Merge pull request #49 from AzureAD/remove-secret

Avoid hardcoding secret

Author: rayluo

sample/authorization-code-flow-sample/authorization_code_flow_sample.py

@@ -13,8 +13,10 @@
 }
 
 You can then run this sample with a JSON configuration file:
-    python sample.py parameters.json
-    On the browser open http://localhost:5000/
+
+    python sample.py parameters.json your_flask_session_secret_here
+
+And the on the browser open http://localhost:5000/
 
 """
 
@@ -29,7 +31,7 @@
 
 app = flask.Flask(__name__)
 app.debug = True
-app.secret_key = 'development'
+app.secret_key = sys.argv[2]  # In this demo, we expect a secret from 2nd CLI param
 
 
 # Optional logging