edits

Author: v-thepet

articles/app-service/configure-authentication-provider-google.md

@@ -19,7 +19,7 @@ To complete the procedure, you must have a Google account that has a verified em
 
 ## <a name="register"> </a>Register your application with Google
 
-1. Follow the Google documentation at [Sign In with Google for Web - Setup](https://developers.google.com/identity/gsi/web/guides/fedcm-migration) to create a client ID and client secret. You don't need to make any code changes.
+1. Follow the Google documentation at [Get your Google API client ID](https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid) to create a client ID and client secret. You don't need to make any code changes.
    - For **Authorized JavaScript Origins**, use `https://<app-name>.azurewebsites.net`, replacing `<app-name>` with the name of your app.
    - For **Authorized Redirect URI**, use `https://<app-name>.azurewebsites.net/.auth/login/google/callback`.
 1. Make a note of the **App ID** and the **App Secret** values to use later.
@@ -37,11 +37,13 @@ To complete the procedure, you must have a Google account that has a verified em
 
 1. Enter the **App ID** and **App Secret** values you obtained previously.
 
-1. Leave the rest of the settings at their default values, and select **Add**.
+1. The **App Service authentication settings** section has settings such as how your application responds to unauthenticated requests. The default selections redirect all requests to sign in with the new provider. You can customize this behavior now or later. For now, leave the rest of the settings at their default values.
 
-On the **Authentication** page, the **Google** provider appears in the **Identity provider** section. The **Authentication settings** section shows settings such as how your application responds to unauthenticated requests.
+1. Select **Add**.
 
-The default selections redirect all requests to sign in with the new provider. You can customize this behavior now or later by selecting **Edit** next to **Authentication settings**. To learn more about the options, see [Authentication flow](overview-authentication-authorization.md#authentication-flow).
+The **Google** provider now appears in the **Identity provider** section of the **Authentication** page. You can edit the provider settings by selecting the pencil icon under **Edit**.
+
+The **Authentication settings** section shows settings such as how the application responds to unauthenticated requests. You can edit these settings by selecting **Edit** next to **Authentication settings**. To learn more about the options, see [Authentication flow](overview-authentication-authorization.md#authentication-flow).
 
 The application secret is stored as a slot-sticky [application setting](configure-common.md#configure-app-settings) named `GOOGLE_PROVIDER_AUTHENTICATION_SECRET`. You can see the setting on the **App Settings** tab of your app's **Environment variables** page in the portal. If you want to manage the secret in Azure Key Vault, you can update the setting later to use [Key Vault references](app-service-key-vault-references.md).
 

articles/app-service/configure-authentication-provider-openid-connect.md

@@ -16,21 +16,21 @@ ms.author: cephalin
 
 This article shows you how to configure Azure App Service or Azure Functions to use a custom authentication provider that adheres to the [OpenID Connect (OIDC) specification](https://openid.net/connect/). OIDC is an industry standard that many identity providers use. You don't need to understand the details of the specification to use an OIDC identity provider for your app.
 
-You can configure your app to use one or more OIDC providers. You must give each OIDC provider a unique friendly name in the configuration. Only one provider can serve as the default redirect target.
+You can configure your app to use one or more OIDC providers. You must give each OIDC provider a unique friendly name in the app configuration. Only one provider can serve as the default redirect target.
 
 ## <a name="register"> </a>Register your app with the OIDC identity provider
 
-Your provider requires you to register your application by specifying a redirect URI in the form `<app-url>/.auth/login/<provider-name>/callback`. Replace `<provider-name>` with the friendly name you give the OpenID provider in Azure.
+Your provider requires you to register your application by specifying a redirect URI in the form `<app-url>/.auth/login/<provider-name>/callback`. Replace `<app-url>` with your app URL and `<provider-name>` with the friendly name you are giving the OpenID provider in Azure.
 
 > [!NOTE]
 > The OpenID provider name can't contain a hyphen `-`, because an App Service application setting is created based on this name, and application settings don't support hyphens. You can use an underscore `_` instead.
 
-When you register your app, you need to collect a *client ID* and a *client secret* for your application. Your app needs to provide the client secret if you want the user to acquire access tokens using the interactive authorization code flow. If you don't want to acquire access tokens, you don't need to use a secret.
+When you register your app, you need to collect a *client ID* and a *client secret* for your application. Your app needs to provide the client secret if you want users to acquire access tokens using the interactive authorization code flow. If you don't want to acquire access tokens, you don't need to use a secret.
 
 > [!IMPORTANT]
-> The **App Secret** value is an important security credential. Don't share this secret with anyone or distribute it within a client application.
+> The client secret value is an important security credential. Don't share this secret with anyone or distribute it within a client application.
 
-Each identity provider should provide instructions on how to complete the registration steps. Some providers might require extra steps for their configuration and for using the values that they provide. For example, Apple provides a private key that you use to create a JSON Web Token (JWT), which you provide as the secret in your app configuration. For more information, see [Creating a client secret](https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens).
+Each identity provider should provide instructions on how to complete the registration steps. Some providers might require extra steps for their configuration or for using the values that they provide. For example, Apple provides a private key that you use to create a JSON Web Token (JWT), which you enter as the secret in your app configuration. For more information, see [Creating a client secret](https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens).
 
 You also need the provider's OIDC metadata. This metadata is often exposed in a [configuration metadata document](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) that you can get at the path formed by appending `/.well-known/openid-configuration` to the provider's issuer URL.
 
@@ -43,7 +43,7 @@ If you can't use a configuration metadata document, get the following values sep
 
 ## <a name="configure"> </a>Add provider information to your application
 
-To configure the OpenID Connect provider, follow these steps:
+To configure the OpenID Connect provider in Azure, follow these steps:
 
 1. On the [Azure portal](https://portal.azure.com) page for your app, select **Authentication** under **Settings** in the left navigation menu.
 
@@ -59,16 +59,19 @@ To configure the OpenID Connect provider, follow these steps:
 
 1. Under **App registration**, provide the values you collected earlier for **Client ID** and **Client secret**.
 
-1. Leave the rest of the settings at their default values, and select **Add** to finish setting up the identity provider.
+1. Select **Add** to finish setting up the identity provider.
 
-Your client secret is stored as an application setting to ensure that it's stored securely. If you want to manage the secret in Azure Key vault, update the setting later to use [Azure Key Vault references](app-service-key-vault-references.md).
+The OIDC provider friendly name appended with **(custom provider)** now appears in the **Identity provider** section of the **Authentication** page. You can edit the provider settings by selecting its pencil icon under **Edit**.
+
+The **Authentication settings** section shows settings such as how the application responds to unauthenticated requests. The default selections redirect all requests to sign in with the new provider. You can edit these settings by selecting **Edit** next to **Authentication settings**. To learn more about the options, see [Authentication flow](overview-authentication-authorization.md#authentication-flow).
+
+The application secret is stored as a slot-sticky [application setting](configure-common.md#configure-app-settings) named `<friendly_name>_AUTHENTICATION_SECRET`. You can see the setting on the **App Settings** tab of your app's **Environment variables** page in the portal. If you want to manage the secret in Azure Key Vault, you can edit the setting to use [Key Vault references](app-service-key-vault-references.md).
 
 >[!NOTE]
 >To add scopes, define the permissions your application has in the provider's registration portal. The app can request scopes that use these permissions at sign-in time.
 >
->Azure requires `openid`, `profile`, and `email` scopes. Make sure that you configure your app registration in your ID provider with at least these scopes.
->
->The `aud` scope must be the same as the configured **Client Id**. You can't configure the allowed audiences for this provider.
+>- Azure requires `openid`, `profile`, and `email` scopes. Make sure that you configure your app registration in your identity provider with at least these scopes.
+>- The `aud` scope must be the same as the configured **Client Id**. You can't configure the allowed audiences for this provider.
 
 ## <a name="related-content"> </a>Related content