Adjustments (#31)

* we are now using env var for client_secret

* update relative date

* wordfix

* Fix 2 high severity vulnerabilities

docs/content/the_basics_of_aanda_2.md

@@ -166,5 +166,5 @@ dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk
 * The process for a protected resource to query the authorization server to verify validity of a OAuth2 token
 * An extension to OAuth2 defined in [rfc7662](https://datatracker.ietf.org/doc/html/rfc7662)
 * Getting tokens type by ref and querying for "details"
-* Not currently supported by Microsoft Entra ID<br/> ([5+ year old request](https://feedback.azure.com/d365community/idea/ea407180-be25-ec11-b6e6-000d3a4f0789))
+* Not currently supported by Microsoft Entra ID<br/> ([7+ year old request](https://feedback.azure.com/d365community/idea/ea407180-be25-ec11-b6e6-000d3a4f0789))
 * No introspection limits the value of the /revoke end-point?

ex-01/doc/requesting_an_access_token.md

@@ -6,7 +6,6 @@ Steps:
 
 * Explore the `POST` request in 'authCode.http'
 * Copy the one-time `Code` from previous exercise (leg 1) to `&code=` of the post request
-* Copy the client_secret value into the "clip-board"
 * Select "Send the request" in VSCode (just above the POST definition)
 * Explore the results in the 'Response window'
 

ex-04/doc/security_considerations.md

@@ -12,7 +12,7 @@ In this section we will discuss a few security related implication that we are f
 * [OAuth 2.0 for Browser-Based Apps](https://datatracker.ietf.org/doc/draft-ietf-oauth-browser-based-apps/)
 * Good practice: Protocols (and Frameworks) does not guarantee security, Developers Do 
 * Good practice: For Microsoft Frameworks, Use MSAL (v2) - not ADAL (v1 is deprecated)
-* Good practice: Practice continuos threat modeling. Visit [appsec.equinor.com](https://appsec.equinor.com/threat-modeling/) for more information. ⚡️
+* Good practice: Practice continuous threat modeling. Visit [appsec.equinor.com](https://appsec.equinor.com/threat-modeling/) for more information. ⚡️
 
 ## --Now You--