Merge branch 'master' of https://github.com/azure-ad-b2c/samples

policies/AAD-SignIn-with-REST/policy/B2C_1A_SignUpOrSignin_AADRest.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
   xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
-  xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="yourtenant.onmicrosoft.com" PolicyId="B2C_1A_SignUpOrSignin_AADRest" PublicPolicyUri="http://yourtenant.onmicrosoft.com/B2C_1A_PasswordReset_PhoneNumber" DeploymentMode="Development">
+  xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="yourtenant.onmicrosoft.com" PolicyId="B2C_1A_SignUpOrSignin_AADRest" PublicPolicyUri="http://yourtenant.onmicrosoft.com/B2C_1A_SignUpOrSignin_AADRest" DeploymentMode="Development">
 
   <BasePolicy>
     <TenantId>yourtenant.onmicrosoft.com</TenantId>

policies/custom-email-verifcation-displaycontrol/policy/SendGrid/DisplayControl_TrustFrameworkExtensions.xml

@@ -84,7 +84,7 @@
       </ContentDefinition>
     </ContentDefinitions>
     <Localization Enabled="true">
-      <SupportedLanguages DefaultLanguage="en" MergeBehavior="Append">
+      <SupportedLanguages DefaultLanguage="en" MergeBehavior="ReplaceAll">
         <SupportedLanguage>en</SupportedLanguage>
         <SupportedLanguage>es</SupportedLanguage>
       </SupportedLanguages>

policies/custom-email-verifcation-displaycontrol/policy/Sendinblue/DisplayControl_TrustFrameworkExtensions.xml

@@ -58,8 +58,8 @@
           <InputClaim ClaimTypeReferenceId="signature" TransformationClaimType="params.signature" />
         </InputClaims>
         <InputParameters>
-          <!-- TBD <InputParameter Id="template_id" DataType="int" Value="your-sendinblue-templateid"/> -->
-          <InputParameter Id="template_id" DataType="int" Value="1" />
+          <!-- TBD <InputParameter Id="templateId" DataType="int" Value="your-sendinblue-templateid"/> -->
+          <InputParameter Id="templateId" DataType="int" Value="1" />
         </InputParameters>
         <OutputClaims>
           <OutputClaim ClaimTypeReferenceId="emailRequestBody" TransformationClaimType="outputClaim" />
@@ -297,4 +297,4 @@
       </TechnicalProfiles>
     </ClaimsProvider>
   </ClaimsProviders>
-</TrustFrameworkPolicy>
+</TrustFrameworkPolicy>

policies/custom-email-verifcation-displaycontrol/readme.md

@@ -14,7 +14,7 @@ This sample is detailed on the Microsoft B2C documentation site:
 
 | Policy                                 | Documentation                                                                                                                                   |
 |----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------|
-| [Mailjet policy](policy/Mailjet)       | [Custom email verification with Mailjet](https://docs.microsoft.com/azure/active-directory-b2c/custom-email-mailet)                             |
+| [Mailjet policy](policy/Mailjet)       | [Custom email verification with Mailjet](https://docs.microsoft.com/azure/active-directory-b2c/custom-email-mailjet)                             |
 | [SendGrid policy](policy/SendGrid)     | [Custom email verification with SendGrid](https://docs.microsoft.com/azure/active-directory-b2c/custom-email-sendgrid)                          |
 | [SSPR policy](policy/SSPR)             | [Azure AD B2C email verification with SSPR technical profile](https://docs.microsoft.com/azure/active-directory-b2c/aad-sspr-technical-profile) |
 | [Sendinblue policy](policy/Sendinblue) | [Custom email verification with Sendinblue](Sendinblue.md)        

policies/custom-sms-displaycontrol/policy/TrustFrameworkExtensionsCustomSMS.xml

@@ -112,7 +112,7 @@
           <Action Id="SendCode">
             <ValidationClaimsExchange>
               <ValidationClaimsExchangeTechnicalProfile TechnicalProfileReferenceId="GenerateOtp-ReadOnly" />
-              <ValidationClaimsExchangeTechnicalProfile TechnicalProfileReferenceId="TwilioRestAPI-Verify" />
+              <ValidationClaimsExchangeTechnicalProfile TechnicalProfileReferenceId="TwilioRestAPI-Send" />
             </ValidationClaimsExchange>
           </Action>
           <Action Id="VerifyCode">
@@ -169,7 +169,7 @@
     <ClaimsProvider>
       <DisplayName>Custom REST API</DisplayName>
       <TechnicalProfiles>
-        <TechnicalProfile Id="TwilioRestAPI-Verify">
+        <TechnicalProfile Id="TwilioRestAPI-Send">
           <DisplayName>Validate user input data and return loyaltyNumber claim</DisplayName>
           <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
           <Metadata>

policies/devops-pipeline/README.md

@@ -41,7 +41,7 @@ These policies are then batched by their hierarchy in the tree, as well as their
 
 1. 1A_Base
 2. 1A_EXT
-3. 1A_LBASE, 1A_LSBASE
+3. 1A_LBASE, 1A_SBASE
 4. 1A_LSS, 1A_LPR
 5. 1A_LSSS
 
@@ -52,29 +52,43 @@ These policies are then batched by their hierarchy in the tree, as well as their
 
 To deploy locally, you need to install the cli tool.
 
-### Via npm
+### Via curl
 ```sh
-npm install -g ieftool
+curl https://raw.githubusercontent.com/judedaryl/go-ieftool/main/install.sh | bash
 ```
 
-### Via yarn
-```sh
-yarn global add ieftool
-```
+### Download the binary
+
+The binaries are available in github [go-ieftool](https://github.com/judedaryl/go-ieftool/releases/latest)
+
+Select the binary for your system. Available binaries:
+* darwin-amd64 ( macOS intel chip )
+* darwin-arm64 ( macOS m1 chip )
+* linux-amd64 ( linux x64 )
+* windows-amd64 ( windows x64 )
 
 Then deploy
 
 ```sh
-ieftool deploy -t { tenant } -c { client_id } -s { client_secret } -p ./src
+export B2C_TENANT_ID=__TENANT_ID__
+export B2C_CLIENT_ID=__CLIENT_ID__
+export B2C_CLIENT_SECRET=__CLIENT_SECRET__
 
+ieftool deploy ./policy
 ```
 
-| option | description |
+```
+Usage:
+  ieftool deploy [path to policies]
+```
+
+### Required Environment Variables
+
+| variable | description |
 |--|--|
-| tenant | The B2C tenant, this can either be the **tenantId** or the **tenant name** (mytenant.onmicrosoft.com)|
-| client_id | The client id of an app registration in B2C that has permissions for TrustFrameworkPolicies |
-| client_secret | The client secret of an app registration in B2C that has permissions for TrustFrameworkPolicies |
-| source_path | The path to your b2c policies. In the tree structure above it would be ``./src`` 
+| B2C_TENANT_ID | The B2C tenant, this can either be the **tenantId** (guid) or the **tenant name** (mytenant.onmicrosoft.com)|
+| B2C_CLIENT_ID | The client id of an app registration in B2C that has permissions for TrustFrameworkPolicies |
+| B2C_CLIENT_SECRET | The client secret of an app registration in B2C that has permissions for TrustFrameworkPolicies |
 
 
 <br/>

policies/devops-pipeline/azure-pipelines.yml

@@ -8,13 +8,13 @@ pool:
   vmImage: 'ubuntu-latest'
 
 steps:
-  - task: NodeTool@0
-    inputs:
-      versionSpec: '10.x'
-    displayName: 'Install Node'
-
-  - script: npm install -g ieftool
+  - script: |
+      curl https://raw.githubusercontent.com/judedaryl/go-ieftool/main/install.sh | bash
     displayName: 'Install IEF Tool'
 
-  - script: ieftool deploy -t TENANT_ID -c CLIENT_ID -s CLIENT_SECRET -p ./policy
-    displayName: 'Uploading IEF policies'
+  - script: ieftool deploy ./policy
+    displayName: 'Uploading IEF policies'
+    env:
+      B2C_TENANT_ID: __TENANT_ID__
+      B2C_CLIENT_ID: __CLIENT_ID__
+      B2C_CLIENT_SECRET: __CLIENT_SECRET__

policies/ieftool-github-actions/.github/deploy.yml

@@ -0,0 +1,24 @@
+name: 'deploy'
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    name: Deploy
+    steps:
+      - uses: actions/checkout@v3
+      - uses: judedaryl/ieftool-action/setup@v1
+      - uses: judedaryl/ieftool-action/build@v1
+        with:
+          source: src
+          output: build
+          config: ieftool.config
+      - uses: judedaryl/ieftool-action/deploy@v1
+        with:
+          folder: build
+          client-id: ${{ secrets.B2C_CLIENT_ID }}
+          client-secret: ${{ secrets.B2C_CLIENT_SECRET }}
+          tenant-id: ${{ secrets.B2C_TENANT_ID }}

policies/ieftool-github-actions/README.md

@@ -0,0 +1,157 @@
+# IEFTOOL Github Actions
+
+This example shows how to create a CI/CD pipeline for IEF policies using Github Actions which covers two main scenarios. ``Configuration`` and ``Deployment``
+
+## Scenario - Configuration
+
+Azure B2C IEF policies are mainly written in xml and acts like an instruction set for your user flows in Azure B2C. This presents quite a challenge though when you are maintaining multiple tenants representing multiple environments a ``non-prod`` and ``prod`` for example.
+
+The ieftool helps with this scenario by providing a way for you to inject variables into your xml policies using a ``yaml configuration file``
+
+
+``ieftool.config``
+```yaml
+tenantId: mynonprodtenant.onmicrosoft.com
+deploymentMode: Development
+```
+
+``src/BasePolicy.xml``
+```xml
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<TrustFrameworkPolicy 
+    ...
+    TenantId="{{ tenantId }}"  
+    DeploymentMode="{{ deploymentMode }}">
+  ...
+</xml>
+```
+Run the build command
+
+```sh
+# ieftool build [source dir] [target dir] -c [config path]
+ieftool build src output -c ieftool.config
+```
+
+The policies are then compiled into
+
+``output/BasePolicy.xml``
+```xml
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<TrustFrameworkPolicy 
+    ...
+    TenantId="mytenant.onmicrosoft.com"  
+    DeploymentMode="Development">
+  ...
+</xml>
+```
+
+## Scenario - Deployments
+
+The folder structure of the B2C policies normally doesn't follow a dependency tree and is mainly based on the name of the file. This makes it hard to create a simple bash or pwsh script to upload the policies in the correct order.
+
+This tool makes it easier for B2C policies to be uploaded in-order based on the inheritance of a policy. Uploads are also faster because policies are uploaded by batch depending on its position on the inheritance tree.
+
+
+```pre
+src/
+├─ social/
+│  ├─ base.xml (1A_SBASE)
+│  ├─ signupsignin.xml (1A_SSS)
+├─ local/
+│  ├─ base.xml (1A_LBASE)
+│  ├─ signupsignin.xml (1A_LSS)
+│  ├─ passwordreset.xml (1A_LPR)
+├─ base.xml (1A_BASE)
+├─ extension.xml (1A_EXT)
+
+```
+
+The example folder structure above has the following inheritance tree.
+
+```pre
+                1A_BASE
+                    |
+                 1A_EXT
+                /      \
+          1A_LBASE    1A_SBASE
+           /    \        \      
+       1A_LSS  1A_LPR    1A_SSS
+```
+
+These policies are then batched by their hierarchy in the tree, as well as their parent policy. The order of upload would then be.
+
+1. 1A_Base
+2. 1A_EXT
+3. 1A_LBASE, 1A_SBASE
+4. 1A_LSS, 1A_LPR
+5. 1A_LSSS
+
+<br/>
+<br/>
+
+## Credentials
+
+Create an ``Application Registration`` in your Azure B2C tenant, follow [this guide](https://docs.microsoft.com/en-us/azure/active-directory-b2c/microsoft-graph-get-started?tabs=app-reg-ga).
+
+Make sure to grant **Microsoft Graph > Policy > Policy.ReadWrite.TrustFramework** in **API Permissions**
+
+## Setting up Github
+
+To ensure your ``secrets`` stay ``secrets``. The following values should be stored as ``secrets`` in your github repository/organization
+
+|Secret|Description|
+|-|-|
+|B2C_TENANT_ID|Azure B2C tenant ID|
+|B2C_CLIENT_ID|Azure B2C application client ID|
+|B2C_CLIENT_SECRET|Azure B2C application client secret|
+
+You can find an example workflow in .github/workflows/deploy.yml
+
+## Local Deployment
+
+To deploy locally, you need to install the cli tool.
+
+### Via curl
+```sh
+curl https://raw.githubusercontent.com/judedaryl/go-ieftool/main/install.sh | bash
+```
+
+### Download the binary
+
+The binaries are available in github [go-ieftool](https://github.com/judedaryl/go-ieftool/releases/latest)
+
+Select the binary for your system. Available binaries:
+* darwin-amd64 ( macOS intel chip )
+* darwin-arm64 ( macOS m1 chip )
+* linux-amd64 ( linux x64 )
+* windows-amd64 ( windows x64 )
+
+Then deploy
+
+```sh
+export B2C_TENANT_ID=__TENANT_ID__
+export B2C_CLIENT_ID=__CLIENT_ID__
+export B2C_CLIENT_SECRET=__CLIENT_SECRET__
+
+ieftool deploy ./policy
+```
+
+```
+Usage:
+  ieftool deploy [path to policies]
+```
+
+### Required Environment Variables
+
+| variable | description |
+|--|--|
+| B2C_TENANT_ID | The B2C tenant, this can either be the **tenantId** (guid) or the **tenant name** (mytenant.onmicrosoft.com)|
+| B2C_CLIENT_ID | The client id of an app registration in B2C that has permissions for TrustFrameworkPolicies |
+| B2C_CLIENT_SECRET | The client secret of an app registration in B2C that has permissions for TrustFrameworkPolicies |
+
+
+<br/>
+<br/>
+
+## Notes
+This sample policy is based on [LocalAccounts starter pack](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/LocalAccounts).

policies/ieftool-github-actions/ieftool.config

@@ -0,0 +1 @@
+tenantId: mytenant.onmicrosoft.com

policies/ieftool-github-actions/src/PasswordReset.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<TrustFrameworkPolicy
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+  xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06"
+  PolicySchemaVersion="0.3.0.0"
+  TenantId="{{ tenantId }}"
+  PolicyId="B2C_1A_PasswordReset"
+  PublicPolicyUri="http://{{ tenantId }}/B2C_1A_PasswordReset">
+
+  <BasePolicy>
+    <TenantId>{{ tenantId }}</TenantId>
+    <PolicyId>B2C_1A_TrustFrameworkExtensions</PolicyId>
+  </BasePolicy>
+
+  <RelyingParty>
+    <DefaultUserJourney ReferenceId="PasswordReset" />
+    <TechnicalProfile Id="PolicyProfile">
+      <DisplayName>PolicyProfile</DisplayName>
+      <Protocol Name="OpenIdConnect" />
+      <OutputClaims>
+        <OutputClaim ClaimTypeReferenceId="email" />
+        <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
+        <OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}" />
+      </OutputClaims>
+      <SubjectNamingInfo ClaimType="sub" />
+    </TechnicalProfile>
+  </RelyingParty>
+</TrustFrameworkPolicy>

policies/ieftool-github-actions/src/ProfileEdit.xml

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<TrustFrameworkPolicy
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+  xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06"
+  PolicySchemaVersion="0.3.0.0"
+  TenantId="{{ tenantId }}"
+  PolicyId="B2C_1A_ProfileEdit"
+  PublicPolicyUri="http://{{ tenantId }}/B2C_1A_ProfileEdit">
+
+  <BasePolicy>
+    <TenantId>{{ tenantId }}</TenantId>
+    <PolicyId>B2C_1A_TrustFrameworkExtensions</PolicyId>
+  </BasePolicy>
+
+  <RelyingParty>
+    <DefaultUserJourney ReferenceId="ProfileEdit" />
+    <TechnicalProfile Id="PolicyProfile">
+      <DisplayName>PolicyProfile</DisplayName>
+      <Protocol Name="OpenIdConnect" />
+      <OutputClaims>
+        <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
+        <OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}" />
+      </OutputClaims>
+      <SubjectNamingInfo ClaimType="sub" />
+    </TechnicalProfile>
+  </RelyingParty>
+</TrustFrameworkPolicy>