chore: update unpkg link to pin to major versions (#1906)

* correcting links to use the right format

* updating readme to explain version pinning

* removing double @ in urls

* added details on why @2 fragment is needed

Author: gavinbarron

auth.html

@@ -1,6 +1,6 @@
 <html>
   <head>
-    <script src="https://unpkg.com/@microsoft/teams-js/dist/MicrosoftTeams.min.js" crossorigin="anonymous"></script>
+    <script src="https://unpkg.com/@microsoft/teams-js@2/dist/MicrosoftTeams.min.js" crossorigin="anonymous"></script>
     <!-- <script src="./packages/mgt/dist/bundle/mgt-loader.js"></script>
     <script>
       mgt.TeamsProvider.handleAuth();

index.html

@@ -1,67 +1,65 @@
 <!DOCTYPE html>
 <html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+    <title>Microsoft Graph Toolkit Test</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
 
-<head>
-  <meta charset="utf-8" />
-  <meta http-equiv="X-UA-Compatible" content="IE=edge" />
-  <title>Microsoft Graph Toolkit Test</title>
-  <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <link href="https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.1/normalize.min.css" rel="stylesheet" />
+    <!-- <script src="./node_modules/@webcomponents/webcomponentsjs/webcomponents-loader.js"></script> -->
 
-  <link href="https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.1/normalize.min.css" rel="stylesheet" />
-  <!-- <script src="./node_modules/@webcomponents/webcomponentsjs/webcomponents-loader.js"></script> -->
+    <script src="https://unpkg.com/@microsoft/teams-js@2/dist/MicrosoftTeams.min.js" crossorigin="anonymous"></script>
 
-  <script src="https://unpkg.com/@microsoft/teams-js/dist/MicrosoftTeams.min.js" crossorigin="anonymous"></script>
+    <!-- <script src="./packages/mgt/dist/bundle/mgt-loader.js"></script> -->
 
-  <!-- <script src="./packages/mgt/dist/bundle/mgt-loader.js"></script> -->
+    <script type="module" src="./packages/mgt/dist/es6/index.js"></script>
+  </head>
 
-  <script type="module" src="./packages/mgt/dist/es6/index.js"></script>
-</head>
-
-<body>
-  <!-- <mgt-teams-provider
+  <body>
+    <!-- <mgt-teams-provider
       client-id="a974dfa0-9f57-49b9-95db-90f04ce2111a"
       auth-popup-url="auth.html"
     ></mgt-teams-provider> -->
 
-  <!-- <mgt-teams-msal2-provider
+    <!-- <mgt-teams-msal2-provider
       client-id="72482bff-ecae-44f5-8fdc-513b7f5602e7"
       scopes="user.read,user.read.all,mail.readBasic,people.read,people.read.all,sites.read.all,user.readbasic.all,contacts.read,presence.read,presence.read.all,tasks.readwrite,tasks.read,calendars.read,group.read.all"
       auth-popup-url="auth.html"
     ></mgt-teams-msal2-provider> -->
 
-  <!-- Teams Msal2 provider in SSO mode (see "teams-sso-node" sample) -->
-  <!-- <mgt-teams-msal2-provider
+    <!-- Teams Msal2 provider in SSO mode (see "teams-sso-node" sample) -->
+    <!-- <mgt-teams-msal2-provider
       client-id="72482bff-ecae-44f5-8fdc-513b7f5602e7"
       scopes="user.read,user.read.all,mail.readBasic,people.read,people.read.all,sites.read.all,user.readbasic.all,contacts.read,presence.read,presence.read.all,tasks.readwrite,tasks.read,calendars.read,group.read.all"
       auth-popup-url="auth.html"
       sso-url="http://localhost:5000/api/token"
       http-method="POST"
     ></mgt-teams-msal2-provider> -->
 
-  <!-- <mgt-msal-provider
+    <!-- <mgt-msal-provider
       client-id="a974dfa0-9f57-49b9-95db-90f04ce2111a"
       scopes="user.read,user.read.all,mail.readBasic,people.read,people.read.all,sites.read.all,user.readbasic.all,contacts.read,presence.read,presence.read.all,tasks.readwrite,tasks.read,calendars.read,group.read.all"
       redirect-uri="http://localhost:3000"
       depends-on="mgt-teams-provider"
     ></mgt-msal-provider> -->
 
-  <!-- <mgt-msal2-provider
+    <!-- <mgt-msal2-provider
       client-id="2dfea037-938a-4ed8-9b35-c05708a1b241"
       redirect-uri="http://localhost:3000"
       scopes="user.read,user.read.all,mail.readBasic,people.read,people.read.all,sites.read.all,user.readbasic.all,contacts.read,presence.read,presence.read.all,tasks.readwrite,tasks.read,calendars.read,group.read.all"
     ></mgt-msal2-provider> -->
 
-  <mgt-mock-provider></mgt-mock-provider>
-
-  <mgt-login></mgt-login>
-  <mgt-person person-query="me" view="twoLines" person-card="click" show-presence></mgt-person>
-  <mgt-people-picker></mgt-people-picker>
-  <mgt-teams-channel-picker></mgt-teams-channel-picker>
-  <mgt-tasks></mgt-tasks>
-  <mgt-agenda group-by-day></mgt-agenda>
-  <mgt-people show-presence></mgt-people>
-  <mgt-todo></mgt-todo>
-  <mgt-file-list></mgt-file-list>
-</body>
+    <mgt-mock-provider></mgt-mock-provider>
 
-</html>
+    <mgt-login></mgt-login>
+    <mgt-person person-query="me" view="twoLines" person-card="click" show-presence></mgt-person>
+    <mgt-people-picker></mgt-people-picker>
+    <mgt-teams-channel-picker></mgt-teams-channel-picker>
+    <mgt-tasks></mgt-tasks>
+    <mgt-agenda group-by-day></mgt-agenda>
+    <mgt-people show-presence></mgt-people>
+    <mgt-todo></mgt-todo>
+    <mgt-file-list></mgt-file-list>
+  </body>
+</html>

packages/mgt/README.md

@@ -46,13 +46,15 @@ You can use the components by referencing the loader directly (via unpkg), or in
 ### Use via mgt-loader:
 
 ```html
-<script src="https://unpkg.com/@microsoft/mgt/dist/bundle/mgt-loader.js"></script>
+<script src="https://unpkg.com/@microsoft/mgt@2/dist/bundle/mgt-loader.js"></script>
 ```
 
+> NOTE: This link will load the highest available version of @microsoft/mgt in the range `>= 2.0.0 < 3.0.0`, omitting the `@2` fragment from the url results in loading the latest version. This could result in loading a new major version and breaking the application.
+
 You can then start using the components in your html page. Here is a full working example with the Msal provider:
 
 ```html
-<script src="https://unpkg.com/@microsoft/mgt/dist/bundle/mgt-loader.js"></script>
+<script src="https://unpkg.com/@microsoft/mgt@2/dist/bundle/mgt-loader.js"></script>
 
 <mgt-msal-provider client-id="[CLIENT-ID]"></mgt-msal-provider>
 

readme.md

@@ -104,13 +104,15 @@ You can use the components by referencing the loader directly (via unpkg), or in
 ### Use via mgt-loader:
 
 ```html
-<script src="https://unpkg.com/@microsoft/mgt/dist/bundle/mgt-loader.js"></script>
+<script src="https://unpkg.com/@microsoft/mgt@2/dist/bundle/mgt-loader.js"></script>
 ```
 
+> NOTE: This link will load the highest available version of @microsoft/mgt in the range `>= 2.0.0 < 3.0.0`, omitting the `@2` fragment from the url results in loading the latest version. This could result in loading a new major version and breaking the application.
+
 You can then start using the components in your html page. Here is a full working example with the Msal2 provider:
 
 ```html
-<script src="https://unpkg.com/@microsoft/mgt/dist/bundle/mgt-loader.js"></script>
+<script src="https://unpkg.com/@microsoft/mgt@2/dist/bundle/mgt-loader.js"></script>
 <mgt-msal2-provider client-id="[CLIENT-ID]"></mgt-msal2-provider>
 <mgt-login></mgt-login>
 
@@ -154,8 +156,8 @@ cd ./samples/react-app/
 yarn start
 ```
 
-This also means that running the samples in isolation may fail if there are breaking changes between the published version of mgt and the local copy. 
-To workaround this, use samples that are known to be compatible with a specific release by checking out the appropriate branch or tag first. 
+This also means that running the samples in isolation may fail if there are breaking changes between the published version of mgt and the local copy.
+To workaround this, use samples that are known to be compatible with a specific release by checking out the appropriate branch or tag first.
 
 ## Contribute
 

samples/msal2provider-asp-net-core-sso/Pages/Shared/_Layout.cshtml

@@ -12,7 +12,7 @@
 
   @if (User.Identity.IsAuthenticated)
   {
-<script src="https://unpkg.com/@@microsoft/mgt/dist/bundle/mgt-loader.js"></script>
+<script src="https://unpkg.com/@@microsoft/mgt@2/dist/bundle/mgt-loader.js"></script>
 <script>
             mgt.Providers.globalProvider = new mgt.Msal2Provider({
                 clientId: "@Configuration["AzureAd:ClientId"]",

samples/msal2provider-asp-net-core-sso/README.md

@@ -36,7 +36,7 @@ To run the sample, you will need to create a client id and secret first and upda
 
 ## How it works
 
-The web app is built with ASP.NET Core and users are authenticated with the [Microsoft.Identity.Web](https://www.nuget.org/packages/Microsoft.Identity.Web) package. This allows developers to authenticate users and authorize access to Web APIs (like Microsoft Graph) from the backend. 
+The web app is built with ASP.NET Core and users are authenticated with the [Microsoft.Identity.Web](https://www.nuget.org/packages/Microsoft.Identity.Web) package. This allows developers to authenticate users and authorize access to Web APIs (like Microsoft Graph) from the backend.
 
 To use MGT components in the app, the client must also be able auth users and fetch tokens for Microsoft Graph. To avoid signing in the user twice just to be able to call Microsoft Graph from the client, we can leverage SSO to automatically sign in users via the current session that was established when the user signed in once.
 
@@ -45,7 +45,7 @@ First, we reference the toolkit and instantiate a new Msal2Provider in the **Pag
 ```js
 @if (User.Identity.IsAuthenticated)
 {
-    <script src="https://unpkg.com/@@microsoft/mgt/dist/bundle/mgt-loader.js"></script>
+    <script src="https://unpkg.com/@@microsoft/mgt@2/dist/bundle/mgt-loader.js"></script>
 
     <script>
         mgt.Providers.globalProvider = new mgt.Msal2Provider({
@@ -58,19 +58,19 @@ First, we reference the toolkit and instantiate a new Msal2Provider in the **Pag
 }
 ```
 
-To enable SSO, we need to provide a `loginHint` (the email for the current signed in user) or an `sid` (session id). This will set the provider in SSO mode which will attempt to sign in the user if they are already signed in elsewhere. 
+To enable SSO, we need to provide a `loginHint` (the email for the current signed in user) or an `sid` (session id). This will set the provider in SSO mode which will attempt to sign in the user if they are already signed in elsewhere.
 
 Notice, we are also setting a redirect Uri to an empty page we created (`/sso.html`) as page for the sso process to redirect to. We've also added this page (`https://localhost/sso.html`) as a SPA redirect uri for our AAD app.
 
-Also notice that we are not setting any scopes here. All scopes are added on the .Net side in **appsettings.json** so that the user consents once when they sign in for the first time. 
+Also notice that we are not setting any scopes here. All scopes are added on the .Net side in **appsettings.json** so that the user consents once when they sign in for the first time.
 
 Finally, we are now able to use the mgt components through out our app. Here are the components being used in **Index.cshtml**:
 
 ```js
 @if (User.Identity.IsAuthenticated)
 {
     <div>Signed in User: <mgt-person person-query="me" view="oneline"></mgt-person></div>
-    
+
     <mgt-people-picker></mgt-people-picker>
 
     <mgt-agenda></mgt-agenda>

samples/msal2provider-asp-net-core-sso/appsettings.json

@@ -5,8 +5,7 @@
     "ClientId": "CLIENT ID GOES HERE",
     "TenantId": "common",
     "ClientSecret": "SECRET GOES HERE",
-    "ClientCertificates": [
-    ],
+    "ClientCertificates": [],
     "CallbackPath": "/signin-oidc"
   },
   "DownstreamApi": {

samples/proxy-provider-asp-net-core/README.md

@@ -1,6 +1,6 @@
 # Proxy Provider and ASP.NET Core
 
-To use the Microsoft Graph Toolkit with backend authentication, one solution is to proxy all calls from the front end to the back end. The Microsoft Graph Toolkit ships with an authentication provider implementation (ProxyProvider) that enables all components to call the Microsoft Graph via the backend. 
+To use the Microsoft Graph Toolkit with backend authentication, one solution is to proxy all calls from the front end to the back end. The Microsoft Graph Toolkit ships with an authentication provider implementation (ProxyProvider) that enables all components to call the Microsoft Graph via the backend.
 
 This sample is a reference on how to leverage the [ProxyProvider](https://learn.microsoft.com/graph/toolkit/providers/proxy) with an ASP.NET Core backend. However, it is worth noting that the ProxyProvider can work with any backend service.
 
@@ -9,7 +9,7 @@ This sample is a reference on how to leverage the [ProxyProvider](https://learn.
 The ProxyProvider is instantiated in `Views\Shares\_Layout.cshtml`:
 
 ```html
-<script src='https://unpkg.com/@Html.Raw("@")microsoft/mgt/dist/bundle/mgt-loader.js'></script>
+<script src='https://unpkg.com/@Html.Raw("@")microsoft/mgt@2/dist/bundle/mgt-loader.js'></script>
 <script>
     const provider = new mgt.ProxyProvider("/api/proxy");
     provider.login = () => window.location.href = '@Url.Action("SignIn", "Account")';
@@ -24,7 +24,7 @@ This code snippet also defines a login and logout functions that are used by the
 
 ## Backend code
 
-The `/api/Proxy` endpoint that handles all calls to the Microsoft Graph is defined in `Controllers\ProxyController.cs`. 
+The `/api/Proxy` endpoint that handles all calls to the Microsoft Graph is defined in `Controllers\ProxyController.cs`.
 
 This custom implementation simply proxies every method (**GET**, **POST**, **DELETE**, **PUT**, **PATCH**), and makes the actual call to the Microsoft Graph using the token generated through [MSAL.NET](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet). Notice that several headers required by the Microsoft Graph are also proxied with each request.
 

samples/proxy-provider-asp-net-core/Views/Shared/_Layout.cshtml

@@ -19,7 +19,7 @@
         <link rel="stylesheet" href="~/css/site.min.css" asp-append-version="true" />
     </environment>
 
-    <script src="https://unpkg.com/@Html.Raw("@")microsoft/mgt/dist/bundle/mgt-loader.js"></script>
+    <script src='https://unpkg.com/@Html.Raw("@")microsoft/mgt@2/dist/bundle/mgt-loader.js'></script>
 
     <script>
         const provider = new mgt.ProxyProvider("/api/Proxy");

samples/proxy-provider-asp-net-mvc/README.md

@@ -1,6 +1,6 @@
 # Proxy Provider and ASP.NET MVC
 
-To use the Microsoft Graph Toolkit with backend authentication, one solution is to proxy all calls from the front end to the back end. The Microsoft Graph Toolkit ships with an authentication provider implementation (ProxyProvider) that enables all components to call the Microsoft Graph via the backend. 
+To use the Microsoft Graph Toolkit with backend authentication, one solution is to proxy all calls from the front end to the back end. The Microsoft Graph Toolkit ships with an authentication provider implementation (ProxyProvider) that enables all components to call the Microsoft Graph via the backend.
 
 This sample is a reference on how to leverage the [ProxyProvider](https://learn.microsoft.com/graph/toolkit/providers/proxy) with an ASP.NET MVC backend. However, it is worth nothing that the ProxyProvider can work with any backend service.
 
@@ -9,7 +9,7 @@ This sample is a reference on how to leverage the [ProxyProvider](https://learn.
 The ProxyProvider is instantiated in `Views\Shares\_Layout.cshtml`:
 
 ```html
-<script src='https://unpkg.com/@Html.Raw("@")microsoft/mgt/dist/bundle/mgt-loader.js'></script>
+<script src='https://unpkg.com/@Html.Raw("@")microsoft/mgt@2/dist/bundle/mgt-loader.js'></script>
 <script>
     const provider = new mgt.ProxyProvider("https://localhost:44375/api/GraphProxy");
     provider.login = () => window.location.href = '@Url.Action("SignIn", "Account")';
@@ -24,7 +24,7 @@ This code snippet also defines a login and logout functions that are used by the
 
 ## Backend code
 
-The `/api/GraphProxy` endpoint that handles all calls to the Microsoft Graph is defined in `Controllers\GraphProxyController.cs`. 
+The `/api/GraphProxy` endpoint that handles all calls to the Microsoft Graph is defined in `Controllers\GraphProxyController.cs`.
 
 This custom implementation simply proxies every method (**GET**, **POST**, **DELETE**, **PUT**, **PATCH**), and makes the actual call to the Microsoft Graph using the token generated through the Auth2.0 On-Behalf-Of (OBO) flow. Notice that several headers required by the Microsoft Graph are also proxied with each request.