Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into asc-melvyn-20200129

Author: memildin

CODEOWNERS

@@ -6,6 +6,12 @@
 articles/**/policy-samples.md @DCtheGeek
 includes/policy/ @DCtheGeek
 
+# Azure Active Directory
+
+articles/active-directory-b2c/ @msmimart @yoelhor
+articles/active-directory/app-provisioning/ @CelesteDG
+articles/active-directory/manage-apps/ @CelesteDG
+
 # Cognitive Services
 articles/cognitive-services/ @diberry @erhopf @aahill @ievangelist @patrickfarley @nitinme
 

articles/active-directory-b2c/identity-provider-amazon-custom.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 10/05/2018
+ms.date: 05/04/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -25,17 +25,16 @@ This article shows you how to enable sign-in for users from an Amazon account by
 - Complete the steps in [Get started with custom policies](custom-policy-get-started.md).
 - If you don't already have an Amazon account, create one at [https://www.amazon.com/](https://www.amazon.com/).
 
-## Register the application
+## Create an app in the Amazon developer console
 
-To enable sign-in for users from an Amazon account, you need to create an Amazon application.
+To use an Amazon account as a federated identity provider in Azure Active Directory B2C (Azure AD B2C), you need to create an application in your [Amazon Developer Services and Technologies](https://developer.amazon.com). If you don't already have an Amazon account, you can sign up at [https://www.amazon.com/](https://www.amazon.com/).
 
-1. Sign in to the [Amazon Developer Center](https://login.amazon.com/) with your Amazon account credentials.
-2. If you have not already done so, click **Sign Up**, follow the developer registration steps, and accept the policy.
-3. Select **Register new application**.
-4. Enter a **Name**, **Description**, and **Privacy Notice URL**, and then click **Save**. The privacy notice is a page that you manage that provides privacy information to users.
-5. In the **Web Settings** section, copy the values of **Client ID**. Select **Show Secret** to get the client secret and then copy it. You need both of them to configure an Amazon account as an identity provider in your tenant. **Client Secret** is an important security credential.
-6. In the **Web Settings** section, select **Edit**, and then enter `https://your-tenant-name.b2clogin.com` in **Allowed JavaScript Origins** and `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp` in **Allowed Return URLs**. Replace `your-tenant-name` with the name of your tenant. Use all lowercase letters when entering your tenant name even if the tenant is defined with uppercase letters in Azure AD B2C.
-7. Click **Save**.
+> [!NOTE]  
+> Use the following URLs in **step 8** below, replacing `your-tenant-name` with the name of your tenant. When entering your tenant name, use all lowercase letters, even if the tenant is defined with uppercase letters in Azure AD B2C.
+> - For **Allowed Origins**, enter `https://your-tenant-name.b2clogin.com` 
+> - For **Allowed Return URLs**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp`
+
+[!INCLUDE [identity-provider-amazon-idp-register.md](../../includes/identity-provider-amazon-idp-register.md)]
 
 ## Create a policy key
 

articles/active-directory-b2c/identity-provider-amazon.md

@@ -9,24 +9,23 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 08/08/2019
+ms.date: 04/05/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
 
 # Set up sign-up and sign-in with an Amazon account using Azure Active Directory B2C
 
-## Create an Amazon application
+## Create an app in the Amazon developer console
 
-To use an Amazon account as an [identity provider](authorization-code-flow.md) in Azure Active Directory B2C (Azure AD B2C), you need to create an application in your tenant that represents it. If you don't already have an Amazon account you can sign up at [https://www.amazon.com/](https://www.amazon.com/).
+To use an Amazon account as a federated identity provider in Azure Active Directory B2C (Azure AD B2C), you need to create an application in your [Amazon Developer Services and Technologies](https://developer.amazon.com). If you don't already have an Amazon account, you can sign up at [https://www.amazon.com/](https://www.amazon.com/).
 
-1. Sign in to the [Amazon Developer Center](https://login.amazon.com/) with your Amazon account credentials.
-1. If you have not already done so, click **Sign Up**, follow the developer registration steps, and accept the policy.
-1. Select **Register new application**.
-1. Enter a **Name**, **Description**, and **Privacy Notice URL**, and then click **Save**. The privacy notice is a page that you manage that provides privacy information to users.
-1. In the **Web Settings** section, copy the values of **Client ID**. Select **Show Secret** to get the client secret and then copy it. You need both of them to configure an Amazon account as an identity provider in your tenant. **Client Secret** is an important security credential.
-1. In the **Web Settings** section, select **Edit**, and then enter `https://your-tenant-name.b2clogin.com` in **Allowed JavaScript Origins** and `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp` in **Allowed Return URLs**. Replace `your-tenant-name` with the name of your tenant. You need to use all lowercase letters when entering your tenant name even if the tenant is defined with uppercase letters in Azure AD B2C.
-1. Click **Save**.
+> [!NOTE]  
+> Use the following URLs in **step 8** below, replacing `your-tenant-name` with the name of your tenant. When entering your tenant name, use all lowercase letters, even if the tenant is defined with uppercase letters in Azure AD B2C.
+> - For **Allowed Origins**, enter `https://your-tenant-name.b2clogin.com` 
+> - For **Allowed Return URLs**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp`
+
+[!INCLUDE [identity-provider-amazon-idp-register.md](../../includes/identity-provider-amazon-idp-register.md)]
 
 ## Configure an Amazon account as an identity provider
 

articles/active-directory-b2c/localization-string-ids.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/26/2020
+ms.date: 05/02/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -267,6 +267,7 @@ The following are the IDs for a [one-time password technical profile](one-time-p
 |UserMessageIfSessionDoesNotExist |One time password verification session has expired |
 |UserMessageIfSessionConflict |One time password verification session has conflict |
 |UserMessageIfInvalidCode |One time password provided for verification is incorrect |
+|UserMessageIfVerificationFailedRetryAllowed |That code is incorrect. Please try again. | 
 
 ### Example
 
@@ -277,6 +278,7 @@ The following are the IDs for a [one-time password technical profile](one-time-p
     <LocalizedString ElementType="ErrorMessage" StringId="UserMessageIfMaxRetryAttempted">You have exceed the number of retries allowed.</LocalizedString>
     <LocalizedString ElementType="ErrorMessage" StringId="UserMessageIfInvalidCode">You have entered the wrong code.</LocalizedString>
     <LocalizedString ElementType="ErrorMessage" StringId="UserMessageIfSessionConflict">Cannot verify the code, please try again later.</LocalizedString>
+   <LocalizedString ElementType="ErrorMessage" StringId="UserMessageIfVerificationFailedRetryAllowed">That code is incorrect. Please try again.</LocalizedString>
   </LocalizedStrings>
 </LocalizedResources>
 ```

articles/active-directory-b2c/one-time-password-technical-profile.md

@@ -140,6 +140,7 @@ The following metadata can be used to configure the error messages displayed upo
 | UserMessageIfSessionDoesNotExist | No | The message to display to the user if the code verification session has expired. It is either the code has expired or the code has never been generated for a given identifier. |
 | UserMessageIfMaxRetryAttempted | No | The message to display to the user if they've exceeded the maximum allowed verification attempts. |
 | UserMessageIfInvalidCode | No | The message to display to the user if they've provided an invalid code. |
+| UserMessageIfVerificationFailedRetryAllowed | No | The message to display to the user if they've provided an invalid code, and user is allowed to provide the correct code.  |
 |UserMessageIfSessionConflict|No| The message to display to the user if the code cannot be verified.|
 
 ### Example

articles/active-directory/azuread-dev/TOC.yml

@@ -158,7 +158,7 @@
   - name: Use the Microsoft Graph API
     href: ../develop/microsoft-graph-intro.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json
   - name: AD FS for developers
-    href: https://docs.microsoft.com/windows-server/identity/ad-fs/overview/ad-fs-scenarios-for-developers
+    href: https://docs.microsoft.com/windows-server/identity/ad-fs/ad-fs-overview
 - name: References
   items:
   - name: Authentication libraries

articles/active-directory/develop/quickstart-v2-javascript.md

@@ -90,7 +90,7 @@ In this quickstart, you use a code sample to learn how a JavaScript single-page
 >  const msalConfig = {
 >    auth: {
 >      clientId: "Enter_the_Application_Id_Here",
->      authority: "Enter_the_Cloud_Instance_Id_HereEnter_the_Tenant_Info_Here",
+>      authority: "Enter_the_Cloud_Instance_Id_Here_OR_Enter_the_Tenant_Info_Here",
 >      redirectUri: "Enter_the_Redirect_Uri_Here",
 >    },
 >    cache: {

articles/active-directory/develop/scenario-spa-production.md

@@ -37,7 +37,7 @@ Deep dive of the quickstart sample, which explains the code for how to sign in u
 Sample that demonstrates how to get tokens for your own back-end web API by using MSAL.js:
 
 > [!div class="nextstepaction"]
-> [SPA with an ASP.NET back end](https://github.com/Azure-Samples/active-directory-javascript-singlepageapp-dotnet-webapi-v2)
+> [SPA with an ASP.NET back-end](https://github.com/Azure-Samples/ms-identity-javascript-angular-spa-aspnetcore-webapi)
 
 Sample that shows how to use MSAL.js to sign in users in an app that's registered with Azure Active Directory B2C (Azure AD B2C):
 

articles/active-directory/develop/tutorial-v2-javascript-auth-code.md

@@ -277,7 +277,7 @@ You now have a simple server to serve your SPA. The intended folder structure at
 
 ## Register your application
 
-Follow the instructions to [register a new single page application](https://docs.microsoft.com/zure/active-directory/develop/scenario-spa-app-registration).
+Follow the instructions to [register a new single page application](https://docs.microsoft.com/azure/active-directory/develop/scenario-spa-app-registration).
 
 #### Set a redirect URL for Node.js
 

articles/active-directory/develop/v2-oauth2-implicit-grant-flow.md

@@ -235,3 +235,6 @@ https://login.microsoftonline.com/{tenant}/oauth2/v2.0/logout?post_logout_redire
 ## Next steps
 
 * Go over the [MSAL JS samples](sample-v2-code.md) to get started coding.
+
+[OAuth2-Spec-Implicit-Misuse]: https://tools.ietf.org/html/rfc6749#section-10.16
+[OAuth2-Threat-Model-And-Security-Implications]: https://tools.ietf.org/html/rfc6819