim. The following example copies the externalEmail claim value to email claim.
+
+```XML
+<ClaimsTransformation Id="CopyEmailAddress" TransformationMethod="CopyClaim"> 
+  <InputClaims>
+    <InputClaim ClaimTypeReferenceId="externalEmail" TransformationClaimType="inputClaim"/>
+  </InputClaims>
+  <OutputClaims>
+    <OutputClaim ClaimTypeReferenceId="email" TransformationClaimType="outputClaim"/>
+  </OutputClaims>         
+</ClaimsTransformation>
+```
+
+### Example
+
+- Input claims:
+    - **inputClaim**: [email protected]
+- Output claims:
+    - **outputClaim**: [email protected] 
+
 ## DoesClaimExist
 
 Checks if the **inputClaim** exists or not and sets **outputClaim** to true or false accordingly.