From f8c699f30581957212aad4dcbbf87f8b482c60d2 Mon Sep 17 00:00:00 2001
From: Charles Lowell <chlowe@microsoft.com>
Date: Wed, 21 Apr 2021 10:59:57 -0700
Subject: [PATCH 1/4] link to managed identity overview

---
 .../azure/identity/_credentials/managed_identity.py            | 3 +++
 .../azure/identity/aio/_credentials/managed_identity.py        | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py
index d2001a1002eb..6bb41251dad1 100644
--- a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py
+++ b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py
@@ -45,6 +45,9 @@ class ManagedIdentityCredential(object):
     This credential defaults to using a system-assigned identity. To configure a user-assigned identity, use one of
     the keyword arguments.
 
+    See Azure Active Directory documentation for more information about configuring managed identity for applications:
+    https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview
+
     :keyword str client_id: a user-assigned identity's client ID. This is supported in all hosting environments.
     :keyword identity_config: a mapping ``{parameter_name: value}`` specifying a user-assigned identity by its object
       or resource ID, for example ``{"object_id": "..."}``. Check the documentation for your hosting environment to
diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py
index d2d64f80ee6e..62fa65af1d50 100644
--- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py
+++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py
@@ -32,6 +32,9 @@ class ManagedIdentityCredential(AsyncContextManager):
     This credential defaults to using a system-assigned identity. To configure a user-assigned identity, use one of
     the keyword arguments.
 
+    See Azure Active Directory documentation for more information about configuring managed identity for applications:
+    https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview
+
     :keyword str client_id: a user-assigned identity's client ID. This is supported in all hosting environments.
     :keyword identity_config: a mapping ``{parameter_name: value}`` specifying a user-assigned identity by its object
       or resource ID, for example ``{"object_id": "..."}``. Check the documentation for your hosting environment to

From 195805043d2d6f4900e17216e16aa521518187c8 Mon Sep 17 00:00:00 2001
From: Charles Lowell <chlowe@microsoft.com>
Date: Wed, 21 Apr 2021 11:00:30 -0700
Subject: [PATCH 2/4] link to AAD documentation of cert registration

---
 .../azure-identity/azure/identity/_credentials/certificate.py  | 3 +++
 .../azure/identity/aio/_credentials/certificate.py             | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py b/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py
index 5c329672296d..27273223b0f8 100644
--- a/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py
+++ b/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py
@@ -23,6 +23,9 @@ class CertificateCredential(ClientCredentialBase):
 
     The certificate must have an RSA private key, because this credential signs assertions using RS256.
 
+    See Azure Active Directory documentation for more information on configuring certificate authentication:
+    https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-microsoft-identity-platform
+
     :param str tenant_id: ID of the service principal's tenant. Also called its 'directory' ID.
     :param str client_id: the service principal's client ID
     :param str certificate_path: path to a PEM-encoded certificate file including the private key. If not provided,
diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py
index 1de0bb2baaa0..ba435755b979 100644
--- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py
+++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py
@@ -22,6 +22,9 @@ class CertificateCredential(AsyncContextManager, GetTokenMixin):
 
     The certificate must have an RSA private key, because this credential signs assertions using RS256.
 
+    See Azure Active Directory documentation for more information on configuring certificate authentication:
+    https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-microsoft-identity-platform
+
     :param str tenant_id: ID of the service principal's tenant. Also called its 'directory' ID.
     :param str client_id: the service principal's client ID
     :param str certificate_path: path to a PEM-encoded certificate file including the private key. If not provided,

From c7b4a52384e1f41dddff9caed0d22d42e9b26948 Mon Sep 17 00:00:00 2001
From: Charles Lowell <chlowe@microsoft.com>
Date: Wed, 21 Apr 2021 11:12:57 -0700
Subject: [PATCH 3/4] pedantry: the secret authenticates the principal

---
 .../azure-identity/azure/identity/_credentials/client_secret.py | 2 +-
 .../azure/identity/aio/_credentials/client_secret.py            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py b/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py
index 1eef4f8abd78..9d25d1154280 100644
--- a/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py
+++ b/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py
@@ -12,7 +12,7 @@
 
 
 class ClientSecretCredential(ClientCredentialBase):
-    """Authenticates as a service principal using a client ID and client secret.
+    """Authenticates as a service principal using a client secret.
 
     :param str tenant_id: ID of the service principal's tenant. Also called its 'directory' ID.
     :param str client_id: the service principal's client ID
diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py
index 7bceaae674db..d77ecc1030a8 100644
--- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py
+++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py
@@ -17,7 +17,7 @@
 
 
 class ClientSecretCredential(AsyncContextManager, GetTokenMixin):
-    """Authenticates as a service principal using a client ID and client secret.
+    """Authenticates as a service principal using a client secret.
 
     :param str tenant_id: ID of the service principal's tenant. Also called its 'directory' ID.
     :param str client_id: the service principal's client ID

From dd4458f7414abc0f057e55890e5b213679481002 Mon Sep 17 00:00:00 2001
From: Charles Lowell <chlowe@microsoft.com>
Date: Wed, 21 Apr 2021 11:13:05 -0700
Subject: [PATCH 4/4] remove unhelpful links to protocol documentation

---
 .../azure-identity/azure/identity/_credentials/browser.py    | 2 --
 .../azure/identity/_credentials/device_code.py               | 5 +++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/browser.py b/sdk/identity/azure-identity/azure/identity/_credentials/browser.py
index 4f2cc5efbdee..0f773df22602 100644
--- a/sdk/identity/azure-identity/azure/identity/_credentials/browser.py
+++ b/sdk/identity/azure-identity/azure/identity/_credentials/browser.py
@@ -30,8 +30,6 @@ class InteractiveBrowserCredential(InteractiveCredential):
 
     :func:`~get_token` opens a browser to a login URL provided by Azure Active Directory and authenticates a user
     there with the authorization code flow, using PKCE (Proof Key for Code Exchange) internally to protect the code.
-    Azure Active Directory documentation describes the authentication flow in more detail:
-    https://docs.microsoft.com/azure/active-directory/develop/v1-protocols-oauth-code
 
     :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
           the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/device_code.py b/sdk/identity/azure-identity/azure/identity/_credentials/device_code.py
index 5e29d34943f4..dec7303b334c 100644
--- a/sdk/identity/azure-identity/azure/identity/_credentials/device_code.py
+++ b/sdk/identity/azure-identity/azure/identity/_credentials/device_code.py
@@ -27,8 +27,9 @@ class DeviceCodeCredential(InteractiveCredential):
     A user must browse to the URL, enter the code, and authenticate with Azure Active Directory. If the user
     authenticates successfully, the credential receives an access token.
 
-    For more information about the device code flow, see Azure Active Directory documentation:
-    https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-device-code
+    This credential is primarily useful for authenticating a user in an environment without a web browser, such as an
+    SSH session. If a web browser is available, :class:`~azure.identity.InteractiveBrowserCredential` is more
+    convenient because it automatically opens a browser to the login page.
 
     :param str client_id: client ID of the application users will authenticate to. When not specified users will
           authenticate to an Azure development application.