Merge branch 'known-authorities' of https://github.com/AzureAD/microsoft-authentication-library-for-js into known-authorities

Author: tnorling

README.md

@@ -6,9 +6,9 @@ The Microsoft Authentication Library for JavaScript enables client-side JavaScri
 
 ### Core and wrapper libaries
 
-The [`lib`](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib) folder contains the source code for all of our libraries. You will also find all the details about **installing the libraries**, in their respective Readme.md.
+The [`lib`](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib) folder contains the source code for all of our libraries. You will also find all the details about **installing the libraries**, in their respective README.md.
 
-- [Microsoft Authentication Library for JavaScript v2.x](lib/msal-browser/): A browser-based, framework-agnostic browser library that enables authentication and token acquisition with the Microsoft Identity platform in JavaScript applications. Implements the OAuth 2.0 [Authorization Code Flow with PKCE](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow), and is [OpenID-compliant](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc).
+- [Microsoft Authentication Library for JavaScript v2.x (Preview)](lib/msal-browser/): A browser-based, framework-agnostic browser library that enables authentication and token acquisition with the Microsoft Identity platform in JavaScript applications. Implements the OAuth 2.0 [Authorization Code Flow with PKCE](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow), and is [OpenID-compliant](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc).
 
 - [Microsoft Authentication Library for JavaScript v1.x](lib/msal-core/): A browser-based, framework-agnostic core library that enables authentication and token acquisition with the Microsoft Identity platform in JavaScript applications. Implements the OAuth 2.0 [Implicit Grant Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow), and is [OpenID-compliant](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc).
 
@@ -20,7 +20,7 @@ A wrapper of the core 1.x library for apps using AngularJS framework.
 
 ### Samples
 
-The [`samples`](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples) folder contains sample applications for our libaries. A complete list of samples can be found [on our wiki](https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki/Samples).
+The [`samples`](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples) folder contains sample applications for our libaries. A complete list of samples can be found in the respective package folders or [on our wiki](https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki/Samples).
 
 ## Package versioning
 

build/npm-build-steps.yml

@@ -7,24 +7,36 @@ steps:
   displayName: 'Install Node.js'
 
 - task: Npm@1
+  displayName: 'npm ci & lerna bootstrap'
   inputs:
     command: 'custom'
     customCommand: 'ci'
     verbose: true
 
 - task: Npm@1
+  displayName: 'Build Packages'
   inputs:
     command: 'custom'
     customCommand: 'run build'
 
 - task: Npm@1
+  displayName: 'Unit Tests'
   inputs:
     command: 'custom'
     customCommand: 'run test:coverage'
 
 - task: Npm@1
+  displayName: 'Code Coverage Reporting'
   env:
     COVERALLS_REPO_TOKEN: $(COVERALLS_REPO_TOKEN)
   inputs:
     command: 'custom'
     customCommand: 'run test:report'
+
+- task: Npm@1
+  displayName: 'End-to-End Tests'
+  env:
+    AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
+  inputs:
+    command: 'custom'
+    customCommand: 'run test:e2e'

build/postinstall.js

@@ -0,0 +1,25 @@
+let exec = require("child_process").exec;
+
+if (parseInt(process.env.RUNNING_NODE_CI)) {
+    console.log("Running scoped bootstrap");
+    exec("lerna --scope @azure/* --scope msal --scope vanilla-js-test* --ignore @azure/msal-angularjs bootstrap", function (error, stdout, stderr) {
+        if (stdout) {
+            console.log('stdout' + stdout);
+        }
+        console.error('stderr: ' + stderr);
+        if (error !== null) {
+             console.log('exec error: ' + error);
+        }
+    });
+} else {
+    console.log("Running full bootstrap");
+    exec("lerna bootstrap", function (error, stdout, stderr) {
+        if (stdout) {
+            console.log('stdout' + stdout);
+        }
+        console.error('stderr: ' + stderr);
+        if (error !== null) {
+             console.log('exec error: ' + error);
+        }
+    });
+}

lerna.json

@@ -2,7 +2,14 @@
   "lerna": "3.16.4",
   "command": {
     "run": {
-      "scope": ["msal", "@azure/msal-common", "@azure/msal-browser", "@azure/msal-angular"]
+      "scope": [
+        "msal", 
+        "@azure/msal-common", 
+        "@azure/msal-browser", 
+        "@azure/msal-angular",
+        "vanilla-js-test-app",
+        "vanilla-js-test-app-2.0"
+      ]
     }
   },
   "packages": [

lib/msal-angular/package-lock.json

@@ -31,7 +31,7 @@
   "peerDependencies": {
     "@angular/common": ">= 6.0.0",
     "@angular/core": ">= 6.0.0",
-    "msal": "^1.2.2-beta.2",
+    "msal": "^1.3.0-beta.0",
     "rxjs": "^6.0.0"
   },
   "devDependencies": {
@@ -74,7 +74,7 @@
     "karma-spec-reporter": "0.0.32",
     "karma-verbose-reporter": "0.0.6",
     "karma-webpack": "^3.0.0",
-    "msal": "^1.2.2-beta.0",
+    "msal": "^1.3.0-beta.0",
     "ng-packagr": "^9.0.2",
     "phantomjs-polyfill": "0.0.2",
     "reflect-metadata": "^0.1.3",

lib/msal-angular/package.json

@@ -27,6 +27,29 @@ export class MsalGuard implements CanActivate {
         private broadcastService: BroadcastService
     ) {}
 
+    /**
+     * Builds the absolute url for the destination page
+     * @param path Relative path of requested page
+     * @returns Full destination url
+     */
+    getDestinationUrl(path: string): string {
+        // Absolute base url for the application (default to origin if base element not present)
+        const baseElements = document.getElementsByTagName("base");
+        const baseUrl = this.location.normalize(baseElements.length ? baseElements[0].href : window.location.origin);
+
+        // Path of page (including hash, if using hash routing)
+        const pathUrl = this.location.prepareExternalUrl(path);
+
+        // Hash location strategy
+        if (pathUrl.startsWith("#")) {
+            return `${baseUrl}/${pathUrl}`;
+        }
+
+        // If using path location strategy, pathUrl will include the relative portion of the base path (e.g. /base/page).
+        // Since baseUrl also includes /base, can just concatentate baseUrl + path
+        return `${baseUrl}${path}`;
+    }
+
     canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean | Promise<boolean> {
         this.authService.getLogger().verbose("location change event from old url to new url");
 
@@ -47,25 +70,19 @@ export class MsalGuard implements CanActivate {
                     .catch(() => false);
             }
 
-            const routePath = `${window.location.origin}${state.url}`;
+            const redirectStartPage = this.getDestinationUrl(state.url);
 
             this.authService.loginRedirect({
-                redirectStartPage: routePath,
+                redirectStartPage,
                 scopes: this.msalAngularConfig.consentScopes,
                 extraQueryParameters: this.msalAngularConfig.extraQueryParameters
             });
         } else {
             return this.authService.acquireTokenSilent({
                 scopes: [this.msalConfig.auth.clientId]
             })
-                .then((result: AuthResponse) => {
-                    this.broadcastService.broadcast("msal:loginSuccess",  result);
-                    return true;
-                })
-                .catch((error: AuthError) => {
-                    this.broadcastService.broadcast("msal:loginFailure", error);
-                    return false;
-                });
+                .then(() => true)
+                .catch(() => false);
         }
 
     }

lib/msal-angular/src/msal-guard.service.ts

@@ -60,7 +60,7 @@ export class MsalService extends UserAgentApplication {
             for (var i = 0; i < router.config.length; i++) {
                 if (!router.config[i].canActivate) {
                     if (this.msalAngularConfig.unprotectedResources) {
-                        if (!this.isUnprotectedResource(router.config[i].path) && !this.isEmpty(router.config[i].path)) {
+                        if (!this.isEmpty(router.config[i].path) && !this.isUnprotectedResource(router.config[i].path)) {
                             this.msalAngularConfig.unprotectedResources.push(router.config[i].path);
                         }
                     }

lib/msal-angular/src/msal.service.ts

@@ -262,3 +262,4 @@ node_modules/
 typings/
 lib/
 dist/
+ref/

lib/msal-browser/.gitignore

@@ -2,6 +2,12 @@
 
 # How do I get an authorization code from the library?
 
-# Iframe support
+Currently the msal-browser package is designed for Single-Page Applications that are handling all authentication through the browser client. We have not yet optimized this to work with server-side components. As such, requests to retrieve the authorization code from the first leg of the flow can't be met currently. We are currently working on an [implementation of msal that will run in node libraries](https://github.com/AzureAD/microsoft-authentication-library-for-js/projects/4), and as part of that we will explore options to make msal-browser work with server-side components.
 
-# B2C
+# Does this library work for iframed applications?
+
+We are currently working on support for iframed applications as well as solutions for applications affected by ITP 2.x changes. You can monitor the first of those tickets [here](#1410).
+
+# Will MSAL 2.x support B2C?
+
+We are currently working with the B2C service team to allow for authorization code flow to work in the browser with B2C tenants. We hope to have this available shortly after release.