From 80377893db0a2cc11c79665f2eef15d0ce678e9f Mon Sep 17 00:00:00 2001
From: Michael Mitchell-Halter <v-michaelmi@microsoft.com>
Date: Mon, 27 Jun 2022 09:55:06 -0700
Subject: [PATCH 1/3] Fixed image path for readme

---
 2-WebApp-graph-user/2-5-HybridFlow/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/2-WebApp-graph-user/2-5-HybridFlow/README.md b/2-WebApp-graph-user/2-5-HybridFlow/README.md
index a05e279e..26ce2f58 100644
--- a/2-WebApp-graph-user/2-5-HybridFlow/README.md
+++ b/2-WebApp-graph-user/2-5-HybridFlow/README.md
@@ -36,7 +36,7 @@ Table Of Contents
  1. The [Access Tokens](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) is used as a bearer token to call the **Microsoft Graph API**.
  1. The [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) is passed to the razor single page application to be exchanged for an access token client side.
 
-![Scenario Image](../ReadmeFiles/topology.png)
+![Scenario Image](./ReadmeFiles/topology.png)
 ## Prerequisites
 
 * Either [Visual Studio](https://visualstudio.microsoft.com/downloads/) or [Visual Studio Code](https://code.visualstudio.com/download) and [.NET Core SDK](https://www.microsoft.com/net/learn/get-started)

From 745b2853b66bbda9e7acd243a7f4fb77ffed9919 Mon Sep 17 00:00:00 2001
From: Michael Mitchell-Halter <v-michaelmi@microsoft.com>
Date: Mon, 27 Jun 2022 10:02:34 -0700
Subject: [PATCH 2/3] Fixed path to topology image and updated scenario text

---
 .../2-5-HybridFlow/AppCreationScripts-withCert/sample.json | 2 +-
 .../2-5-HybridFlow/AppCreationScripts/sample.json          | 2 +-
 2-WebApp-graph-user/2-5-HybridFlow/README.md               | 7 ++++---
 .../2-5-HybridFlow/ReadmeFiles/ReadmeScenario.md           | 7 ++++---
 4 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/2-WebApp-graph-user/2-5-HybridFlow/AppCreationScripts-withCert/sample.json b/2-WebApp-graph-user/2-5-HybridFlow/AppCreationScripts-withCert/sample.json
index 8e6e0899..18844126 100644
--- a/2-WebApp-graph-user/2-5-HybridFlow/AppCreationScripts-withCert/sample.json
+++ b/2-WebApp-graph-user/2-5-HybridFlow/AppCreationScripts-withCert/sample.json
@@ -18,7 +18,7 @@
   },
   "ReadmeScenario": {
     "IncludeFilePath": "../ReadmeFiles/ReadmeScenario.md",
-    "Image": "../ReadmeFiles/topology.png",
+    "Image": "./ReadmeFiles/topology.png",
     "AdditionalNotes": ""
   },
   "ReadmePrerequirements": {
diff --git a/2-WebApp-graph-user/2-5-HybridFlow/AppCreationScripts/sample.json b/2-WebApp-graph-user/2-5-HybridFlow/AppCreationScripts/sample.json
index 9256a4f8..48b7f475 100644
--- a/2-WebApp-graph-user/2-5-HybridFlow/AppCreationScripts/sample.json
+++ b/2-WebApp-graph-user/2-5-HybridFlow/AppCreationScripts/sample.json
@@ -18,7 +18,7 @@
   },
   "ReadmeScenario": {
     "IncludeFilePath": "../ReadmeFiles/ReadmeScenario.md",
-    "Image": "../ReadmeFiles/topology.png",
+    "Image": "./ReadmeFiles/topology.png",
     "AdditionalNotes": ""
   },
 
diff --git a/2-WebApp-graph-user/2-5-HybridFlow/README.md b/2-WebApp-graph-user/2-5-HybridFlow/README.md
index 26ce2f58..fd51b441 100644
--- a/2-WebApp-graph-user/2-5-HybridFlow/README.md
+++ b/2-WebApp-graph-user/2-5-HybridFlow/README.md
@@ -32,9 +32,10 @@ Table Of Contents
 
  Use the hybrid-SPA code flow to obtain an Access token for your Web API in he backend and use it in the client SPA [without re-authenticating the user]
 
- 1. The client ASP.NET Core Web App uses the [Microsoft.Identity.Web](https://aka.ms/microsoft-identity-web) to sign-in and obtain a JWT [Access Tokens](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) from **Azure AD** as well as an additional [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) to be passed to a client-side single page application.
- 1. The [Access Tokens](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) is used as a bearer token to call the **Microsoft Graph API**.
- 1. The [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) is passed to the razor single page application to be exchanged for an access token client side.
+ 1. The client ASP.NET Core Web App uses the [Microsoft.Identity.Web](https://aka.ms/microsoft-identity-web) to sign-in and obtain a JWT [Access Token](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) from **Azure AD** as well as an additional [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) to be passed to a client-side single page application.
+ 1. The [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) is passed to the client-side application using the session configuration for the application.
+ 1. The [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) is exchanged for an [Access Token](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) in the client-side application.
+ 1. The [Access Token](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) is used by the client-side application as a bearer token to call the **Microsoft Graph API**.
 
 ![Scenario Image](./ReadmeFiles/topology.png)
 ## Prerequisites
diff --git a/2-WebApp-graph-user/2-5-HybridFlow/ReadmeFiles/ReadmeScenario.md b/2-WebApp-graph-user/2-5-HybridFlow/ReadmeFiles/ReadmeScenario.md
index ad1d93f3..5afb5616 100644
--- a/2-WebApp-graph-user/2-5-HybridFlow/ReadmeFiles/ReadmeScenario.md
+++ b/2-WebApp-graph-user/2-5-HybridFlow/ReadmeFiles/ReadmeScenario.md
@@ -2,6 +2,7 @@
 
  Use the hybrid-SPA code flow to obtain an Access token for your Web API in he backend and use it in the client SPA [without re-authenticating the user]
 
- 1. The client ASP.NET Core Web App uses the [Microsoft.Identity.Web](https://aka.ms/microsoft-identity-web) to sign-in and obtain a JWT [Access Tokens](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) from **Azure AD** as well as an additional [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) to be passed to a client-side single page application.
- 1. The [Access Tokens](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) is used as a bearer token to call the **Microsoft Graph API**.
- 1. The [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) is passed to the razor single page application to be exchanged for an access token client side.
+ 1. The client ASP.NET Core Web App uses the [Microsoft.Identity.Web](https://aka.ms/microsoft-identity-web) to sign-in and obtain a JWT [Access Token](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) from **Azure AD** as well as an additional [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) to be passed to a client-side single page application.
+ 1. The [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) is passed to the client-side application using the session configuration for the application.
+ 1. The [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) is exchanged for an [Access Token](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) in the client-side application.
+ 1. The [Access Token](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) is used by the client-side application as a bearer token to call the **Microsoft Graph API**.

From fdd3e39ef175fd576f86e0bf9728aa83ee296612 Mon Sep 17 00:00:00 2001
From: Michael Mitchell-Halter <v-michaelmi@microsoft.com>
Date: Mon, 27 Jun 2022 10:52:55 -0700
Subject: [PATCH 3/3] Updating scenario

---
 2-WebApp-graph-user/2-5-HybridFlow/README.md                    | 2 +-
 .../2-5-HybridFlow/ReadmeFiles/ReadmeScenario.md                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/2-WebApp-graph-user/2-5-HybridFlow/README.md b/2-WebApp-graph-user/2-5-HybridFlow/README.md
index fd51b441..48401c62 100644
--- a/2-WebApp-graph-user/2-5-HybridFlow/README.md
+++ b/2-WebApp-graph-user/2-5-HybridFlow/README.md
@@ -34,7 +34,7 @@ Table Of Contents
 
  1. The client ASP.NET Core Web App uses the [Microsoft.Identity.Web](https://aka.ms/microsoft-identity-web) to sign-in and obtain a JWT [Access Token](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) from **Azure AD** as well as an additional [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) to be passed to a client-side single page application.
  1. The [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) is passed to the client-side application using the session configuration for the application.
- 1. The [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) is exchanged for an [Access Token](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) in the client-side application.
+ 1. The [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) is exchanged for another [Access Token](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) in the client-side application.
  1. The [Access Token](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) is used by the client-side application as a bearer token to call the **Microsoft Graph API**.
 
 ![Scenario Image](./ReadmeFiles/topology.png)
diff --git a/2-WebApp-graph-user/2-5-HybridFlow/ReadmeFiles/ReadmeScenario.md b/2-WebApp-graph-user/2-5-HybridFlow/ReadmeFiles/ReadmeScenario.md
index 5afb5616..0b53ae77 100644
--- a/2-WebApp-graph-user/2-5-HybridFlow/ReadmeFiles/ReadmeScenario.md
+++ b/2-WebApp-graph-user/2-5-HybridFlow/ReadmeFiles/ReadmeScenario.md
@@ -4,5 +4,5 @@
 
  1. The client ASP.NET Core Web App uses the [Microsoft.Identity.Web](https://aka.ms/microsoft-identity-web) to sign-in and obtain a JWT [Access Token](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) from **Azure AD** as well as an additional [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) to be passed to a client-side single page application.
  1. The [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) is passed to the client-side application using the session configuration for the application.
- 1. The [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) is exchanged for an [Access Token](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) in the client-side application.
+ 1. The [Spa Authorization Code](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/SPA-Authorization-Code) is exchanged for another [Access Token](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) in the client-side application.
  1. The [Access Token](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) is used by the client-side application as a bearer token to call the **Microsoft Graph API**.