Merge branch 'master' into nisgoelwiki

Author: nis-goel

.openpublishing.publish.config.json

@@ -233,6 +233,11 @@
       "url": "https://github.com/Azure-Samples/azure-iot-samples-node",
       "branch": "master"
     },
+    {
+      "path_to_root": "azure-iot-sdk-node",
+      "url": "https://github.com/Azure/azure-iot-sdk-node",
+      "branch": "master"
+    },
     {
       "path_to_root": "iot-samples-c",
       "url": "https://github.com/Azure/azure-iot-sdk-c",
@@ -414,6 +419,11 @@
       "url": "https://github.com/Azure/azure-cosmos-dotnet-v2",
       "branch": "master"
     },
+    {
+      "path_to_root": "samples-cosmosdb-java-v4-web-app",
+      "url": "https://github.com/Azure-Samples/azure-cosmos-java-sql-api-todo-app",
+      "branch": "master"
+    },
     {
       "path_to_root": "samples-cosmosdb-dotnet-change-feed-processor",
       "url": "https://github.com/Azure-Samples/cosmos-dotnet-change-feed-processor",

.openpublishing.redirection.json

@@ -59,7 +59,8 @@
         "YAML"
     ],
     "cSpell.words": [
-        "auditd"
+        "auditd",
+        "covid"
     ],
     "git.ignoreLimitWarning": true
 }

.vscode/settings.json

@@ -1,4 +1,17 @@
 # Testing the new code owners feature in GitHub. Please contact Cory Fowler if you have questions.
+
+# Horizontals
+
+## Azure Policy: Samples
+articles/**/policy-samples.md @DCtheGeek
+includes/policy/ @DCtheGeek
+
+# Azure Active Directory
+
+articles/active-directory-b2c/ @msmimart @yoelhor
+articles/active-directory/app-provisioning/ @CelesteDG
+articles/active-directory/manage-apps/ @CelesteDG
+
 # Cognitive Services
 articles/cognitive-services/ @diberry @erhopf @aahill @ievangelist @patrickfarley @nitinme
 
@@ -9,7 +22,7 @@ articles/jenkins/ @TomArcherMsft
 articles/terraform/ @TomArcherMsft
 
 # Requires Internal Review
-articles/best-practices-availability-paired-regions.md @jpconnock @martinekuan @syntaxc4 @tysonn @snoviking
+articles/best-practices-availability-paired-regions.md @martinekuan @syntaxc4 @snoviking
 
 # Governance
 articles/governance/ @DCtheGeek

CODEOWNERS

@@ -11,7 +11,7 @@ For more information, see the [Code of Conduct FAQ](https://opensource.microsoft
 
 ## How can I contribute?
 
-There are a variety of ways to contribute to the documentation, review the sections below to find out which one is right for you.
+There are many ways to contribute to the documentation, review the sections below to find out which one is right for you.
 
 ### Reporting Bugs and Suggesting Enhancements
 

CONTRIBUTING.md

@@ -226,7 +226,9 @@
     - name: Tokens and session management
       items:
       - name: Customize tokens
-        href: custom-policy-manage-sso-and-token-config.md
+        href: configure-tokens-custom-policy.md
+      - name: Configure session behavior
+        href: session-behavior-custom-policy.md
     - name: Pass through external IdP token
       href: idp-pass-through-custom.md
     - name: Adaptive experience

articles/active-directory-b2c/TOC.yml

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 04/16/2019
+ms.date: 05/12/2020
 ms.author: mimart
 ms.subservice: B2C
 
@@ -81,7 +81,7 @@ https://jwt.ms/?code=eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMC...
 After successfully receiving the authorization code, you can use it to request an access token:
 
 ```HTTP
-POST <tenant-name>.onmicrosoft.com/oauth2/v2.0/token?p=<policy-name> HTTP/1.1
+POST <tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/token HTTP/1.1
 Host: <tenant-name>.b2clogin.com
 Content-Type: application/x-www-form-urlencoded
 

articles/active-directory-b2c/access-tokens.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 02/27/2020
+ms.date: 05/12/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -36,7 +36,7 @@ The resource owner password credentials (ROPC) flow is an OAuth standard authent
 
    You'll then see an endpoint such as this example:
 
-   `https://yourtenant.b2clogin.com/yourtenant.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_ROPC_Auth`
+   `https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/B2C_1_ROPC_Auth/v2.0/.well-known/openid-configuration`
 
 
 ## Register an application
@@ -46,11 +46,11 @@ The resource owner password credentials (ROPC) flow is an OAuth standard authent
 ## Test the user flow
 
 Use your favorite API development application to generate an API call, and review the response to debug your user flow. Construct a call like this with the information in the following table as the body of the POST request:
-- Replace *\<yourtenant.onmicrosoft.com>* with the name of your B2C tenant.
+- Replace *\<tenant-name>.onmicrosoft.com* with the name of your B2C tenant.
 - Replace *\<B2C_1A_ROPC_Auth>* with the full name of your resource owner password credentials policy.
 - Replace *\<bef2222d56-552f-4a5b-b90a-1988a7d634c3>* with the Application ID from your registration.
 
-`https://yourtenant.b2clogin.com/<yourtenant.onmicrosoft.com>/oauth2/v2.0/token?p=B2C_1_ROPC_Auth`
+`https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/B2C_1_ROPC_Auth/oauth2/v2.0/token`
 
 | Key | Value |
 | --- | ----- |
@@ -66,8 +66,8 @@ Use your favorite API development application to generate an API call, and revie
 The actual POST request looks like the following:
 
 ```
-POST /yourtenant.onmicrosoft.com/oauth2/v2.0/token?p=B2C_1_ROPC_Auth HTTP/1.1
-Host: yourtenant.b2clogin.com
+POST /<tenant-name>.onmicrosoft.com/B2C_1_ROPC_Auth/oauth2/v2.0/token HTTP/1.1
+Host: <tenant-name>.b2clogin.com
 Content-Type: application/x-www-form-urlencoded
 
 username=leadiocl%40trashmail.ws&password=Passxword1&grant_type=password&scope=openid+bef22d56-552f-4a5b-b90a-1988a7d634ce+offline_access&client_id=bef22d56-552f-4a5b-b90a-1988a7d634ce&response_type=token+id_token
@@ -90,7 +90,7 @@ A successful response with offline-access looks like the following example:
 
 Construct a POST call like the one shown here with the information in the following table as the body of the request:
 
-`https://yourtenant.b2clogin.com/<yourtenant.onmicrosoft.com>/oauth2/v2.0/token?p=B2C_1_ROPC_Auth`
+`https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/B2C_1_ROPC_Auth/oauth2/v2.0/token`
 
 | Key | Value |
 | --- | ----- |

articles/active-directory-b2c/configure-ropc.md

@@ -0,0 +1,91 @@
+---
+title: Manage SSO and token customization using custom policies
+titleSuffix: Azure AD B2C
+description: Learn about managing SSO and token customization using custom policies in Azure Active Directory B2C.
+services: active-directory-b2c
+author: msmimart
+manager: celestedg
+
+ms.service: active-directory
+ms.workload: identity
+ms.topic: conceptual
+ms.date: 05/07/2020
+ms.author: mimart
+ms.subservice: B2C
+---
+
+# Manage SSO and token customization using custom policies in Azure Active Directory B2C
+
+This article provides information about how you can manage your token, session, and single sign-on (SSO) configurations using [custom policies](custom-policy-overview.md) in Azure Active Directory B2C (Azure AD B2C).
+
+## JTW token lifetimes and claims configuration
+
+To change the settings on your token lifetimes, you add a [ClaimsProviders](claimsproviders.md) element in the relying party file of the policy you want to impact.  The **ClaimsProviders** element is a child of the [TrustFrameworkPolicy](trustframeworkpolicy.md) element.
+
+Insert the ClaimsProviders element between the BasePolicy element and the RelyingParty element of the relying party file.
+
+Inside, you'll need to put the information that affects your token lifetimes. The XML looks like this example:
+
+```XML
+<ClaimsProviders>
+  <ClaimsProvider>
+    <DisplayName>Token Issuer</DisplayName>
+    <TechnicalProfiles>
+      <TechnicalProfile Id="JwtIssuer">
+        <Metadata>
+          <Item Key="token_lifetime_secs">3600</Item>
+          <Item Key="id_token_lifetime_secs">3600</Item>
+          <Item Key="refresh_token_lifetime_secs">1209600</Item>
+          <Item Key="rolling_refresh_token_lifetime_secs">7776000</Item>
+          <Item Key="IssuanceClaimPattern">AuthorityAndTenantGuid</Item>
+          <Item Key="AuthenticationContextReferenceClaimPattern">None</Item>
+        </Metadata>
+      </TechnicalProfile>
+    </TechnicalProfiles>
+  </ClaimsProvider>
+</ClaimsProviders>
+```
+
+The following values are set in the previous example:
+
+- **Access token lifetimes** - The access token lifetime value is set with **token_lifetime_secs** metadata item. The default value is 3600 seconds (60 minutes).
+- **ID token lifetime** - The ID token lifetime value is set with the **id_token_lifetime_secs** metadata item. The default value is 3600 seconds (60 minutes).
+- **Refresh token lifetime** - The refresh token lifetime value is set with the **refresh_token_lifetime_secs** metadata item. The default value is 1209600 seconds (14 days).
+- **Refresh token sliding window lifetime** - If you would like to set a sliding window lifetime to your refresh token, set the value of **rolling_refresh_token_lifetime_secs** metadata item. The default value is 7776000 (90 days). If you don't want to enforce a sliding window lifetime, replace the item with `<Item Key="allow_infinite_rolling_refresh_token">True</Item>`.
+- **Issuer (iss) claim** - The Issuer (iss) claim is set with the **IssuanceClaimPattern** metadata item. The applicable values are `AuthorityAndTenantGuid` and `AuthorityWithTfp`.
+- **Setting claim representing policy ID** - The options for setting this value are `TFP` (trust framework policy) and `ACR` (authentication context reference). `TFP` is the recommended value. Set **AuthenticationContextReferenceClaimPattern** with the value of `None`.
+
+    In the **ClaimsSchema** element, add this element:
+
+    ```XML
+    <ClaimType Id="trustFrameworkPolicy">
+      <DisplayName>Trust framework policy name</DisplayName>
+      <DataType>string</DataType>
+    </ClaimType>
+    ```
+
+    In your **OutputClaims** element, add this element:
+
+    ```XML
+    <OutputClaim ClaimTypeReferenceId="trustFrameworkPolicy" Required="true" DefaultValue="{policy}" />
+    ```
+
+    For ACR, remove the **AuthenticationContextReferenceClaimPattern** item.
+
+- **Subject (sub) claim** - This option defaults to ObjectID, if you would like to switch this setting to `Not Supported`, replace this line:
+
+    ```XML
+    <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" />
+    ```
+
+    with this line:
+
+    ```XML
+    <OutputClaim ClaimTypeReferenceId="sub" />
+    ```
+
+## Next steps
+
+- Learn more about [Azure AD B2C session](session-overview.md).
+- Learn how to [configure session behavior in custom policies](session-behavior-custom-policy.md).
+- Reference: [JwtIssuer](jwt-issuer-technical-profile.md).

articles/active-directory-b2c/configure-tokens-custom-policy.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 04/16/2019
+ms.date: 05/07/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -21,7 +21,7 @@ In this article, you learn how to configure the [lifetime and compatibility of a
 
 [Create a user flow](tutorial-create-user-flows.md) to enable users to sign up and sign in to your application.
 
-## Configure token lifetime
+## Configure JWT token lifetime
 
 You can configure the token lifetime on any user flow.
 
@@ -37,7 +37,7 @@ You can configure the token lifetime on any user flow.
 
 8. Click **Save**.
 
-## Configure token compatibility
+## Configure JWT token compatibility
 
 1. Select **User flows (policies)**.
 2. Open the user flow that you previously created.