On surface, this PR shrinks the 100+ lines code base by just 6 lines. The real difference is the reduction of cognitive load in the major function authorized(), while providing more functionality (the PKCE protection), AUTOMATICALLY. The table below is a comparison.
Before this PR
After this PR
OAuth2 Concepts exposed
2 (state and code)
0
if statements
4
1 (plus one more exception handling)
exits
4 code paths
2
Other than that, the functionality of this sample remains versatile: it supports authentication, web API call, B2C authentication, B2C web API call, B2C edit profile, B2C reset password, and it will automatically pick up the PKCE feature provided by MSAL 1.7.
PR reviews are welcome, although this PR will not currently work, until MSAL 1.7 being released.
This PR simplifies the current web app sample based on a new higher-level
acquire_token_by_auth_code_flow()
API, which will be available in MSAL 1.7.0 (coming soon).On surface, this PR shrinks the 100+ lines code base by just 6 lines. The real difference is the reduction of cognitive load in the major function
authorized()
, while providing more functionality (the PKCE protection), AUTOMATICALLY. The table below is a comparison.if
statementsOther than that, the functionality of this sample remains versatile: it supports authentication, web API call, B2C authentication, B2C web API call, B2C edit profile, B2C reset password, and it will automatically pick up the PKCE feature provided by MSAL 1.7.
PR reviews are welcome, although this PR will not currently work, until MSAL 1.7 being released.