art2-1

Author: v-thpra

articles/container-apps/authentication-openid.md

@@ -15,19 +15,17 @@ This article shows you how to configure Azure Container Apps to use a custom aut
 
 You can configure your app to use one or more OIDC providers. Each must be given a unique alphanumeric name in the configuration, and only one can serve as the default redirect target.
 
-## <a name="openid-register"> </a>Register your application with the identity provider
+## Register your application with the identity provider
 
 Your provider requires you to register the details of your application with it. One of these steps involves specifying a redirect URI. This redirect URI is of the form `<app-url>/.auth/login/<provider-name>/callback`. Each identity provider should provide more instructions on how to complete these steps.
 
 > [!NOTE]
-> Some providers may require additional steps for their configuration and how to use the values they provide. For example, Apple provides a private key which is not itself used as the OIDC client secret, and you instead must use it craft a JWT which is treated as the secret you provide in your app config (see the "Creating the Client Secret" section of the [Sign in with Apple documentation](https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens))
->
+> Some providers require further steps for their configuration and different guidance on how to use the values they provide. For example, Apple provides a private key, which isn't used as the OIDC client secret. Instead, you must use it to craft a JSON Web Token (JWT), which is treated as the secret you provide in your app config. For more information, see the "Creating the Client Secret" section of the [Sign in with Apple documentation](https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens).
 
 You need to collect a **client ID** and **client secret** for your application.
 
 > [!IMPORTANT]
-> The client secret is a critical security credential. Do not share this secret with anyone or distribute it within a client application.
->
+> The client secret is a critical security credential. Don't share this secret with anyone or distribute it within a client application.
 
 Additionally, you need the OpenID Connect metadata for the provider. This information is often exposed via a [configuration metadata document](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig), which is the provider's Issuer URL suffixed with `/.well-known/openid-configuration`. Make sure to gather this configuration URL.
 
@@ -38,7 +36,7 @@ If you're unable to use a configuration metadata document, you need to gather th
 - The [OAuth 2.0 Token endpoint](https://tools.ietf.org/html/rfc6749#section-3.2) (sometimes shown as `token_endpoint`)
 - The URL of the [OAuth 2.0 JSON Web Key Set](https://tools.ietf.org/html/rfc8414#section-2) document (sometimes shown as `jwks_uri`)
 
-## <a name="openid-configure"> </a>Add provider information to your application
+## Add provider information to your application
 
 1. Sign in to the [Azure portal] and navigate to your app.
 
@@ -60,8 +58,8 @@ If you're unable to use a configuration metadata document, you need to gather th
 
 Use the following guides for details on working with authenticated users.
 
-* [Customize sign-in and sign-out](authentication.md#customize-sign-in-and-sign-out)
-* [Access user claims in application code](authentication.md#access-user-claims-in-application-code)
+- [Customize sign-in and sign out](authentication.md#customize-sign-in-and-sign-out)
+- [Access user claims in application code](authentication.md#access-user-claims-in-application-code)
 
 ## Next steps