Reorder config vars + comment edit

Author: mmacy

app_config.py

@@ -1,8 +1,10 @@
 import os
 
-CLIENT_SECRET = "Enter_the_Client_Secret_Here" # Our Quickstart uses this placeholder
-# In your production app, we recommend you to use other ways to store your secret,
-# such as KeyVault, or environment variable as described in Flask's documentation here
+CLIENT_ID = "Enter_the_Application_Id_here" # Application (client) ID of app registration
+
+CLIENT_SECRET = "Enter_the_Client_Secret_Here" # Placeholder - for use ONLY during testing.
+# In a production app, we recommend you use a more secure method of storing your secret,
+# like Azure Key Vault. Or, use an environment variable as described in Flask's documentation:
 # https://flask.palletsprojects.com/en/1.1.x/config/#configuring-from-environment-variables
 # CLIENT_SECRET = os.getenv("CLIENT_SECRET")
 # if not CLIENT_SECRET:
@@ -11,10 +13,9 @@
 AUTHORITY = "https://login.microsoftonline.com/common"  # For multi-tenant app
 # AUTHORITY = "https://login.microsoftonline.com/Enter_the_Tenant_Name_Here"
 
-CLIENT_ID = "Enter_the_Application_Id_here"
-
-REDIRECT_PATH = "/getAToken"  # It will be used to form an absolute URL
-    # And that absolute URL must match your app's redirect_uri set in AAD
+REDIRECT_PATH = "/getAToken"  # Used for forming an absolute URL to your redirect URI.
+                              # The absolute URL must match the redirect URI you set
+                              # in the app's registration in the Azure portal.
 
 # You can find more Microsoft Graph API endpoints from Graph Explorer
 # https://developer.microsoft.com/en-us/graph/graph-explorer
@@ -24,5 +25,4 @@
 # https://docs.microsoft.com/en-us/graph/permissions-reference
 SCOPE = ["User.ReadBasic.All"]
 
-SESSION_TYPE = "filesystem"  # So token cache will be stored in server-side session
-
+SESSION_TYPE = "filesystem"  # Specifies the token cache should be stored in server-side session

app_config_b2c.py

@@ -6,9 +6,11 @@
 resetpassword_user_flow = "b2c_1_passwordreset1"
 authority_template = "https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{user_flow}"
 
-CLIENT_SECRET = "Enter_the_Client_Secret_Here" # Our Quickstart uses this placeholder
-# In your production app, we recommend you to use other ways to store your secret,
-# such as KeyVault, or environment variable as described in Flask's documentation here
+CLIENT_ID = "Enter_the_Application_Id_here" # Application (client) ID of app registration
+
+CLIENT_SECRET = "Enter_the_Client_Secret_Here" # Placeholder - for use ONLY during testing.
+# In a production app, we recommend you use a more secure method of storing your secret,
+# like Azure Key Vault. Or, use an environment variable as described in Flask's documentation:
 # https://flask.palletsprojects.com/en/1.1.x/config/#configuring-from-environment-variables
 # CLIENT_SECRET = os.getenv("CLIENT_SECRET")
 # if not CLIENT_SECRET:
@@ -21,16 +23,14 @@
 B2C_RESET_PASSWORD_AUTHORITY = authority_template.format(
     tenant=b2c_tenant, user_flow=resetpassword_user_flow)
 
-CLIENT_ID = "Enter_the_Application_Id_here"
-
-REDIRECT_PATH = "/getAToken"  # It will be used to form an absolute URL
-    # And that absolute URL must match your app's redirect_uri set in AAD
-
-# This is the resource that you are going to access in your B2C tenant
-ENDPOINT = ''
+REDIRECT_PATH = "/getAToken"  # Used for forming an absolute URL to your redirect URI.
+                              # The absolute URL must match the redirect URI you set
+                              # in the app's registration in the Azure portal.
 
-# These are the scopes that you defined for the web API
-SCOPE = []  # For illustration purposes only: ["demo.read", "demo.write"]
+# This is the API resource endpoint
+ENDPOINT = '' # Application ID URI of app registration in Azure portal
 
-SESSION_TYPE = "filesystem"  # So token cache will be stored in server-side session
+# These are the scopes you've exposed in the web API app registration in the Azure portal
+SCOPE = []  # Example with two exposed scopes: ["demo.read", "demo.write"]
 
+SESSION_TYPE = "filesystem"  # Specifies the token cache should be stored in server-side session