MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 22415 additions & 22411 deletions b/‎.openpublishing.redirection.json
Lines changed: 22415 additions & 22411 deletions
diff --git a/‎articles/active-directory-b2c/access-tokens.md
Lines changed: 17 additions & 18 deletions b/‎articles/active-directory-b2c/access-tokens.md
Lines changed: 17 additions & 18 deletions
diff --git a/‎articles/active-directory-b2c/configure-authentication-sample-angular-spa-app.md
Lines changed: 10 additions & 9 deletions b/‎articles/active-directory-b2c/configure-authentication-sample-angular-spa-app.md
Lines changed: 10 additions & 9 deletions
@@ -1,5 +1,5 @@
 ---
-title: Request an access token - Azure Active Directory B2C  
+title: Request an access token in Azure Active Directory B2C
 description: Learn how to request an access token from Azure Active Directory B2C.
 services: active-directory-b2c
 author: kengaderdus
@@ -8,20 +8,20 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 02/07/2022
+ms.date: 03/09/2023
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: B2C
 
 ---
 # Request an access token in Azure Active Directory B2C
 
-An *access token* contains claims that you can use in Azure Active Directory B2C (Azure AD B2C) to identify the granted permissions to your APIs. When calling a resource server, an access token must be present in the HTTP request. An access token is denoted as **access_token** in the responses from Azure AD B2C.
+An *access token* contains claims that you can use in Azure Active Directory B2C (Azure AD B2C) to identify the granted permissions to your APIs. To call a resource server, the HTTP request must include an access token. An access token is denoted as **access_token** in the responses from Azure AD B2C.
 
 This article shows you how to request an access token for a web application and web API. For more information about tokens in Azure AD B2C, see the [overview of tokens in Azure Active Directory B2C](tokens-overview.md).
 
 > [!NOTE]
-> **Web API chains (On-Behalf-Of) is not supported by Azure AD B2C.** - Many architectures include a web API that needs to call another downstream web API, both secured by Azure AD B2C. This scenario is common in clients that have a web API back end, which in turn calls a another service. This chained web API scenario can be supported by using the OAuth 2.0 JWT Bearer Credential grant, otherwise known as the On-Behalf-Of flow. However, the On-Behalf-Of flow is not currently implemented in Azure AD B2C. Although On-Behalf-Of works for applications registered in Azure AD, it does not work for applications registered in Azure AD B2C, regardless of the tenant (Azure AD or Azure AD B2C) that is issuing the tokens.
+> **Web API chains (On-Behalf-Of) is not supported by Azure AD B2C** - Many architectures include a web API that needs to call another downstream web API, both secured by Azure AD B2C. This scenario is common in clients that have a web API back end, which in turn calls a another service. This chained web API scenario can be supported by using the OAuth 2.0 JWT Bearer Credential grant, otherwise known as the On-Behalf-Of flow. However, the On-Behalf-Of flow is not currently implemented in Azure AD B2C. Although On-Behalf-Of works for applications registered in Azure AD, it does not work for applications registered in Azure AD B2C, regardless of the tenant (Azure AD or Azure AD B2C) that is issuing the tokens.
 
 ## Prerequisites
 
@@ -60,17 +60,7 @@ If the **response_type** parameter in an `/authorize` request includes `token`,
 
 ## Request a token
 
-To request an access token, you need an authorization code. Below is an example of a request to the `/authorize` endpoint for an authorization code.
-
-In the following example, you replace these values in the query string:
-
-- `<tenant-name>` - The name of your [Azure AD B2C tenant](tenant-management-read-tenant-name.md#get-your-tenant-name). If you're using a custom domain, replace `tenant-name.b2clogin.com` with your domain, such as `contoso.com`. 
-- `<policy-name>` - The name of your custom policy or user flow.
-- `<application-ID>` - The application identifier of the web application that you registered to support the user flow.
-- `<application-ID-URI>` - The application identifier URI that you set under **Expose an API** blade of the client application.
-- `<scope-name>` - The name of the scope that you added under **Expose an API** blade of the client application.
-- `<redirect-uri>` - The **Redirect URI** that you entered when you registered the client application.
-
+To request an access token, you need an authorization code. The following is an example of a request to the `/authorize` endpoint for an authorization code:
 ```http
 GET https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/authorize?
 client_id=<application-ID>
@@ -80,17 +70,26 @@ client_id=<application-ID>
 &response_type=code
 ```
 
+Replace the values in the query string as follows:
+
+- `<tenant-name>` - The name of your [Azure AD B2C tenant](tenant-management-read-tenant-name.md#get-your-tenant-name). If you're using a custom domain, replace `tenant-name.b2clogin.com` with your domain, such as `contoso.com`. 
+- `<policy-name>` - The name of your custom policy or user flow.
+- `<application-ID>` - The application identifier of the web application that you registered to support the user flow.
+- `<application-ID-URI>` - The application identifier URI that you set under **Expose an API** blade of the client application.
+- `<scope-name>` - The name of the scope that you added under **Expose an API** blade of the client application.
+- `<redirect-uri>` - The **Redirect URI** that you entered when you registered the client application.
+
 To get a feel of how the request works, paste the request into your browser and run it. 
 
-This is the interactive part of the flow, where you take action. You're asked to complete the user flow's workflow. This might involve entering your username and password in a sign in form or any other number of steps. The steps you complete depend on how the user flow is defined.
+This's the interactive part of the flow, where you take action. You're asked to complete the user flow's workflow. This might involve entering your username and password in a sign in form or any other number of steps. The steps you complete depend on how the user flow is defined.
 
 The response with the authorization code should be similar to this example:
 
 ```
 https://jwt.ms/?code=eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMC...
 ```
 
-After successfully receiving the authorization code, you can use it to request an access token. Note that the parameters are in the body of the HTTP POST request:
+After successfully receiving the authorization code, you can use it to request an access token. The parameters are in the body of the HTTP POST request:
 
 ```http
 POST <tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/token HTTP/1.1
@@ -105,7 +104,7 @@ grant_type=authorization_code
 &client_secret=2hMG2-_:y12n10vwH...
 ```
 
-If you're testing this POST HTTP request, you can use any HTTP client such as [Microsoft PowerShell](/powershell/scripting/overview) or [Postman](https://www.postman.com/).
+If you want to test this POST HTTP request, you can use any HTTP client such as [Microsoft PowerShell](/powershell/scripting/overview) or [Postman](https://www.postman.com/).
 
 A successful token response looks like this:
 
 
@@ -7,7 +7,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/30/2022
+ms.date: 03/09/2023
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -35,7 +35,7 @@ The sign-in flow involves the following steps:
 
 ### App registration
 
-To enable your app to sign in with Azure AD B2C and call a web API, you must register two applications in the Azure AD B2C directory:  
+To enable your app to sign in with Azure AD B2C and call a web API, you must register two applications in your Azure AD B2C tenant:  
 
 - The *single-page application* (Angular) registration enables your app to sign in with Azure AD B2C. During app registration, you specify the *redirect URI*. The redirect URI is the endpoint to which the user is redirected after they authenticate with Azure AD B2C. The app registration process generates an *application ID*, also known as the *client ID*, that uniquely identifies your app. This article uses the example **App ID: 1**.
 
@@ -57,7 +57,7 @@ The following diagram describes the app registrations and the app architecture.
 
 Before you follow the procedures in this article, make sure that your computer is running:
 
-* [Visual Studio Code](https://code.visualstudio.com/) or another code editor.
+* [Visual Studio Code](https://code.visualstudio.com/) or any other code editor.
 * [Node.js runtime](https://nodejs.org/en/download/) and [npm](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm).
 * [Angular CLI](https://angular.io/cli).
 
@@ -82,8 +82,9 @@ In this step, you create the registrations for the Angular SPA and the web API a
 Follow these steps to create the Angular app registration:
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. Make sure you're using the directory that contains your Azure AD B2C tenant:
+    1. Select the **Directories + subscriptions** icon in the portal toolbar.
+    2. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
 1. In the Azure portal, search for and select **Azure AD B2C**.
 1. Select **App registrations**, and then select **New registration**.
 1. For **Name**, enter a name for the application. For example, enter **MyApp**.
@@ -203,7 +204,7 @@ Your final configuration file should look like the following JSON:
 
 ## Step 5: Run the Angular SPA and web API
 
-You're now ready to test the Angular scoped access to the API. In this step, run both the web API and the sample Angular application on your local machine. Then, log in to the Angular application, and select the **TodoList** button to start a request to the protected API.
+You're now ready to test the Angular scoped access to the API. In this step, run both the web API and the sample Angular application on your local machine. Then, sign in to the Angular application, and select the **TodoList** button to start a request to the protected API.
 
 ### Run the web API
 
@@ -252,8 +253,8 @@ You're now ready to test the Angular scoped access to the API. In this step, run
 
     ![Screenshot that shows the Angular sample app with the login link.](./media/configure-authentication-sample-angular-spa-app/sample-app-sign-in.png)
 
-1. Complete the sign-up or login process.
-1. Upon successful login, you should see your profile. From the menu, select **TodoList**.
+1. Complete the sign-up or sign-in process.
+1. Upon successful sign-in, you should see your profile. From the menu, select **TodoList**.
 
     ![Screenshot that shows the Angular sample app with the user profile, and the call to the to-do list.](./media/configure-authentication-sample-angular-spa-app/sample-app-result.png)
 
@@ -275,4 +276,4 @@ You can add and modify redirect URIs in your registered applications at any time
 * [Learn more about the code sample](https://github.com/Azure-Samples/ms-identity-javascript-angular-tutorial/)
 * [Enable authentication in your own Angular application](enable-authentication-angular-spa-app.md)
 * [Configure authentication options in your Angular application](enable-authentication-angular-spa-app-options.md)
-* [Enable authentication in your own web API](enable-authentication-web-api.md)
+* [Enable authentication in your own web API](enable-authentication-web-api.md)