updated scripts and readme

Author: salman90

AppCreationScripts/Configure.ps1

@@ -184,6 +184,23 @@ Function UpdateTextFile([string] $configFilePath, [System.Collections.HashTable]
     Set-Content -Path $configFilePath -Value $lines -Force
 }
 
+<#.Description
+   This function takes a string as input and creates an instance of an Optional claim object
+#> 
+Function CreateOptionalClaim([string] $name)
+{
+    <#.Description
+    This function creates a new Azure AD optional claims  with default and provided values
+    #>  
+
+    $appClaim = New-Object Microsoft.Graph.PowerShell.Models.MicrosoftGraphOptionalClaim
+    $appClaim.AdditionalProperties =  New-Object System.Collections.Generic.List[string]
+    $appClaim.Source =  $null
+    $appClaim.Essential = $false
+    $appClaim.Name = $name
+    return $appClaim
+}
+
 <#.Description
    Primary entry method to create and configure app registrations
 #> 
@@ -237,6 +254,19 @@ Function ConfigureApplications
         New-MgApplicationOwnerByRef -ApplicationId $currentAppObjectId  -BodyParameter = @{"@odata.id" = "htps://graph.microsoft.com/v1.0/directoryObjects/$user.ObjectId"}
         Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($clientServicePrincipal.DisplayName)'"
     }
+
+    # Add Claims
+
+    $optionalClaims = New-Object Microsoft.Graph.PowerShell.Models.MicrosoftGraphOptionalClaims
+    $optionalClaims.AccessToken = New-Object System.Collections.Generic.List[Microsoft.Graph.PowerShell.Models.MicrosoftGraphOptionalClaim]
+    $optionalClaims.IdToken = New-Object System.Collections.Generic.List[Microsoft.Graph.PowerShell.Models.MicrosoftGraphOptionalClaim]
+    $optionalClaims.Saml2Token = New-Object System.Collections.Generic.List[Microsoft.Graph.PowerShell.Models.MicrosoftGraphOptionalClaim]
+
+    # Add Optional Claims
+
+    $newClaim =  CreateOptionalClaim  -name "login_hint" 
+    $optionalClaims.IdToken += ($newClaim)
+    Update-MgApplication -ApplicationId $currentAppObjectId -OptionalClaims $optionalClaims
     Write-Host "Done creating the client application (msal-node-desktop)"
 
     # URL of the AAD application in the Azure portal
@@ -250,7 +280,7 @@ Function ConfigureApplications
     # Add Required Resources Access (from 'client' to 'Microsoft Graph')
     Write-Host "Getting access from 'client' to 'Microsoft Graph'"
     $requiredPermission = GetRequiredPermissions -applicationDisplayName "Microsoft Graph"`
-        -requiredDelegatedPermissions "User.Read|Mail.Read"
+        -requiredDelegatedPermissions "User.Read"
 
     $requiredResourcesAccess.Add($requiredPermission)
     Write-Host "Added 'Microsoft Graph' to the RRA list."

AppCreationScripts/sample.json

@@ -18,9 +18,12 @@
             "RequiredResourcesAccess": [
                 {
                     "Resource": "Microsoft Graph",
-                    "DelegatedPermissions": ["User.Read", "Mail.Read"]
+                    "DelegatedPermissions": ["User.Read"]
                 }
-            ]
+            ],
+            "OptionalClaims": {
+                "IdTokenClaims": ["login_hint"]
+            }
         }
 	],
 	"CodeConfiguration": [

README.md

@@ -35,7 +35,7 @@ This sample demonstrates the following **MSAL Node** concepts:
 | `AppCreationScripts/`        | Contains Powershell scripts for automating app registration. |
 | `App/authProvider.js`        | Main authentication logic resides here.                      |
 | `App/main.js`                | Application main process.                                    |
-| `App/fetch.js`               | Axios HTTP client for calling endpoints with a bearer token. |
+| `App/graph.js`               | Instantiates Graph SDK client.                               |
 | `App/renderer.js`            | Renderer processes and UI methods.                           |
 | `App/constants.js`           | Example user accounts in JSON .                              |
 | `App/preload.js`             | Give the Renderer process controlled access to some Node API.|
@@ -62,6 +62,15 @@ This sample demonstrates the following **MSAL Node** concepts:
 1. In the **Redirect URIs** section enter the following redirect URI `http://localhost`
 1. Select **Configure**.
 
+##### Configure Optional Claims
+
+1. Still on the same app registration, select the **Token configuration** blade to the left.
+1. Select **Add optional claim**:
+    1. Select **optional claim type**, then choose **ID**.
+    1. Select the optional claim **login_hint**.
+    > An opaque, reliable login hint claim. This claim is the best value to use for the login_hint OAuth parameter in all flows to get SSO.See $[optional claims](https://docs.microsoft.com/azure/active-directory/develop/active-directory-optional-claims) for more details on this optional claim.
+    1. Select **Add** to save your changes.
+
 #### Step 2: Clone the repository  
 
 Clone this repository `git clone https://github.com/Azure-Samples/ms-identity-javascript-nodejs-desktop.git`