Merge pull request #173043 from v-hhunter/hannah-1872298-addissueIDinstruction

[APIM] add ID tokens step

Author: ShannonLeavitt

articles/api-management/api-management-howto-aad-b2c.md

@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: api-management
 ms.topic: how-to
-ms.date: 07/07/2021
+ms.date: 09/28/2021
 ms.author: danlep
 ---
 
@@ -16,20 +16,20 @@ ms.author: danlep
 
 Azure Active Directory B2C is a cloud identity management solution for consumer-facing web and mobile applications. You can use it to manage access to your API Management developer portal. 
 
-This guide shows you the configuration that's required in your API Management service to integrate with Azure Active Directory B2C. If you are using the deprecated legacy developer portal, some steps differ, as noted in this article.
+In this tutorial, you'll learn the configuration required in your API Management service to integrate with Azure Active Directory B2C. As noted later in this article, if you are using the deprecated legacy developer portal, some steps will differ.
 
 For information about enabling access to the developer portal by using classic Azure Active Directory, see [How to authorize developer accounts using Azure Active Directory](api-management-howto-aad.md).
 
 ## Prerequisites
 
-* An Azure Active Directory B2C tenant to create an application in. For more information, see [Azure Active Directory B2C overview](../active-directory-b2c/overview.md).
-* If you don't already have an API Management service, complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md)
+* An Azure Active Directory B2C tenant in which to create an application. For more information, see [Azure Active Directory B2C overview](../active-directory-b2c/overview.md).
+* An API Management instance. If you don't already have one, [create an Azure API Management instance](get-started-create-service-instance.md).
 
 [!INCLUDE [premium-dev-standard.md](../../includes/api-management-availability-premium-dev-standard.md)]
 
 ## Configure sign up and sign in user flow
 
-In this section, create a user flow in your Azure Active Directory B2C tenant containing both sign up and sign in policies. For detailed steps, see [Create user flows and custom policies in Azure Active Directory B2C](../active-directory-b2c/tutorial-create-user-flows.md?pivots=b2c-us).
+In this section, you'll create a user flow in your Azure Active Directory B2C tenant containing both sign up and sign in policies. For detailed steps, see [Create user flows and custom policies in Azure Active Directory B2C](../active-directory-b2c/tutorial-create-user-flows.md?pivots=b2c-us).
 
 1. In the [Azure portal](https://portal.azure.com), access your Azure Active Directory B2C tenant.
 1. Under **Policies**, select **User flows** > **+ New user flow**.
@@ -72,11 +72,11 @@ In this section, create a user flow in your Azure Active Directory B2C tenant co
    * Record the key in a safe location. This secret value is never displayed again after you leave this page.
 1. Switch back to the API Management **Add identity provider** page, and paste the key into the **Client secret** text box.
 1. Switch back to the B2C app registration. In the left menu, under **Manage**, select **Authentication**.
-    * Under **Implicit grant**, select the **Access tokens** check box.
+    * Under **Implicit grant and hybrid flows**, select both the **Access tokens** and **ID tokens** check boxes.
     * Select **Save**.
 1. Switch back in the API Management **Add identity provider** page.
     * In **Signin tenant**, specify the domain name of the Azure Active Directory B2C tenant.
-    * The **Authority** field lets you control the Azure AD B2C login URL to use. Set the value to **<your_b2c_tenant_name>.b2clogin.com**.
+    * The **Authority** field lets you control the Azure Active Directory B2C login URL to use. Set the value to **<your_b2c_tenant_name>.b2clogin.com**.
     * Specify the **Signup Policy** and **Signin Policy** from the B2C tenant policies.
     * Optionally provide the **Profile Editing Policy** and **Password Reset Policy**.
 
@@ -85,12 +85,12 @@ In this section, create a user flow in your Azure Active Directory B2C tenant co
 
 After the changes are saved, developers will be able to create new accounts and sign in to the developer portal by using Azure Active Directory B2C.
 
-## Developer portal - add Azure AD B2C account authentication
+## Developer portal - add Azure Active Directory B2C account authentication
 
 > [!IMPORTANT]
 > You need to [republish the developer portal](api-management-howto-developer-portal-customize.md#publish) when you create or update Azure Active Directory B2C configuration settings for the changes to take effect.
 
-In the developer portal, sign-in with Azure AD B2C is possible with the **Sign-in button: OAuth** widget. The widget is already included on the sign-in page of the default developer portal content.
+In the developer portal, sign-in with Azure Active Directory B2C is possible with the **Sign-in button: OAuth** widget. The widget is already included on the sign-in page of the default developer portal content.
 
 1. To sign in by using Azure Active Directory B2C, open a new browser window and go to the developer portal. Select **Sign in**.
 
@@ -103,30 +103,36 @@ When the signup is complete, you're redirected back to the developer portal. You
 
 :::image type="content" source="media/api-management-howto-aad-b2c/developer-portal-home.png" alt-text="Sign in to developer portal complete":::
 
-Although a new account is automatically created whenever a new user signs in with Azure AD B2C, you may consider adding the same widget to the sign-up page.
+Although a new account is automatically created whenever a new user signs in with Azure Active Directory B2C, you may consider adding the same widget to the signup page.
 
 The **Sign-up form: OAuth** widget represents a form used for signing up with OAuth.
 
-## Legacy developer portal - how to sign up with Azure AD B2C
+## Legacy developer portal - how to sign up with Azure Active Directory B2C
 
 [!INCLUDE [api-management-portal-legacy.md](../../includes/api-management-portal-legacy.md)]
 
-1. To sign up for a developer account by using Azure AD B2C, open a new browser window and go to the legacy developer portal. Click the **Sign up** button.
+> [!NOTE]
+> To properly integrate B2C with the legacy developer portal, use **standard v1** user flows, in combination with enabling [password reset](/active-directory-b2c/user-flow-self-service-password-reset.md) before signing up/signing into a developer account using Azure Active Directory B2C. 
+
+1. Open a new browser window and go to the legacy developer portal. Click the **Sign up** button.
 
     :::image type="content" source="media/api-management-howto-aad-b2c/b2c-dev-portal.png" alt-text="Sign up in legacy developer portal":::
+
 1. Choose to sign up with **Azure Active Directory B2C**.
 
     :::image type="content" source="media/api-management-howto-aad-b2c/b2c-dev-portal-b2c-button.png" alt-text="Sign up  with Azure Active Directory B2C":::
 
-3. You're redirected to the signup policy that you configured in the previous section. Choose to sign up by using your email address or one of your existing social accounts.
+1. You're redirected to the signup policy you configured in the previous section. Choose to sign up by using your email address or one of your existing social accounts.
 
    > [!NOTE]
-   > If Azure Active Directory B2C is the only option that's enabled on the **Identities** tab in the publisher portal, you'll be redirected to the signup policy directly.
+   > If Azure Active Directory B2C is the only option enabled on the **Identities** tab in the publisher portal, you'll be redirected to the signup policy directly.
 
    :::image type="content" source="media/api-management-howto-aad-b2c/b2c-dev-portal-b2c-options.png" alt-text="Sign up options in legacy developer portal":::
 
    When the signup is complete, you're redirected back to the developer portal. You're now signed in to the developer portal for your API Management service instance.
 
+
+
 ## Next steps
 
 *  [Azure Active Directory B2C overview]