Merge pull request #966 from OfficeDev/v3

build: merge v3 back to dev
OfficeDev · Jul 25, 2023 · aa4f1fb · aa4f1fb
2 parents c759bcd + 57907de
commit aa4f1fb
Show file tree

Hide file tree

Showing 7 changed files with 29 additions and 4 deletions.
diff --git a/developer-assist-dashboard/infra/azure.bicep b/developer-assist-dashboard/infra/azure.bicep
@@ -39,6 +39,7 @@ var officeWebAppClientId2 = '4765445b-32c6-49b0-83e6-1d93765276ca'
 var outlookDesktopAppClientId = 'd3590ed6-52b3-4102-aeff-aad2292ab01c'
 var outlookWebAppClientId = '00000002-0000-0ff1-ce00-000000000000'
 var authorizedClientApplicationIds = '${teamsMobileOrDesktopAppClientId};${teamsWebAppClientId};${officeWebAppClientId1};${officeWebAppClientId2};${outlookDesktopAppClientId};${outlookWebAppClientId}'
+var allowedClientApplications = '"${teamsMobileOrDesktopAppClientId}","${teamsWebAppClientId}","${officeWebAppClientId1}","${officeWebAppClientId2}","${outlookDesktopAppClientId}","${outlookWebAppClientId}"'
 
 // Azure Storage that hosts your static web site
 resource storage 'Microsoft.Storage/storageAccounts@2021-06-01' = {
@@ -173,6 +174,10 @@ resource functionApp 'Microsoft.Web/sites@2021-02-01' = {
           name: 'PLANNER_BUCKET_ID'
           value: plannerBucketId
         }
+        {
+          name: 'WEBSITE_AUTH_AAD_ACL'
+          value: '{"allowed_client_applications": [${allowedClientApplications}]}'
+        }
       ]
       ftpsState: 'FtpsOnly'
     }

diff --git a/graph-connector-app/infra/azure.bicep b/graph-connector-app/infra/azure.bicep
@@ -23,6 +23,7 @@ var officeWebAppClientId2 = '4765445b-32c6-49b0-83e6-1d93765276ca'
 var outlookDesktopAppClientId = 'd3590ed6-52b3-4102-aeff-aad2292ab01c'
 var outlookWebAppClientId = '00000002-0000-0ff1-ce00-000000000000'
 var authorizedClientApplicationIds = '${teamsMobileOrDesktopAppClientId};${teamsWebAppClientId};${officeWebAppClientId1};${officeWebAppClientId2};${outlookDesktopAppClientId};${outlookWebAppClientId}'
+var allowedClientApplications = '["${aadAppClientId}","${teamsMobileOrDesktopAppClientId}","${teamsWebAppClientId}","${officeWebAppClientId1}","${officeWebAppClientId2}","${outlookDesktopAppClientId}","${outlookWebAppClientId}"]'
 
 // Azure Storage that hosts your static web site
 resource storage 'Microsoft.Storage/storageAccounts@2021-06-01' = {
@@ -97,6 +98,10 @@ resource functionApp 'Microsoft.Web/sites@2021-02-01' = {
           name: 'ALLOWED_APP_IDS'
           value: authorizedClientApplicationIds
         }
+        {
+          name: 'WEBSITE_AUTH_AAD_ACL'
+          value: '{"allowed_client_applications": ${allowedClientApplications}}}'
+        }
         {
           name: 'M365_CLIENT_ID'
           value: aadAppClientId

diff --git a/hello-world-tab-with-backend/infra/azure.bicep b/hello-world-tab-with-backend/infra/azure.bicep
@@ -23,6 +23,7 @@ var officeWebAppClientId2 = '4765445b-32c6-49b0-83e6-1d93765276ca'
 var outlookDesktopAppClientId = 'd3590ed6-52b3-4102-aeff-aad2292ab01c'
 var outlookWebAppClientId = '00000002-0000-0ff1-ce00-000000000000'
 var authorizedClientApplicationIds = '${teamsMobileOrDesktopAppClientId};${teamsWebAppClientId};${officeWebAppClientId1};${officeWebAppClientId2};${outlookDesktopAppClientId};${outlookWebAppClientId}'
+var allowedClientApplications = '"${teamsMobileOrDesktopAppClientId}","${teamsWebAppClientId}","${officeWebAppClientId1}","${officeWebAppClientId2}","${outlookDesktopAppClientId}","${outlookWebAppClientId}"'
 
 // Azure Storage that hosts your static web site
 resource storage 'Microsoft.Storage/storageAccounts@2021-06-01' = {
@@ -118,6 +119,10 @@ resource functionApp 'Microsoft.Web/sites@2021-02-01' = {
           name: 'M365_APPLICATION_ID_URI'
           value: aadApplicationIdUri
         }
+        {
+          name: 'WEBSITE_AUTH_AAD_ACL'
+          value: '{"allowed_client_applications": [${allowedClientApplications}]}'
+        }
       ]
       ftpsState: 'FtpsOnly'
     }

diff --git a/share-now/infra/teamsFx/function.bicep b/share-now/infra/teamsFx/function.bicep
@@ -18,8 +18,7 @@ var administratorLogin = contains(provisionParameters, 'azureSqlAdmin') ? provis
 var administratorLoginPassword = contains(provisionParameters, 'azureSqlAdminPassword') ? provisionParameters['azureSqlAdminPassword'] : ''
 var oauthAuthority = uri(m365OauthAuthorityHost, m365TenantId)
 var tabAppDomain = provisionOutputs.frontendHostingOutput.value.domain
-var tabAppEndpoint = provisionOutputs.frontendHostingOutput.value.endpoint 
-var botId = provisionParameters['botAadAppClientId']
+var tabAppEndpoint = provisionOutputs.frontendHostingOutput.value.endpoint
 var m365ApplicationIdUri = 'api://${tabAppDomain}/${m365ClientId}'
 
 var teamsMobileOrDesktopAppClientId = '1fec8e78-bce4-4aaf-ab1b-5451cc387264'
@@ -30,6 +29,7 @@ var outlookDesktopAppClientId = 'd3590ed6-52b3-4102-aeff-aad2292ab01c'
 var outlookWebAppClientId = '00000002-0000-0ff1-ce00-000000000000'
 var authorizedClientApplicationIds = '${teamsMobileOrDesktopAppClientId};${teamsWebAppClientId};${officeWebAppClientId1};${officeWebAppClientId2};${outlookDesktopAppClientId};${outlookWebAppClientId}'
 
+var allowedClientApplications = '["${m365ClientId}","${teamsMobileOrDesktopAppClientId}","${teamsWebAppClientId}","${officeWebAppClientId1}","${officeWebAppClientId2}","${outlookDesktopAppClientId}","${outlookWebAppClientId}"]'
 var currentAllowedOrigins = empty(currentConfigs.cors) ? [] : currentConfigs.cors.allowedOrigins
 
 resource appConfig 'Microsoft.Web/sites/config@2021-02-01' = {
@@ -38,8 +38,8 @@ resource appConfig 'Microsoft.Web/sites/config@2021-02-01' = {
   properties: {
     cors: {
       allowedOrigins: union(currentAllowedOrigins, [
-        tabAppEndpoint
-      ])
+          tabAppEndpoint
+        ])
     }
   }
 }
@@ -48,6 +48,7 @@ resource appSettings 'Microsoft.Web/sites/config@2021-02-01' = {
   properties: union({
     API_ENDPOINT: provisionOutputs.functionOutput.value.functionEndpoint
     ALLOWED_APP_IDS: authorizedClientApplicationIds
+    WEBSITE_AUTH_AAD_ACL: '{"allowed_client_applications": ${allowedClientApplications}}}'
     M365_CLIENT_ID: m365ClientId
     M365_CLIENT_SECRET: m365ClientSecret
     M365_TENANT_ID: m365TenantId

diff --git a/team-central-dashboard/infra/azure.bicep b/team-central-dashboard/infra/azure.bicep
@@ -26,6 +26,7 @@ var officeWebAppClientId2 = '4765445b-32c6-49b0-83e6-1d93765276ca'
 var outlookDesktopAppClientId = 'd3590ed6-52b3-4102-aeff-aad2292ab01c'
 var outlookWebAppClientId = '00000002-0000-0ff1-ce00-000000000000'
 var authorizedClientApplicationIds = '${teamsMobileOrDesktopAppClientId};${teamsWebAppClientId};${officeWebAppClientId1};${officeWebAppClientId2};${outlookDesktopAppClientId};${outlookWebAppClientId}'
+var allowedClientApplications = '"${teamsMobileOrDesktopAppClientId}","${teamsWebAppClientId}","${officeWebAppClientId1}","${officeWebAppClientId2}","${outlookDesktopAppClientId}","${outlookWebAppClientId}"'
 
 // Azure Storage that hosts your static web site
 resource storage 'Microsoft.Storage/storageAccounts@2021-06-01' = {
@@ -124,6 +125,10 @@ resource functionApp 'Microsoft.Web/sites@2021-02-01' = {
           name: 'TEAMS_APP_ID'
           value: teamsAppId
         }
+        {
+          name: 'WEBSITE_AUTH_AAD_ACL'
+          value: '{"allowed_client_applications": [${allowedClientApplications}]}'
+        }
       ]
       ftpsState: 'FtpsOnly'
     }

diff --git a/todo-list-with-Azure-backend-M365/infra/teamsFx/function.bicep b/todo-list-with-Azure-backend-M365/infra/teamsFx/function.bicep
@@ -33,6 +33,7 @@ var outlookDesktopAppClientId = 'd3590ed6-52b3-4102-aeff-aad2292ab01c'
 var outlookWebAppClientId1 = '00000002-0000-0ff1-ce00-000000000000'
 var outlookWebAppClientId2 = 'bc59ab01-8403-45c6-8796-ac3ef710b3e3'
 var authorizedClientApplicationIds = '${teamsMobileOrDesktopAppClientId};${teamsWebAppClientId};${officeWebAppClientId1};${officeWebAppClientId2};${officeDesktopAppClientId};${outlookDesktopAppClientId};${outlookWebAppClientId1};${outlookWebAppClientId2}'
+var allowedClientApplications = '["${m365ClientId}","${teamsMobileOrDesktopAppClientId}","${teamsWebAppClientId}","${officeWebAppClientId1}","${officeWebAppClientId2}","${officeDesktopAppClientId}","${outlookDesktopAppClientId}","${outlookWebAppClientId1}","${outlookWebAppClientId2}"]'
 
 var currentAllowedOrigins = empty(currentConfigs.cors) ? [] : currentConfigs.cors.allowedOrigins
 
@@ -58,6 +59,7 @@ resource appSettings 'Microsoft.Web/sites/config@2021-02-01' = {
     M365_AUTHORITY_HOST: m365OauthAuthorityHost // AAD authority host
     M365_APPLICATION_ID_URI: m365ApplicationIdUri // Application ID URI of AAD application
     IDENTITY_ID: provisionOutputs.identityOutput.value.identityClientId // User assigned identity id, the identity is used to access other Azure resources
+    WEBSITE_AUTH_AAD_ACL: '{"allowed_client_applications": ${allowedClientApplications}}}'
   }, currentAppSettings) // Merge new settings with existing settings
 }
 

diff --git a/todo-list-with-Azure-backend/infra/teamsFx/function.bicep b/todo-list-with-Azure-backend/infra/teamsFx/function.bicep
@@ -28,6 +28,7 @@ var officeWebAppClientId2 = '4765445b-32c6-49b0-83e6-1d93765276ca'
 var outlookDesktopAppClientId = 'd3590ed6-52b3-4102-aeff-aad2292ab01c'
 var outlookWebAppClientId = '00000002-0000-0ff1-ce00-000000000000'
 var authorizedClientApplicationIds = '${teamsMobileOrDesktopAppClientId};${teamsWebAppClientId};${officeWebAppClientId1};${officeWebAppClientId2};${outlookDesktopAppClientId};${outlookWebAppClientId}'
+var allowedClientApplications = '["${m365ClientId}","${teamsMobileOrDesktopAppClientId}","${teamsWebAppClientId}","${officeWebAppClientId1}","${officeWebAppClientId2}","${outlookDesktopAppClientId}","${outlookWebAppClientId}"]'
 
 var currentAllowedOrigins = empty(currentConfigs.cors) ? [] : currentConfigs.cors.allowedOrigins
 
@@ -57,6 +58,7 @@ resource appSettings 'Microsoft.Web/sites/config@2021-02-01' = {
     SQL_ENDPOINT: provisionOutputs.azureSqlOutput.value.sqlEndpoint
     SQL_USER_NAME: administratorLogin
     SQL_PASSWORD: administratorLoginPassword
+    WEBSITE_AUTH_AAD_ACL: '{"allowed_client_applications": ${allowedClientApplications}}}'
   }, currentAppSettings)
 }