Merge pull request #86530 from mmacy/b2c-issue-37398

PRMerger13 · web-flow · commit 31931fdea5e6 · 2019-08-26T09:26:58.000-07:00
[b2c] correct flow terminology (fixes 37398)
diff --git a/articles/active-directory-b2c/active-directory-b2c-reference-tokens.md b/articles/active-directory-b2c/active-directory-b2c-reference-tokens.md
@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 08/23/2019
+ms.date: 08/27/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -17,7 +17,7 @@ ms.subservice: B2C
 
 [!INCLUDE [active-directory-b2c-advanced-audience-warning](../../includes/active-directory-b2c-advanced-audience-warning.md)]
 
-Azure Active Directory B2C (Azure AD) B2C emits several types of security tokens as it processes each [authentication flow](active-directory-b2c-apps.md). This document describes the format, security characteristics, and contents of each type of token.
+Azure Active Directory B2C (Azure AD B2C) emits several types of security tokens as it processes each [authentication flow](active-directory-b2c-apps.md). This document describes the format, security characteristics, and contents of each type of token.
 
 ## Token types
 
@@ -36,7 +36,7 @@ A [registered application](tutorial-register-applications.md) receives tokens an
 - `https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/oauth2/v2.0/authorize`
 - `https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/oauth2/v2.0/token`
 
-Security tokens that your application receives from Azure AD B2C can come from the `/authorize` or `/token` endpoints. When ID tokens are acquired from the `/authorize` endpoint, they are done so using the [implicit flow](active-directory-b2c-reference-spa.md), which is often used for users signing into to javascript-based web applications. When ID tokens are acquired from the `/token` endpoint, they are done so using the [confidential code flow](active-directory-b2c-reference-oidc.md), which keeps the token hidden from the browser.
+Security tokens that your application receives from Azure AD B2C can come from the `/authorize` or `/token` endpoints. When ID tokens are acquired from the `/authorize` endpoint, it's done using the [implicit flow](active-directory-b2c-reference-spa.md), which is often used for users signing in to JavaScript-based web applications. When ID tokens are acquired from the `/token` endpoint, it's done using the [authorization code flow](active-directory-b2c-reference-oidc.md#get-a-token), which keeps the token hidden from the browser.
 
 ## Claims
 
