Proposes more flexible AzureADOptions, and defaulting to AzureAD v2.0

[jmprieur]

Proposes improvements to the AzureADOptions:

• make it possible to specify the Audience of the tokens that will be accepted (with a default which is consistent with the Azure AD experience). For the moment it's hardcoded to {ClientId}
• make it possible to specity the Authority (for the moment it's hardcoded to {Instance}/{TenantId}. This is needed to make v2.0 primary without having users to have the change app generated by dotnet new mvc
• Proposing to remove Domain, and rename TenantId in Tenant as the tenant identification can be specified as a TenantID (a Guid), or a domain, or some well known "meta-tenants" (common, organizations and consumers)

Proposing that Web applications are now v2.0 apps by default.

Proposing improvements to the XML documentation

Note that
This PR is essentially to start the discussion. It's not mean to be final. In particular, no special effort was made for the tests yet

[dnfclas]

All CLA requirements met.

[jmprieur]

@Tratcher @brentschmaltz FYI

[Tratcher]

@blowdart @BillHiebert This would need to be accompanied with template and tooling changes to get the right fields populated in config.

[blowdart]

Without tooling changes this can't be merged, the VS UI would get everything wrong. So it's not as simple as this PR :)

[jmprieur]

I'm well aware of this, @blowdart : this is a proposal to help the discussion that @Tratcher and I have been having offline. Some of the things we'd want to consider is the breaking changes:

• are we happy with renaming TenantId to Tenant? or not. Note that we could do with keeping TenantId (which would be one less breaking change) and use it for tenant information in general: not necessarily a guid. That's the case today, even if the meaning is not very clear
• are we happy to remove Domain (which is not used anywhere btw)

Then as far as template and tooling changes, could you please send me the location of the repos, so that we propose PRs?

[blowdart]

I have no real feelings about the changes, if they matched the Azure Portal wording for these details that would be best (assuming this won't change of course)

[Tratcher]

This looks fine for 3.0 with a little code cleanup.

[Tratcher]

This can be a single operation everywhere you do it.

Suggested change

	options.Audience = string.Format(audienceFormat, azureADOptions.ClientId);
	options.Audience = azureADOptions.Authority.Replace("{ClientId}", azureADOptions.ClientId);

[javiercn]

We don't do things like this in the framework. Audience should be initialized here, not in the property, and it's also better to just use interpolated strings directly. $"api://{azureAdOptions.ClientId}"

[Tratcher]

Spacing

[Tratcher]

@phenning for tooling.

[Tratcher]

Template code: https://github.com/aspnet/Templating/blob/master/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/appsettings.json

[Tratcher]

#50

[javiercn]

I have some comments, but it's a good starting point for a discussion. As @blowdart said this will require coordination with templates and tooling.

[javiercn]

We don't do things like this in the framework. Audience should be initialized here, not in the property, and it's also better to just use interpolated strings directly. $"api://{azureAdOptions.ClientId}"

[javiercn]

Same comment as for the audience

[javiercn]

This is a breaking change. It'll have to be discussed

[javiercn]

I don't think we should default to the common tenant here as just using the common tenant without additional per-app restriction is not recommended.

[javiercn]

Can the audience be completely different from the client id or is always derived from the client id though some transformation.