Blazor WASM security updates for 5.0 (#20162)

guardrex · web-flow · commit ff1d03795f75 · 2020-10-09T16:24:07.000-05:00
diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md b/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md
@@ -54,8 +54,6 @@ Record the following information:
 * App ID URI (for example, `api://41451fa7-82d9-4673-8fa5-69eff5a761fd`, `https://contoso.onmicrosoft.com/41451fa7-82d9-4673-8fa5-69eff5a761fd`, or the custom value that you provided)
 * Scope name (for example, `API.Access`)
 
-The App ID URI might require a special configuration in the client app, which is described in the [Access token scopes](#access-token-scopes) section later in this topic.
-
 ### Register a client app
 
 Follow the guidance in [Tutorial: Register an application in Azure Active Directory B2C](/azure/active-directory-b2c/tutorial-register-applications) again to register an AAD app for the *`Client`* app and then do the following:
diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory.md b/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory.md
@@ -55,8 +55,6 @@ Record the following information:
 * App ID URI (for example, `api://41451fa7-82d9-4673-8fa5-69eff5a761fd`, `https://contoso.onmicrosoft.com/41451fa7-82d9-4673-8fa5-69eff5a761fd`, or the custom value that you provide)
 * Scope name (for example, `API.Access`)
 
-The App ID URI might require a special configuration in the client app, which is described in the [Access token scopes](#access-token-scopes) section later in this topic.
-
 ### Register a client app
 
 Follow the guidance in [Quickstart: Register an application with the Microsoft identity platform](/azure/active-directory/develop/quickstart-register-app) and subsequent Azure AAD topics to register a AAD app for the *`Client`* app and then do the following:
@@ -271,6 +269,8 @@ Example:
 }
 ```
 
+[!INCLUDE[](~/includes/blazor-security/azure-scope-5x.md)]
+
 ::: moniker-end
 
 ::: moniker range="< aspnetcore-5.0"
@@ -303,8 +303,6 @@ Example:
 
 ::: moniker-end
 
-[!INCLUDE[](~/includes/blazor-security/azure-scope-5x.md)]
-
 ### WeatherForecast controller
 
 The WeatherForecast controller (*Controllers/WeatherForecastController.cs*) exposes a protected API with the [`[Authorize]`](xref:Microsoft.AspNetCore.Authorization.AuthorizeAttribute) attribute applied to the controller. It's **important** to understand that:
@@ -423,8 +421,12 @@ Specify additional scopes with `AdditionalScopesToConsent`:
 options.ProviderOptions.AdditionalScopesToConsent.Add("{ADDITIONAL SCOPE URI}");
 ```
 
+::: moniker range="< aspnetcore-5.0"
+
 [!INCLUDE[](~/includes/blazor-security/azure-scope-3x.md)]
 
+::: moniker-end
+
 For more information, see the following sections of the *Additional scenarios* article:
 
 * [Request additional access tokens](xref:blazor/security/webassembly/additional-scenarios#request-additional-access-tokens)
diff --git a/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory-b2c.md b/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory-b2c.md
@@ -182,8 +182,6 @@ Specify additional scopes with `AdditionalScopesToConsent`:
 options.ProviderOptions.AdditionalScopesToConsent.Add("{ADDITIONAL SCOPE URI}");
 ```
 
-[!INCLUDE[](~/includes/blazor-security/azure-scope-3x.md)]
-
 For more information, see the following sections of the *Additional scenarios* article:
 
 * [Request additional access tokens](xref:blazor/security/webassembly/additional-scenarios#request-additional-access-tokens)
diff --git a/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory.md b/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory.md
@@ -169,8 +169,12 @@ Specify additional scopes with `AdditionalScopesToConsent`:
 options.ProviderOptions.AdditionalScopesToConsent.Add("{ADDITIONAL SCOPE URI}");
 ```
 
+::: moniker range="< aspnetcore-5.0"
+
 [!INCLUDE[](~/includes/blazor-security/azure-scope-3x.md)]
 
+::: moniker-end
+
 For more information, see the following sections of the *Additional scenarios* article:
 
 * [Request additional access tokens](xref:blazor/security/webassembly/additional-scenarios#request-additional-access-tokens)
diff --git a/aspnetcore/blazor/security/webassembly/standalone-with-microsoft-accounts.md b/aspnetcore/blazor/security/webassembly/standalone-with-microsoft-accounts.md
@@ -162,8 +162,12 @@ Specify additional scopes with `AdditionalScopesToConsent`:
 options.ProviderOptions.AdditionalScopesToConsent.Add("{ADDITIONAL SCOPE URI}");
 ```
 
+::: moniker range="< aspnetcore-5.0"
+
 [!INCLUDE[](~/includes/blazor-security/azure-scope-3x.md)]
 
+::: moniker-end
+
 For more information, see the following sections of the *Additional scenarios* article:
 
 * [Request additional access tokens](xref:blazor/security/webassembly/additional-scenarios#request-additional-access-tokens)
