Apply reviewer's feedback

Author: MarcialRosales

site/management.md

@@ -301,15 +301,14 @@ means it cannot securely store credentials such as the *client_secret*. This mea
 To redirect users to the UAA server to authenticate, use the following configuration:
 
 <pre class="lang-ini">
-management.enable_uaa = true  
+management.enable_uaa = true
 management.oauth_enabled = true
 management.oauth_client_id = rabbit_user_client
 management.oauth_provider_url = https://my-uaa-server-host:8443/uaa
 </pre>
 
-> IMPORTANT: Since RabbitMQ 3.10, RabbitMQ uses `authorization_code` grant type. `implicit` flow has been
-deprecated.
-> IMPORTANT: management.oauth_client_secret is an optional setting. It is only required when your authorization server requires it
+> IMPORTANT: Since RabbitMQ 3.10, RabbitMQ uses `authorization_code` grant type. `implicit` flow is deprecated.
+> IMPORTANT: `management.oauth_client_secret` is an optional setting. It is only required when your authorization server requires it
 
 ### Allow Basic and OAuth 2 authentication
 
@@ -401,20 +400,26 @@ In addition to the `connect-src` CSP header, RabbitMQ also needs the CSP directi
 
 ### Identity-Provider initiated logon
 
-By default, the Management UI uses OAuth 2.0 authorization code flow to authenticate and authorize users.
+By default, the RabbitMQ Management UI uses the OAuth 2.0 **authorization code flow** to authenticate and authorize users.
 However, there are scenarios where users preferred to be automatically redirected to RabbitMQ without getting
 involved in additional logon flows. This is common in Web Portals where with a single click, users navigate
 straight to a RabbitMQ cluster's management UI with a token obtained under the covers. This is known as
 **Identity-Provider initiated logon**.
 
 RabbitMQ exposes a new setting called `management.oauth_initiated_logon_type` whose default value `sp_initiated`.
-To enable an **Identity-Provider initiated logon** we set it to `idp_initiated`.
+To enable an **Identity-Provider initiated logon** you set it to `idp_initiated`.
+
+After you set `management.oauth_initiated_logon_type` to `idp_initiated` and
+`oauth_enabled: true` and `oauth_provider_url` are configured, the management UI exposes the HTTP endpoint `/login` which accepts `content-type: application/x-www-form-urlencoded` and it expects the JWT token in the `access_token` form field. This is the endpoint where the web portal would redirect users to access the RabbitMQ Management ui.
+
+This is the minimum required configuration for a RabbitMQ cluster configured with `idp_initiated` logon type:
 
-When we set `management.oauth_initiated_logon_type` to `idp_initiated` the minimum required configuration is
-`oauth_enabled: true` and `oauth_provider_url`. The other settings related to OAuth are not required.
-The `oauth_provider_url` should be the web portal address.
+<pre class="lang-ini">
+management.oauth_enabled = true
+management.oauth_initiated_logon_type = idp_initiated
+management.oauth_provider_url = https://my-web-portal
+</pre>
 
-Once we set `management.oauth_initiated_logon_type` to `idp_initiated`, the management UI exposes the endpoint `/login` which accepts `content-type: application/x-www-form-urlencoded` and it expects the JWT token in the `access_token` form field.
 
 ## <a id="http-api" class="anchor" href="#http-api">HTTP API</a>
 

site/oauth2-examples-keycloak.md

@@ -107,12 +107,12 @@ rather than `legacy-token-key`.
 
 ### Configure Client
 
-For backend applications which uses **Client Credentials flow** you create a **Client** with:
+For backend applications which uses **Client Credentials flow**, you can create a **Client** with:
 
 * **Access Type** : `public`
-* With all the other flows disabled: Standard Flow, Implicit Flow, Direct Access Grants
+* Turn off `Standard Flow`, `Implicit Flow`, and `Direct Access Grants`
 * With **Service Accounts Enabled** on. If it is not enabled you do not have the tab `Credentials`
-* In tab `Credentials` you have the client id 
+* In the `Credentials` tab, you have the `client id`
 
 
 ### Configure Client scopes

site/oauth2-examples.md

@@ -90,10 +90,10 @@ The last command starts a RabbitMQ server with [this](https://github.com/rabbitm
 
 ## <a id="access-management-ui" class="anchor" href="#access-management-ui">Access Management UI using OAuth 2.0 tokens</a>
 
-The Management UI can be configured with one of these two login modes:
+The RabbitMQ Management UI can be configured with one of these two login modes:
 
-* [Service-Provider initiated logon](#service-provider-initiated-logon) - This is the default and traditional OAuth 2.0 logon mode. The user comes to the Management UI and clicks on the button "Click here to logon" which initiates the logon. The logon process starts in RabbitMQ, the *Service Provider*.
-* [Identity-Provider initiated logon](#identity-provider-initiated-logon) - This is a logon mode meant for web portals. Users navigate to RabbitMQ with a token already obtained by the web portal on behalf of the user.
+* [Service-Provider initiated logon](#service-provider-initiated-logon) - This is the default and traditional OAuth 2.0 logon mode. In the RabbitMQ Management UI, click `Click here to logon` to initiate the logon.  The logon process starts in RabbitMQ, the *Service Provider*.
+* [Identity-Provider initiated logon](#identity-provider-initiated-logon) - You can use this logon mode for web portals. Users can navigate to RabbitMQ with an existing token which is retrieved from the web portal on behalf of the user.
 
 ### <a id="service-provider-initiated-logon" class="anchor" href="#service-provider-initiated-logon">Service-Provider initiated logon</a>