(AzureCXP) https://github.com/MicrosoftDocs/azure-docs/issues/107339

AjayKumar-MSFT · web-flow · commit 231cea0d3b37 · 2023-04-01T00:13:23.000+05:30
&rdquo;Grant frontend app access to backend&rdquo; Section
The document states:"Select Add a permission, then select My APIs &gt; &lt;front-end-app-name&gt;."
I believe this should be &lt;back-end-app-name&gt;, not &lt;front-end-app-name&gt; because this section is about granting the frontend app access to the backend app.

"Configure App Service to return a usable access token" section
The document contains the following code:
authSettings=$(echo "$authSettings" | jq '.properties' | jq '.identityProviders.azureActiveDirectory.login += {"loginParameters":["scope==openid offline_access api://&lt;back-end-client-id&gt;/user_impersonation"]}') 
I think there is an extra "=" in the code for "scope==openid", and it should be modified to "scope=openid". After making this modification, the code should work correctly.
diff --git a/articles/app-service/tutorial-auth-aad.md b/articles/app-service/tutorial-auth-aad.md
@@ -216,7 +216,7 @@ In this step, you **grant the frontend app access to the backend app** on the us
 
 1. In the **Authentication** page for the frontend app, select your frontend app name under **Identity provider**. This app registration was automatically generated for you. Select **API permissions** in the left menu.
 
-1. Select **Add a permission**, then select **My APIs** > **\<front-end-app-name>**.
+1. Select **Add a permission**, then select **My APIs** > **\<back-end-app-name>**.
 
 1. In the **Request API permissions** page for the backend app, select **Delegated permissions** and **user_impersonation**, then select **Add permissions**.
 
@@ -230,7 +230,7 @@ In the Cloud Shell, run the following commands on the frontend app to add the `s
 
 ```azurecli-interactive
 authSettings=$(az webapp auth show -g myAuthResourceGroup -n <front-end-app-name>)
-authSettings=$(echo "$authSettings" | jq '.properties' | jq '.identityProviders.azureActiveDirectory.login += {"loginParameters":["scope==openid offline_access api://<back-end-client-id>/user_impersonation"]}')
+authSettings=$(echo "$authSettings" | jq '.properties' | jq '.identityProviders.azureActiveDirectory.login += {"loginParameters":["scope=openid offline_access api://<back-end-client-id>/user_impersonation"]}')
 az webapp auth set --resource-group myAuthResourceGroup --name <front-end-app-name> --body "$authSettings"
 ```
 
@@ -405,4 +405,4 @@ What you learned:
 Advance to the next tutorial to learn how to use this user's identity to access an Azure service.
 
 > [!div class="nextstepaction"]
->&nbsp;[Create a secure n-tier app in Azure App Service](tutorial-secure-ntier-app.md)
+>&nbsp;[Create a secure n-tier app in Azure App Service](tutorial-secure-ntier-app.md)
