Removed the isMFA required method and added a fix MFA route

Author: 4gust

1-Authentication/7-sign-in-express-mfa/App/auth/AuthProvider.js

@@ -74,15 +74,6 @@ class AuthProvider {
         );
     }
 
-    doesRequireMFA(token) {
-        // Decode the access token payload
-        const tokenPayload = JSON.parse(atob(token.split('.')[1]));
-        console.log(tokenPayload);
-        // More infromation about the "mfa" can be found here.
-        // https://learn.microsoft.com/en-us/entra/identity-platform/access-token-claims-reference
-        return !tokenPayload.amr.includes("mfa");
-    }
-
     async handleRedirect(req, res, next) {
         const authCodeRequest = {
             ...req.session.authCodeRequest,

1-Authentication/7-sign-in-express-mfa/App/routes/users.js

@@ -29,35 +29,32 @@ router.get('/id',
 );
 
 router.get(
-    '/updateProfile',
+    '/gatedUpdateProfile',
     isAuthenticated, // check if user is authenticated
     authProvider.getToken(["User.ReadWrite"]),
     async function (req, res, next) {
-        let doesRequiredMFA = authProvider.doesRequireMFA(req.session.accessToken);
         const graphResponse = await fetch(
             GRAPH_ME_ENDPOINT,
             req.session.accessToken
           );
-        res.render("updateProfile", {
+        res.render("gatedUpdateProfile", {
             profile: graphResponse,
-            doesRequiredMFA: doesRequiredMFA
           });
     }
 );
 
 router.get(
-  '/gatedUpdateProfile',
+  '/updateProfile',
   isAuthenticated, // check if user is authenticated
   authProvider.getToken(["User.ReadWrite", mfaProtectedResourceScope], 
-                        "http://localhost:3000/users/gatedUpdateProfile"), // check for mfa
+                        "http://localhost:3000/users/updateProfile"),
   async function (req, res, next) {
       const graphResponse = await fetch(
           GRAPH_ME_ENDPOINT,
           req.session.accessToken
         );
       res.render("updateProfile", {
           profile: graphResponse,
-          doesRequiredMFA: false
         });
   }
 );

1-Authentication/7-sign-in-express-mfa/App/views/gatedUpdateProfile.hbs

@@ -0,0 +1,34 @@
+<h1>Microsoft Graph API</h1>
+<h3>/me endpoint response</h3>
+<div style="display: flex; justify-content: left;">
+<div style="size: 400px;">
+  <form id="userInfoForm" action='/users/update' method='POST'>
+    <label>Id :</label>
+    <label> {{profile.id}}</label>
+    <br/>
+    <label>Email :</label>
+    <label> {{profile.mail}}</label>
+    <br/>
+    <label for="userName" >Display Name :</label>
+    <input type="text" id="displayName" name="displayName" disabled value="{{profile.displayName}}" />
+    <br />
+    <label for="userName">Given Name :</label>
+    <input type="text" id="givenName" name="givenName" value="{{profile.givenName}}" />
+    <br />
+
+    <label for="userSurname">Surname :</label>
+    <input type="text" id="surname" name="surname" value="{{profile.surname}}" />
+    <br />
+
+    <button type="submit" id="button">Save</button>
+  </form>
+</div>
+<div>
+  <br>
+  <br>
+    <a href="/users/updateProfile">
+    <button>Edit</button>
+    </a>
+ </div>
+</div>
+<a href="/">Go back</a>

1-Authentication/7-sign-in-express-mfa/App/views/id.hbs

@@ -1,4 +1,4 @@
-<h1>Azure AD</h1>
+<h1>Entra ID</h1>
 <h3>ID Token</h3>
 <table>
     <tbody>

1-Authentication/7-sign-in-express-mfa/App/views/index.hbs

@@ -3,7 +3,7 @@
 <p>Hi {{username}}!</p>
 <a href="/users/id">View ID token claims</a>
 <br>
-<a href="/users/updateProfile">Profile editing</a>
+<a href="/users/gatedUpdateProfile">Profile editing</a>
 <br>
 <a href="/auth/signout">Sign out</a>
 {{else}}

1-Authentication/7-sign-in-express-mfa/App/views/updateProfile.hbs

@@ -1,6 +1,6 @@
 <h1>Microsoft Graph API</h1>
 <h3>/me endpoint response</h3>
-    <div style="display: flex; justify-content: left;">
+<div style="display: flex; justify-content: left;">
 <div style="size: 400px;">
   <form id="userInfoForm" action='/users/update' method='POST'>
     <label>Id :</label>
@@ -10,7 +10,7 @@
     <label> {{profile.mail}}</label>
     <br/>
     <label for="userName" >Display Name :</label>
-    <input type="text" id="displayName" name="displayName" {{#if doesRequiredMFA}}disabled{{else}}{{/if}} value="{{profile.displayName}}" />
+    <input type="text" id="displayName" name="displayName" value="{{profile.displayName}}" />
     <br />
     <label for="userName">Given Name :</label>
     <input type="text" id="givenName" name="givenName" value="{{profile.givenName}}" />
@@ -23,16 +23,6 @@
     <button type="submit" id="button">Save</button>
   </form>
 </div>
-<div>
-  <br>
-  <br>
-  {{#if doesRequiredMFA}}
-    <a href="/users/gatedUpdateProfile">
-    <button>Edit</button>
-    </a>
-    {{else}}
-       <br />
-    {{/if}}
- </div>
+<br>
 </div>
 <a href="/">Go back</a>

1-Authentication/7-sign-in-express-mfa/AppCreationScripts/sample.json

@@ -1,6 +1,6 @@
 {
     "Sample": {
-        "Title": "A Node.js & Express web app authenticating users against Azure AD for Customers with MSAL Node",
+        "Title": "A Node.js & Express web app authenticating users against Entra ID for Customers with MSAL Node",
         "Level": 100,
         "Client": "Node.js & Express web app",
         "Languages": [
@@ -14,7 +14,7 @@
         "Endpoint": "AAD v2.0",
         "Provider": "CIAM",
         "Platform": "JavaScript",
-        "description": "This sample demonstrates a Node.js & Express web app authenticating users against Azure Active Directory Customer Identity Access Management (Azure AD for Customers) with Microsoft Authentication Library for Node (MSAL Node)"
+        "description": "This sample demonstrates a Node.js & Express web app authenticating users with Microsoft Entra External ID using the Microsoft Authentication Library for Node (MSAL Node)"
     },
     "AADApps": [
         {