Merge pull request #7 from Azure-Samples/app_creation_scripts

abhidnya13 · web-flow · commit 016a1f8d4de2 · 2019-11-08T14:46:39.000-08:00
Updating AppCreation scripts
diff --git a/AppCreationScripts/Cleanup.ps1 b/AppCreationScripts/Cleanup.ps1
@@ -9,7 +9,7 @@ if ($null -eq (Get-Module -ListAvailable -Name "AzureAD")) {
     Install-Module "AzureAD" -Scope CurrentUser 
 } 
 Import-Module AzureAD
-$ErrorActionPreference = 'Stop'
+$ErrorActionPreference = "Stop"
 
 Function Cleanup
 {
diff --git a/AppCreationScripts/Configure.ps1 b/AppCreationScripts/Configure.ps1
@@ -65,7 +65,7 @@ Function AddResourcePermission($requiredAccess, `
 }
 
 #
-# Exemple: GetRequiredPermissions "Microsoft Graph"  "Graph.Read|User.Read"
+# Example: GetRequiredPermissions "Microsoft Graph"  "Graph.Read|User.Read"
 # See also: http://stackoverflow.com/questions/42164581/how-to-configure-a-new-azure-ad-application-through-powershell
 Function GetRequiredPermissions([string] $applicationDisplayName, [string] $requiredDelegatedPermissions, [string]$requiredApplicationPermissions, $servicePrincipal)
 {
@@ -129,18 +129,18 @@ Function ReplaceInTextFile([string] $configFilePath, [System.Collections.HashTab
     Set-Content -Path $configFilePath -Value $lines -Force
 }
 
-
 Set-Content -Value "<html><body><table>" -Path createdApps.html
 Add-Content -Value "<thead><tr><th>Application</th><th>AppId</th><th>Url in the Azure portal</th></tr></thead><tbody>" -Path createdApps.html
 
+$ErrorActionPreference = "Stop"
+
 Function ConfigureApplications
 {
 <#.Description
    This function creates the Azure AD applications for the sample in the provided Azure AD tenant and updates the
    configuration files in the client and service project  of the visual studio solution (App.Config and Web.Config)
    so that they are consistent with the Applications parameters
 #> 
-
     $commonendpoint = "common"
 
     # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant
@@ -172,7 +172,7 @@ Function ConfigureApplications
     $tenant = Get-AzureADTenantDetail
     $tenantName =  ($tenant.VerifiedDomains | Where { $_._Default -eq $True }).Name
 
-    # Get the user running the script
+    # Get the user running the script to add the user as the app owner
     $user = Get-AzureADUser -ObjectId $creds.Account.Id
 
    # Create the pythonwebapp AAD application
@@ -182,15 +182,16 @@ Function ConfigureApplications
    $fromDate = [DateTime]::Now;
    $key = CreateAppKey -fromDate $fromDate -durationInYears 2 -pw $pw
    $pythonwebappAppKey = $pw
+   # create the application 
    $pythonwebappAadApplication = New-AzureADApplication -DisplayName "python-webapp" `
-                                                        -LogoutUrl "http://localhost:5000/logout" `
                                                         -ReplyUrls "http://localhost:5000/getAToken" `
                                                         -IdentifierUris "https://$tenantName/python-webapp" `
                                                         -AvailableToOtherTenants $True `
                                                         -PasswordCredentials $key `
                                                         -Oauth2AllowImplicitFlow $true `
                                                         -PublicClient $False
 
+   # create the service principal of the newly created application 
    $currentAppId = $pythonwebappAadApplication.AppId
    $pythonwebappServicePrincipal = New-AzureADServicePrincipal -AppId $currentAppId -Tags {WindowsAzureActiveDirectoryIntegratedApp}
 
@@ -215,7 +216,7 @@ Function ConfigureApplications
    # Add Required Resources Access (from 'pythonwebapp' to 'Microsoft Graph')
    Write-Host "Getting access from 'pythonwebapp' to 'Microsoft Graph'"
    $requiredPermissions = GetRequiredPermissions -applicationDisplayName "Microsoft Graph" `
-                                                -requiredDelegatedPermissions "User.Read" `
+                                                -requiredDelegatedPermissions "User.ReadBasic.All" `
 
    $requiredResourcesAccess.Add($requiredPermissions)
 
@@ -235,7 +236,8 @@ Function ConfigureApplications
 # Pre-requisites
 if ((Get-Module -ListAvailable -Name "AzureAD") -eq $null) { 
     Install-Module "AzureAD" -Scope CurrentUser 
-} 
+}
+
 Import-Module AzureAD
 
 # Run interactively (will ask you for the tenant ID)
diff --git a/AppCreationScripts/sample.json b/AppCreationScripts/sample.json
@@ -22,12 +22,11 @@
         {
           "Resource": "Microsoft Graph",
           "DelegatedPermissions": [
-            "User.Read"
+            "User.ReadBasic.All"
           ]
         }
       ],
-      "ReplyUrls": "http://localhost:5000/getAToken",
-      "LogoutUrl": "http://localhost:5000/logout"
+      "ReplyUrls": "http://localhost:5000/getAToken"
     }
   ],
 

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ if ($null -eq (Get-Module -ListAvailable -Name "AzureAD")) {`
`9`	`9`	`Install-Module "AzureAD" -Scope CurrentUser`
`10`	`10`	`}`
`11`	`11`	`Import-Module AzureAD`
`12`		`-$ErrorActionPreference = 'Stop'`
	`12`	`+$ErrorActionPreference = "Stop"`
`13`	`13`
`14`	`14`	`Function Cleanup`
`15`	`15`	`{`
Original file line number	Diff line number	Diff line change
`@@ -22,12 +22,11 @@`
`22`	`22`	`{`
`23`	`23`	`"Resource": "Microsoft Graph",`
`24`	`24`	`"DelegatedPermissions": [`
`25`		`- "User.Read"`
	`25`	`+ "User.ReadBasic.All"`
`26`	`26`	`]`
`27`	`27`	`}`
`28`	`28`	`],`
`29`		`- "ReplyUrls": "http://localhost:5000/getAToken",`
`30`		`- "LogoutUrl": "http://localhost:5000/logout"`
	`29`	`+ "ReplyUrls": "http://localhost:5000/getAToken"`
`31`	`30`	`}`
`32`	`31`	`],`
`33`	`32`