Skip to content

Commit c759faa

Browse files
committed
edits after talking with Cephas
1 parent 4f8e386 commit c759faa

File tree

1 file changed

+8
-7
lines changed

1 file changed

+8
-7
lines changed

articles/app-service/tutorial-connect-app-app-graph-javascript.md

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -42,15 +42,16 @@ The tutorial shows how to pass the user credential provided by the frontend app
4242
1. The frontend App service passes user's token to backend App service.
4343
1. The backend App is secured to allow the frontend to make an API request. The user's access token has an audience for the backend API and scope of `user_impersonation`.
4444
1. The backend app registration already has the Microsoft Graph with the scope `User.Read`. This is added by default to all app registrations.
45+
1. At the end of the previous tutorial, a _fake_ profile was returned to the frontend app because Graph wasn't connected.
4546

4647
This tutorial extends the architecture:
4748

48-
* Grant admin consent to bypass the user consent screen for the back-end app.
49-
* Change the application code to convert the access token sent from the front-end app to an access token with the required permission for Microsoft Graph.
50-
49+
1. Grant admin consent to bypass the user consent screen for the back-end app.
50+
1. Change the application code to convert the access token sent from the front-end app to an access token with the required permission for Microsoft Graph.
5151
1. Provide code to have backend app **exchange token** for new token with scope of downstream Azure service such as Microsoft Graph.
5252
1. Provide code to have backend app **use new token** to access downstream service as the current authenticate user.
5353
1. **Redeploy** backend app with `az webapp up`.
54+
1. At the end of this tutorial, a _real_ profile is returned to the frontend app because Graph is connected.
5455

5556
This tutorial doesn't:
5657
* Change the frontend app from the previous tutorial.
@@ -136,13 +137,13 @@ The source code to complete this step is provided for you. Use the following ste
136137
```azurecli-interactive
137138
az webapp up --resource-group myAuthResourceGroup --name <back-end-app-name>
138139
139-
## 4. Review backend code to exchange backend API token for the Microsoft Graph token
140+
## 4. Inspect backend code to exchange backend API token for the Microsoft Graph token
140141
141142
In order to change the backend API audience token for a Microsoft Graph token, the backend app needs to find the Tenant ID and use that as part of the MSAL.js configuration object. Because the backend app with configured with Microsoft as the identity provider, the Tenant ID and several other required values are already in the App service app settings.
142143
143144
The following code is already provided for you in the sample app. You need to understand why it's there and how it works so that you can apply this work to other apps you build that need this same functionality.
144145
145-
### Get the Tenant ID
146+
### Inspect code for getting the Tenant ID
146147
147148
1. Open the `./backend/src/with-graph/auth.js` file.
148149
@@ -160,7 +161,7 @@ The following code is already provided for you in the sample app. You need to un
160161
161162
3. This function gets the current tenant ID from the `WEBSITE_AUTH_OPENID_ISSUER` environment variable. The ID is parsed out of the variable with a regular expression.
162163
163-
### Configure MSAL.js
164+
### Inspect code to get Graph token using MSAL.js
164165
165166
1. Still in the `./backend/src/with-graph/auth.js` file, review the `getGraphToken()` function.
166167
1. Build the MSAL.js configuration object, use the MSAL configuration to create the clientCredentialAuthority. Configure the on-behalf-off request. Then use the acquireTokenOnBehalfOf to exchange the backend API access token for a Graph access token.
@@ -218,7 +219,7 @@ The following code is already provided for you in the sample app. You need to un
218219
}
219220
```
220221
221-
## 5. Review backend code to access Microsoft Graph with the new token
222+
## 5. Inspect backend code to access Microsoft Graph with the new token
222223
223224
To access Microsoft Graph as a user signed in to the frontend application, the changes include:
224225

0 commit comments

Comments
 (0)