Renamings:

- AddMicrosoftIdentityPlatformAuthentication => AddSignIn
- AddMsal => AddWebAppCallProtectedWebApi

Author: jmprieur

.gitignore

@@ -122,3 +122,4 @@
 /2-WebApp-graph-user/2-3-Multi-Tenant/.vs/WebApp-OpenIDConnect-DotNet
 /2-WebApp-graph-user/2-3-Multi-Tenant/bin/Debug/netcoreapp2.2
 /2-WebApp-graph-user/2-3-Multi-Tenant/obj
+/Microsoft.Identity.Web.Test/bin/Release/netcoreapp3.0

1-WebApp-OIDC/1-1-MyOrg/README.md

@@ -163,7 +163,7 @@ cd "1-WebApp-OIDC\1-1-MyOrg"
      by this line:
 
      ```CSharp
-      services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
+      services.AddSignIn(Configuration);
      ```
 
      This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.

1-WebApp-OIDC/1-1-MyOrg/Startup.cs

@@ -30,7 +30,7 @@ public void ConfigureServices(IServiceCollection services)
             });
 
             // Sign-in users with the Microsoft identity platform
-            services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
+            services.AddSignIn(Configuration);
 
             services.AddControllersWithViews(options =>
             {

1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md

@@ -48,14 +48,14 @@ The actual sign-in audience (accounts to sign-in) is the lowest set of what is s
 
 In order to restrict users from specific organizations to sign-in to your web app, you'll need to follow the steps above, and customize a bit more the code to restrict the valid token issuers. The token issuers are really the tenanted Azure AD authority which are allowed to issue a token to access your web application.
 
-In the `Startup.cs` file, in the `ConfigureServices` method, after `services.AddMicrosoftIdentityPlatformAuthentication(Configuration)` add some code to validate specific issuers by overriding the `TokenValidationParameters.IssuerValidator` delegate.
+In the `Startup.cs` file, in the `ConfigureServices` method, after `services.AddSignIn(Configuration)` add some code to validate specific issuers by overriding the `TokenValidationParameters.IssuerValidator` delegate.
 
 ```CSharp
     public void ConfigureServices(IServiceCollection services)
     {
     ...
     // Sign-in users with the Microsoft identity platform
-    services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
+    services.AddSignIn(Configuration);
 
     // Restrict users to specific belonging to specific tenants
     services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>

1-WebApp-OIDC/1-2-AnyOrg/README.md

@@ -136,7 +136,7 @@ cd "1-WebApp-OIDC\1-2-AnyOrg"
      by this line:
 
      ```CSharp
-      services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
+      services.AddSignIn(Configuration);
      ```
 
      This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.

1-WebApp-OIDC/1-2-AnyOrg/Startup.cs

@@ -30,7 +30,7 @@ public void ConfigureServices(IServiceCollection services)
             });
 
             // Sign-in users with the Microsoft identity platform
-            services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
+            services.AddSignIn(Configuration);
 
             services.AddControllersWithViews(options =>
             {

1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md

@@ -150,7 +150,7 @@ In the **appsettings.json** file:
      by this line:
 
      ```CSharp
-      services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
+      services.AddSignIn(Configuration);
      ```
 
      This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.

1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs

@@ -31,7 +31,7 @@ public void ConfigureServices(IServiceCollection services)
             });
 
             // Sign-in users with the Microsoft identity platform
-            services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
+            services.AddSignIn(Configuration);
 
             services.AddControllersWithViews(options =>
             {

1-WebApp-OIDC/1-4-Sovereign/README.md

@@ -124,7 +124,7 @@ cd "1-WebApp-OIDC\1-4-Sovereign"
      by this line:
 
      ```CSharp
-            services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
+            services.AddSignIn(Configuration);
      ```
 
      This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.

1-WebApp-OIDC/1-4-Sovereign/Startup.cs

@@ -31,7 +31,7 @@ public void ConfigureServices(IServiceCollection services)
             });
 
             // Sign-in users with the Microsoft identity platform
-            services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
+            services.AddSignIn(Configuration);
 
             services.AddControllersWithViews(options =>
             {

1-WebApp-OIDC/1-6-SignOut/README.md

@@ -56,7 +56,7 @@ from <https://github.com/aspnet/AspNetCore/blob/master/src/Azure/AzureAD/Authent
 The ASP.NET Core OpenIdConnect middleware enables your app to intercept the call to the Microsoft identity platform logout endpoint by providing an OpenIdConnect event named `OnRedirectToIdentityProviderForSignOut`.
 
 ```CSharp
-public static IServiceCollection AddMicrosoftIdentityPlatformAuthentication(this IServiceCollection services,
+public static IServiceCollection AddSignIn(this IServiceCollection services,
                                                             IConfiguration configuration)
 {
     services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
@@ -73,10 +73,10 @@ public static IServiceCollection AddMicrosoftIdentityPlatformAuthentication(this
 
 ### Clearing the token cache
 
-Your application can also intercept the logout event, for instance to clear the entry of the token cache associated with the account that signed out. We'll see in the second part of this tutorial (about the Web app calling a Web API), that the web app will store access tokens for the user in a cache. Intercepting the logout callback enables your web application to remove the user from the token cache. This is illustrated in the `AddMsal()` method of [StartupHelper.cs L137-143](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/b87a1d859ff9f9a4a98eb7b701e6a1128d802ec5/Microsoft.Identity.Web/StartupHelpers.cs#L137-L143)
+Your application can also intercept the logout event, for instance to clear the entry of the token cache associated with the account that signed out. We'll see in the second part of this tutorial (about the Web app calling a Web API), that the web app will store access tokens for the user in a cache. Intercepting the logout callback enables your web application to remove the user from the token cache. This is illustrated in the `AddWebAppCallProtectedWebApi()` method of [StartupHelper.cs L137-143](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/b87a1d859ff9f9a4a98eb7b701e6a1128d802ec5/Microsoft.Identity.Web/StartupHelpers.cs#L137-L143)
 
 ```CSharp
-public static IServiceCollection AddMsal(this IServiceCollection services, IEnumerable<string> initialScopes)
+public static IServiceCollection AddWebAppCallProtectedWebApi(this IServiceCollection services, IEnumerable<string> initialScopes)
 {
     services.AddTokenAcquisition();
 

2-WebApp-graph-user/2-1-Call-MSGraph/README.md

@@ -102,8 +102,8 @@ After the following lines in the ConfigureServices(IServiceCollection services)
     . . .
     // Token acquisition service based on MSAL.NET 
     // and chosen token cache implementation
-    services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
-            .AddMsal(Configuration, new string[] { Constants.ScopeUserRead })
+    services.AddSignIn(Configuration)
+            .AddWebAppCallProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead })
             .AddInMemoryTokenCache();
 ```
 

2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs

@@ -37,8 +37,8 @@ public void ConfigureServices(IServiceCollection services)
 
             // Token acquisition service based on MSAL.NET
             // and chosen token cache implementation
-            services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
-               .AddMsal(Configuration, new string[] { Constants.ScopeUserRead })
+            services.AddSignIn(Configuration)
+               .AddWebAppCallProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead })
                .AddInMemoryTokenCaches();
 
             /*

2-WebApp-graph-user/2-2-TokenCache/README-incremental-instructions.md

@@ -97,7 +97,7 @@ public void ConfigureServices(IServiceCollection services)
     // Token acquisition service based on MSAL.NET 
     // and the Sql server based token cache implementation
     services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
-            .AddMsal(new string[] { Constants.ScopeUserRead })
+            .AddWebAppCallProtectedWebApi(new string[] { Constants.ScopeUserRead })
             .AddSqlAppTokenCache(Configuration)
             .AddSqlPerUserTokenCache(Configuration);
 ```

2-WebApp-graph-user/2-2-TokenCache/README.md

@@ -182,8 +182,8 @@ public void ConfigureServices(IServiceCollection services)
     . . .
     // Token acquisition service based on MSAL.NET 
     // and the Sql server based token cache implementation
-    services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
-                    .AddMsal(Configuration, new string[] { Constants.ScopeUserRead })
+    services.AddSignIn(Configuration)
+                    .AddWebAppCallProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead })
                     .AddDistributedTokenCaches();
 
     services.AddDistributedSqlServerCache(options =>

2-WebApp-graph-user/2-2-TokenCache/Startup.cs

@@ -49,8 +49,8 @@ dotnet tool install --global dotnet-sql-cache
 
             // Token acquisition service based on MSAL.NET
             // and chosen token cache implementation
-            services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
-                    .AddMsal(Configuration, new string[] { Constants.ScopeUserRead })
+            services.AddSignIn(Configuration)
+                    .AddWebAppCallProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead })
                     .AddDistributedTokenCaches();
 
             services.AddDistributedSqlServerCache(options =>

2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md

@@ -266,7 +266,7 @@ The `https://graph.microsoft.com/.default` is a static scope that allows the ten
 
 ### Custom token validation allowing only registered tenants
 
-On the `Startup.cs` we are calling `AddMicrosoftIdentityPlatformAuthentication` to configure the authentication, and within that method, we validates that the token issuer is from AAD.
+On the `Startup.cs` we are calling `AddSignIn` to configure the authentication, and within that method, we validates that the token issuer is from AAD.
 
 ```csharp
 options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.GetIssuerValidator(options.Authority).Validate;

2-WebApp-graph-user/2-3-Multi-Tenant/README.md

@@ -242,7 +242,7 @@ The `https://graph.microsoft.com/.default` is a static scope that allows the ten
 
 ### Custom token validation allowing only registered tenants
 
-On the `Startup.cs` we are calling `AddMicrosoftIdentityPlatformAuthentication` to configure the authentication, and within that method, we validates that the token issuer is from AAD.
+On the `Startup.cs` we are calling `AddSignIn` to configure the authentication, and within that method, we validates that the token issuer is from AAD.
 
 ```csharp
 options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.GetIssuerValidator(options.Authority).Validate;

2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs

@@ -75,8 +75,8 @@ public void ConfigureServices(IServiceCollection services)
             services.AddScoped<IMSGraphService, MSGraphService>();
 
             // Sign-in users with the Microsoft identity platform
-            services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
-                    .AddMsal(Configuration, new string[] { GraphScope.UserReadAll })
+            services.AddSignIn(Configuration)
+                    .AddWebAppCallProtectedWebApi(Configuration, new string[] { GraphScope.UserReadAll })
                     .AddInMemoryTokenCaches();
 
             services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>

2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/README.md

@@ -93,8 +93,8 @@ After the following lines in the ConfigureServices(IServiceCollection services)
     . . .
     // Token acquisition service based on MSAL.NET 
     // and chosen token cache implementation
-    services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
-            .AddMsal(new string[] { Constants.ScopeUserRead })
+    services.AddSignIn(Configuration)
+            .AddWebAppCallProtectedWebApi(new string[] { Constants.ScopeUserRead })
             .AddInMemoryTokenCache();
 ```
 

2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/Startup.cs

@@ -36,8 +36,8 @@ public void ConfigureServices(IServiceCollection services)
 
             // Token acquisition service based on MSAL.NET
             // and chosen token cache implementation
-            services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
-                    .AddMsal(Configuration, new string[] { Constants.ScopeUserRead })
+            services.AddSignIn(Configuration)
+                    .AddWebAppCallProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead })
                     .AddInMemoryTokenCaches();
 
             // Add Graph

3-WebApp-multi-APIs/README.md

@@ -76,16 +76,16 @@ Starting from the [previous phase of the tutorial](../../2-WebApp-graph-user/2-1
 
 ### Update the `Startup.cs` file to enable TokenAcquisition by a MSAL.NET based service
 
-After the following lines in the ConfigureServices(IServiceCollection services) method, after `services.AddMicrosoftIdentityPlatformAuthentication(Configuration);`, add `services.AddHttpClient<IArmOperations, ArmApiOperationService>();`:
+After the following lines in the ConfigureServices(IServiceCollection services) method, after `services.AddSignIn(Configuration);`, add `services.AddHttpClient<IArmOperations, ArmApiOperationService>();`:
 
 ```CSharp
  public void ConfigureServices(IServiceCollection services)
 {
     . . .
     // Token acquisition service based on MSAL.NET 
     // and chosen token cache implementation
-    services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
-            .AddMsal(new string[] { Constants.ScopeUserRead })
+    services.AddSignIn(Configuration)
+            .AddWebAppCallProtectedWebApi(new string[] { Constants.ScopeUserRead })
             .AddInMemoryTokenCache();
     services.AddHttpClient<IArmOperations, ArmApiOperationService>();
 ```

3-WebApp-multi-APIs/Startup.cs

@@ -37,8 +37,8 @@ public void ConfigureServices(IServiceCollection services)
 
             // Token acquisition service based on MSAL.NET
             // and chosen token cache implementation
-            services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
-                    .AddMsal(Configuration, new string[] { Constants.ScopeUserRead })
+            services.AddSignIn(Configuration)
+                    .AddWebAppCallProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead })
                     .AddInMemoryTokenCaches();
 
             // Add APIs

4-WebApp-your-API/Client/Startup.cs

@@ -44,8 +44,8 @@ public void ConfigureServices(IServiceCollection services)
 
             // Token acquisition service based on MSAL.NET
             // and chosen token cache implementation
-            services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
-                    .AddMsal(Configuration, new string[] { Configuration["TodoList:TodoListScope"] })
+            services.AddSignIn(Configuration)
+                    .AddWebAppCallProtectedWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] })
                     .AddInMemoryTokenCaches();
 
             // Add APIs

4-WebApp-your-API/README-incremental-instructions.md

@@ -207,8 +207,8 @@ Add a reference to the `Microsoft.Identity.Web` library if not already present.
 1. Update the `configureServices` method in `startup.cs` to add the MSAL library and a token cache.
 
 ```CSharp
-    services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
-            .AddMsal(new string[] { Configuration["TodoList:TodoListScope"] })
+    services.AddSignIn(Configuration)
+            .AddWebAppCallProtectedWebApi(new string[] { Configuration["TodoList:TodoListScope"] })
             .AddInMemoryTokenCaches();
  ```
 

4-WebApp-your-API/README.md

@@ -248,8 +248,8 @@ NOTE: Remember, the To-Do list is stored in memory in this `TodoListService` app
      by this line:
 
      ```CSharp
-     services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
-          .AddMsal(new string[] { Configuration["TodoList:TodoListScope"] })
+     services.AddSignIn(Configuration)
+          .AddWebAppCallProtectedWebApi(new string[] { Configuration["TodoList:TodoListScope"] })
           .AddInMemoryTokenCaches();
      ```
 
@@ -279,8 +279,8 @@ NOTE: Remember, the To-Do list is stored in memory in this `TodoListService` app
 1. Update the `configureServices` method in `startup.cs` to add the MSAL library and a token cache.
 
     ```CSharp
-     services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
-          .AddMsal(new string[] { Configuration["TodoList:TodoListScope"] })
+     services.AddSignIn(Configuration)
+          .AddWebAppCallProtectedWebApi(new string[] { Configuration["TodoList:TodoListScope"] })
           .AddInMemoryTokenCaches();
     ```
 1. Update the `Configure` method to include **app.UseAuthentication();** before **app.UseMvc();**  

5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md

@@ -178,7 +178,7 @@ The asp.net middleware supports roles populated from claims by specifying the cl
 ```CSharp
 
 // Startup.cs
-public static IServiceCollection AddMicrosoftIdentityPlatformAuthentication(this IServiceCollection services, IConfiguration configuration, X509Certificate2 tokenDecryptionCertificate = null)
+public static IServiceCollection AddSignIn(this IServiceCollection services, IConfiguration configuration, X509Certificate2 tokenDecryptionCertificate = null)
 {
             // [removed for] brevity
 
@@ -232,8 +232,8 @@ The following files have the code that would be of interest to you.
      // by this line:
 
      //This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.
-            services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
-                    .AddMsal(Configuration, new string[] { "User.Read", "Directory.Read.All" }) // Adds support for the MSAL library with the permissions necessary to retrieve the signed-in user's group info in case of a token overage
+            services.AddSignIn(Configuration)
+                    .AddWebAppCallProtectedWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) // Adds support for the MSAL library with the permissions necessary to retrieve the signed-in user's group info in case of a token overage
                     .AddInMemoryTokenCaches(); // Adds aspnetcore MemoryCache as Token cache provider for MSAL.
 
         services.AddMSGraphService(Configuration);    // Adds the IMSGraphService as an available service for this app.

5-WebApp-AuthZ/5-1-Roles/README.md

@@ -253,7 +253,7 @@ The asp.net middleware supports roles populated from claims by specifying the cl
 ```CSharp
 
 // Startup.cs
-public static IServiceCollection AddMicrosoftIdentityPlatformAuthentication(this IServiceCollection services, IConfiguration configuration, X509Certificate2 tokenDecryptionCertificate = null)
+public static IServiceCollection AddSignIn(this IServiceCollection services, IConfiguration configuration, X509Certificate2 tokenDecryptionCertificate = null)
 {
             // [removed for] brevity
 

5-WebApp-AuthZ/5-1-Roles/Startup.cs

@@ -46,8 +46,8 @@ public void ConfigureServices(IServiceCollection services)
 
             // Token acquisition service based on MSAL.NET
             // and chosen token cache implementation
-            services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
-                                .AddMsal(Configuration, new string[] { Constants.ScopeUserRead })
+            services.AddSignIn(Configuration)
+                                .AddWebAppCallProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead })
                                 .AddInMemoryTokenCaches();
 
             // Add Graph