Push to fork

Author: reginayap8

articles/active-directory-b2c/identity-provider-wechat.md

@@ -28,16 +28,26 @@ zone_pivot_groups: b2c-policy-type
 
 ## Create a WeChat application
 
-To enable sign-in for users with a WeChat account in Azure Active Directory B2C (Azure AD B2C), you need to create an application in [WeChat management center](https://open.weixin.qq.com/). If you don't already have a WeChat account, you can get information at [https://kf.qq.com](https://kf.qq.com/faq/161220Brem2Q161220uUjERB.html).
+To enable sign-in for users with a WeChat account in Azure Active Directory B2C (Azure AD B2C), you need to create an application in [WeChat management center](https://open.weixin.qq.com/). If you don't already have a Weixin Open Platform account, you can get information at [https://kf.qq.com](https://kf.qq.com/faq/161220Brem2Q161220uUjERB.html). The Weixin Open Platform account and application must be approved to link WeChat as an identity provider to your user flow.
 
 ### Register a WeChat application
 
 1. Sign in to [https://open.weixin.qq.com/](https://open.weixin.qq.com/) with your WeChat credentials.
 1. Select **管理中心** (management center).
 1. Follow the steps to register a new application.
-1. For the **授权回调域** (callback URL), enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name/your-tenant-name.onmicrosoft.com/oauth2/authresp`. Replace `your-tenant-name` with the name of your tenant, and `your-domain-name` with your custom domain.
+1. Ensure the application status is "Approved".
+
+    - <img src="media/identity-provider-azure-ad-b2c/ApprovedApp.png" alt="ApprovedApp" width="1200"/>
+
+1. For the **Development information** (authorization callback domain), enter `your-tenant-name.b2clogin.com`.
+    - Mooncake callback URL: `your-tenant-name.b2clogin.cn`
+
+    - <img src="media/identity-provider-azure-ad-b2c/CallbackDomain.png" alt="CallbackDomain" width="1200"/>
+
 1. Copy the **APP ID** and **APP KEY**. You need both of them to configure the identity provider to your tenant.
 
+    - <img src="media/identity-provider-azure-ad-b2c/AppInfo.png" alt="AppInfo" width="1200"/>
+
 ::: zone pivot="b2c-user-flow"
 
 ## Configure WeChat as an identity provider
@@ -51,12 +61,17 @@ To enable sign-in for users with a WeChat account in Azure Active Directory B2C
 1. For the **Client secret**, enter the APP KEY that you recorded.
 1. Select **Save**.
 
+    - <img src="media/identity-provider-azure-ad-b2c/WeChatClientInfo.png" alt="WeChatClientInfo" width="800"/>
+
 ## Add WeChat identity provider to a user flow 
 
 1. In your Azure AD B2C tenant, select **User flows**.
 1. Click the user flow that you want to add the WeChat identity provider.
 1. Under the **Social identity providers**, select **WeChat**.
 1. Select **Save**.
+
+    - <img src="media/identity-provider-azure-ad-b2c/LinkWeChatIdp.png" alt="LinkWeChatIdp" width="1200"/>
+
 1. To test your policy, select **Run user flow**.
 1. For **Application**, select the web application named *testapp1* that you previously registered. The **Reply URL** should show `https://jwt.ms`.
 1. Select the **Run user flow** button.