Linux broker needs a specific redirect_uri

A recent customer troubleshooting case reveals that the Linux broker
needs a specific redirect_uri as its prerequisite

Author: rayluo

msal/application.py

@@ -1948,8 +1948,6 @@ def __init__(
 
         .. note::
 
-            You may set enable_broker_on_windows and/or enable_broker_on_mac and/or enable_broker_on_linux and/or enable_broker_on_wsl to True.
-
             **What is a broker, and why use it?**
 
             A broker is a component installed on your device.
@@ -1967,17 +1965,17 @@ def __init__(
             so that your broker-enabled apps (even a CLI)
             could automatically SSO from a previously established signed-in session.
 
-            **You shall only enable broker when your app:**
+            **You shall enable broker if your app meets these prerequisites:**
 
             1. is running on supported platforms,
                and already registered their corresponding redirect_uri
 
                * ``ms-appx-web://Microsoft.AAD.BrokerPlugin/your_client_id``
-                 if your app is expected to run on Windows 10+
+                 if your app is expected to run on Windows 10+ or WSL
                * ``msauth.com.msauth.unsignedapp://auth``
-                 if your app is expected to run on Mac
-               * ``ms-appx-web://Microsoft.AAD.BrokerPlugin/your_client_id``
-                 if your app is expected to run on Linux, especially WSL
+                 if your app is expected to run on Mac with Company Portal installed
+               * ``https://login.microsoftonline.com/common/oauth2/nativeclient``
+                 if your app is expected to run on Linux with Intune installed
 
             2. installed broker dependency,
                e.g. ``pip install msal[broker]>=1.33,<2``.

msal/broker.py

@@ -60,8 +60,10 @@ def _convert_error(error, client_id):
             or "AADSTS7000218" in context  # This "request body must contain ... client_secret" is just a symptom of current app has no WAM redirect_uri
             ):
         raise RedirectUriError(  # This would be seen by either the app developer or end user
-            "MsalRuntime needs the current app to register these redirect_uri "
-            "(1) ms-appx-web://Microsoft.AAD.BrokerPlugin/{} (2) {}".format(
+            """MsalRuntime needs the current app to register these redirect_uri
+(1) ms-appx-web://Microsoft.AAD.BrokerPlugin/{}
+(2) {}
+(3) https://login.microsoftonline.com/common/oauth2/nativeclient""".format(
             client_id, _redirect_uri_on_mac))
         # OTOH, AAD would emit other errors when other error handling branch was hit first,
         # so, the AADSTS50011/RedirectUriError is not guaranteed to happen.