Update aad-starter's README.md. (Azure#18894)

* update aad-starter's README.md. * Delete registrationId in redirectUri.
AzureSDKAutomation · Feb 5, 2021 · 8a0fe63 · 8a0fe63
1 parent 36e0805
commit 8a0fe63
Show file tree

Hide file tree

Showing 28 changed files with 245 additions and 158 deletions.
diff --git a/...-spring-boot-samples/azure-spring-boot-sample-active-directory-webapp/README.md b/...-spring-boot-samples/azure-spring-boot-sample-active-directory-webapp/README.md
@@ -9,16 +9,15 @@ We need to ensure that this [environment checklist][ready-to-run-checklist] is c
 
 ### Configure web app
 1. Search for and select your tenant in **Azure Active Directory**.
-2. Under Manage In the same tenant, select **App registrations** -> **New registration**.![Protal manage](docs/image-protal-manage.png "Protal manage")
-3. The registered application name is filled into `webapp`, select **Accounts in this organizational directory only**, click the **register** button.![Register a web app](docs/image-register-a-web-app.png "Register a web app")
-4. Under **webapp** application, select **Certificates & secrets** -> **new client secret**, expires select **Never**, click the **add** button.(Remember to save the secrets here and use them later.)![Creat secrets](docs/image-creat-secrets-app.png "Creat secrets")
-5. Under **webapp** application, select **Authentication** -> **Add a platform**, select **web** platform, redirect urls set to `http://localhost:8080/login/oauth2/code/azure`, check the **Access Tokens** and **ID Tokens** checkboxes, click **configure** button.![Add a platfform](docs/image-add-a-platfform.png "Add a platfform")
-6. Under **webapp** application, select **Authentication** -> **Add URI**, you need to add redirect URIs of `http://localhost:8080/login/oauth2/code/arm`. ![App add url](docs/image-app-add-url.png "App add url")
-7. Under **webapp** application, select **API permissions** -> **Add a permission**, select **Microsoft Graph**. Next, search `Directory.AccessAsUser.All` via **select Permissions**, check the check box, click **add permissions** button.(`User.Read` is created automatically, we need to keep it.)![Api permission](docs/image-api-permissions.png "Api permission")
-8. Similarly, add the following permissions: 
+1. Under Manage In the same tenant, select **App registrations** -> **New registration**.![Protal manage](docs/image-protal-manage.png "Protal manage")
+1. The registered application name is filled into `webapp`, select **Accounts in this organizational directory only**, click the **register** button.![Register a web app](docs/image-register-a-web-app.png "Register a web app")
+1. Under **webapp** application, select **Certificates & secrets** -> **new client secret**, expires select **Never**, click the **add** button.(Remember to save the secrets here and use them later.)![Creat secrets](docs/image-creat-secrets-app.png "Creat secrets")
+1. Under **webapp** application, select **Authentication** -> **Add a platform**, select **web** platform, redirect urls set to `http://localhost:8080/login/oauth2/code/`, check the **Access Tokens** and **ID Tokens** checkboxes, click **configure** button.![Add a platfform](docs/image-add-a-platfform.png "Add a platfform")
+1. Under **webapp** application, select **API permissions** -> **Add a permission**, select **Microsoft Graph**. Next, search `Directory.AccessAsUser.All` via **select Permissions**, check the check box, click **add permissions** button.(`User.Read` is created automatically, we need to keep it.)![Api permission](docs/image-api-permissions.png "Api permission")
+1. Similarly, add the following permissions: 
    - **user_impersonation** in **Azure Service Management**,
    - **ActivityFeed.Read**, **ActivityFeed.ReadDlp**, **ServiceHealth.Read** in **Office 365 Management APIs**.![Add permissions](docs/image-add-permissions.png "Add permissions")
-9. click **Grant admin consent for...**.![Grant permission](docs/image-grant-permission.png "Grant permission")
+1. click **Grant admin consent for...**.![Grant permission](docs/image-grant-permission.png "Grant permission")
 11. Manually remove the admin consent for **user_impersonation**.(Easy to see incremental authorization.)![Final](docs/image-final.png "Final")
 
 See [Register app], [Grant scoped permission] for more information about web app.

diff --git a/...les/azure-spring-boot-sample-active-directory-webapp/docs/image-app-add-url.png b/...les/azure-spring-boot-sample-active-directory-webapp/docs/image-app-add-url.png
diff --git a/...rectory-webapp/src/main/java/com/azure/spring/sample/aad/controller/ClientController.java b/...rectory-webapp/src/main/java/com/azure/spring/sample/aad/controller/ClientController.java
@@ -20,26 +20,28 @@ public class ClientController {
     public String index(
         Model model,
         OAuth2AuthenticationToken authentication,
-        @RegisteredOAuth2AuthorizedClient("azure") OAuth2AuthorizedClient authorizedClient
+        @RegisteredOAuth2AuthorizedClient("azure") OAuth2AuthorizedClient azureClient
     ) {
         model.addAttribute("userName", authentication.getName());
-        model.addAttribute("clientName", authorizedClient.getClientRegistration().getClientName());
+        model.addAttribute("clientName", azureClient.getClientRegistration().getClientName());
         return "index";
     }
 
     @GetMapping("/graph")
     @ResponseBody
     public String graph(
-        @RegisteredOAuth2AuthorizedClient("graph") OAuth2AuthorizedClient oAuth2AuthorizedClient
+        @RegisteredOAuth2AuthorizedClient("graph") OAuth2AuthorizedClient graphClient
     ) {
-        return toJsonString(oAuth2AuthorizedClient);
+        // toJsonString() is just a demo.
+        // oAuth2AuthorizedClient contains access_token. We can use this access_token to access resource server.
+        return toJsonString(graphClient);
     }
 
     @GetMapping("/office")
     @ResponseBody
     public String office(
-        @RegisteredOAuth2AuthorizedClient("office") OAuth2AuthorizedClient oAuth2AuthorizedClient
+        @RegisteredOAuth2AuthorizedClient("office") OAuth2AuthorizedClient officeClient
     ) {
-        return toJsonString(oAuth2AuthorizedClient);
+        return toJsonString(officeClient);
     }
 }
diff --git a/...webapp/src/main/java/com/azure/spring/sample/aad/controller/OnDemandClientController.java b/...webapp/src/main/java/com/azure/spring/sample/aad/controller/OnDemandClientController.java
@@ -17,8 +17,10 @@ public class OnDemandClientController {
     @GetMapping("/arm")
     @ResponseBody
     public String arm(
-        @RegisteredOAuth2AuthorizedClient("arm") OAuth2AuthorizedClient oAuth2AuthorizedClient
+        @RegisteredOAuth2AuthorizedClient("arm") OAuth2AuthorizedClient armClient
     ) {
-        return toJsonString(oAuth2AuthorizedClient);
+        // toJsonString() is just a demo.
+        // oAuth2AuthorizedClient contains access_token. We can use this access_token to access resource server.
+        return toJsonString(armClient);
     }
 }