Verify identity against site.json defined user during OAuth

[ChirmyRam]

最后一步账号授权登陆完成后仍然能再次授权新的账号，这样一来相当于非站点所有者也可以随意登录账户更改展示内容，所以能否在完成初次账户授权登陆后关闭授权通道，或者构建后台管理页面？

[spencerwooo]

User now need to define a field userPrincipalName inside site.json, which will be used to verify the identity of the user when storing the token after OAuth during the initialisation process. It is usually the email of your Microsoft account.

为了防止图谋不轨之人随意认证已部署网站，现在需要在 site.json 下的 userPrincipalName 定义用户的 userPrincipalName，用于验证当前 OAuth 的用户是否是网站的所有者。userPrincipalName 往往就是你的微软账户邮箱。

Additionally, a scope user.read was added, so that the client can get the userPrincipalName from MS Graph API.

另外，在请求权限 scope 处添加了 user.read 权限，这样 client 才能通过 MS Graph API 拿到用户的 userPrincipalName.

[ChirmyRam]

感谢。