redo of docs 3689

.markdownlint.json

@@ -1,20 +1,20 @@
 {
   "default": false,
   "resultVersion": 1,
-  "MD001": true,
+  "MD001": false,
   "MD002": true,
   "MD003": true,
   "MD005": true,
   "MD006": true,
   "MD011": true,
-  "MD012": true,
+  "MD012": false,
   "MD018": true,
   "MD019": true,
   "MD023": true,
-  "MD024": true,
+  "MD024": false,
   "MD025": true,
   "MD027": true,
-  "MD031": true,
+  "MD031": false,
   "MD034": true,
   "MD035": true,
   "MD037": true,

articles/api/authentication/_change-password.md

@@ -79,7 +79,7 @@ Note: This endpoint only works for database connections.
   * `X-RateLimit-Reset`: Remaining time until the rate limit (`X-RateLimit-Limit`) resets. The value is in [UTC epoch seconds](https://en.wikipedia.org/wiki/Unix_time).
 
 
-### More Information
+### Learn More
 
 - [Changing a User's Password](/connections/database/password-change)
 - [Password Strength in Auth0 Database Connections](/connections/database/password-strength)

articles/api/authentication/_introduction.md

@@ -2,7 +2,7 @@
 
 The Authentication API enables you to manage all aspects of user identity when you use Auth0. It offers endpoints so your users can log in, sign up, log out, access APIs, and more. 
 
-The API supports various identity protocols, like <dfn data-key="openid">[OpenID Connect](/protocols/oidc)</dfn>, [OAuth 2.0](/protocols/oauth2), and <dfn data-key="security-assertion-markup-language">[SAML](/protocols/saml)</dfn>.
+The API supports various identity protocols, like <dfn data-key="openid">[OpenID Connect](/protocols/oidc)</dfn>, <dfn data-key="oath2"> [OAuth 2.0](/protocols/oauth2)</dfn>, <dfn data-key="fapi">[FAPI](https://auth0.com/docs/secure/highly-regulated-identity#advanced-security-with-openid-connect-fapi-)</dfn> and <dfn data-key="security-assertion-markup-language">[SAML](/protocols/saml)</dfn>.
 
 :::note
 This API is designed for people who feel comfortable integrating with RESTful APIs. If you prefer a more guided approach check out our [Quickstarts](/quickstarts) or our [Libraries](/libraries).
@@ -120,4 +120,4 @@ Note that for database connections Auth0 limits certain types of repeat login at
 
 If you have problems or need help with your case, you can always reach out to our [Support](${env.DOMAIN_URL_SUPPORT}).
 
-Note that if you have a free subscription plan, and you are not in your 22-day trial period, you will not be able to access or open tickets in the [Support Center](${env.DOMAIN_URL_SUPPORT}). In this case, you can seek support through the [Auth0 Community](https://community.auth0.com/). For more info on our support program, refer to [Support Options](/support).
+Note that if you have a free subscription plan, and you are not in your 22-day trial period, you will not be able to access or open tickets in the [Support Center](${env.DOMAIN_URL_SUPPORT}). In this case, you can seek support through the [Auth0 Community](https://community.auth0.com/). For more info on our support program, refer to [Support Options](/support).

articles/api/authentication/_logout.md

@@ -49,7 +49,7 @@ Use this endpoint to logout a user. If you want to navigate the user to a specif
 
 | Parameter        | Description |
 |:-----------------|:------------|
-| `returnTo `      | URL to redirect the user after the logout. |
+| `returnTo`      | URL to redirect the user after the logout. |
 | `client_id`      | The `client_id` of your application. |
 | `federated`      | Add this query string parameter to the logout URL, to log the user out of their identity provider, as well: `https://${account.namespace}/v2/logout?federated`. |
 
@@ -70,7 +70,7 @@ Use this endpoint to logout a user. If you want to navigate the user to a specif
 - Logging the user out of their identity provider is not common practice, so think about the user experience before you use the `federated` query string parameter.
 - The sample auth0.js script uses the library version 8. If you are using auth0.js version 7, please see this [reference guide](/libraries/auth0js/v7).
 
-### More Information
+### Learn More
 
 - [Logout](/logout)
 
@@ -141,18 +141,6 @@ Use this endpoint to logout a user. If you want to navigate the user to a specif
 | `state` (Optional)                    | An opaque value the applications adds to the initial request that the authorization server includes when redirecting the back to the`post_logout_redirect_uri`. |
 | `ui_locales` (Optional)               | Space-delimited list of locales used to constrain the language list for the request. The first locale on the list must match the enabled locale in your tenant  |
 
-
-### Test with Authentication API Debugger
-
-<%= include('../../_includes/_test-this-endpoint') %>
-
-1. At the *Configuration* tab, set the fields **Application** (select the application you want to use for the test) and **Connection** (the name of the social connection to use).
-
-1. Copy the **_Callback URL_** and set it as part of the **Allowed Logout URLs** of your Application Settings.
-
-1. At the _Other Flows_ tab, click **Logout**, or **Logout (Federated)** to log the user out of the identity provider as well.
-
-
 ### Remarks
 
 - Logging the user out of their social identity provider is not common practice, so think about the user experience before you use the `federated` query string parameter with social identity providers.
@@ -162,7 +150,7 @@ Use this endpoint to logout a user. If you want to navigate the user to a specif
 - The `POST` HTTP method is also supported for this request. When using `POST`, the request parameters should be provided in the request body as form parameters instead of the query string. The federated parameter requires a value of `true` or `false`.
 - This conforms to the [OIDC RP-initiated Logout Specification](https://openid.net/specs/openid-connect-rpinitiated-1_0.html).
 
-### More Information
+### Learn More
 
 - [Logout](/logout)
 - [Use the OIDC Endpoint to Log Users Out of Auth0](/logout/log-users-out-of-auth0)
@@ -195,6 +183,6 @@ Logout behavior is determined by the configuration of the SAML2 Web App addon fo
 ### Remarks
 - The POST body must contain a valid SAML `<LogoutRequest>` message. To learn more, read [Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0 on Oasis](https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf).
 
-### More information
+### Learn More
 - [Logout](/logout)
 - [Log Users Out of SAML Identity Providers](https://auth0.com/docs/authenticate/login/logout/log-users-out-of-saml-idps)

articles/api/authentication/_multifactor-authentication.md

@@ -6,7 +6,7 @@ First, request a challenge based on the challenge types supported by the applica
 
 Next, verify the multi-factor authentication using the `/oauth/token` endpoint and the specified challenge type: a one-time password (OTP), a recovery code, or an out-of-band (OOB) challenge.
 
-For more information, check out:
+Learn More:
 
 - [Multi-factor Authentication and Resource Owner Password](/mfa/guides/mfa-api/multifactor-resource-owner-password)
 - [Multi-factor Authentication API](/mfa/concepts/mfa-api)
@@ -62,6 +62,7 @@ Content-Type: application/json
 ```
 
 > RESPONSE SAMPLE FOR OOB WITHOUT BINDING METHOD:
+
 ```JSON
 HTTP/1.1 200 OK
 Content-Type: application/json
@@ -72,6 +73,7 @@ Content-Type: application/json
 ```
 
 > RESPONSE SAMPLE FOR OOB WITH BINDING METHOD:
+
 ```JSON
 HTTP/1.1 200 OK
 Content-Type: application/json
@@ -118,7 +120,7 @@ If OTP is supported by the user and you don't want to request a different factor
 - An `unsupported_challenge_type` error is returned if the user is not enrolled.
 - If the user is not enrolled, you will get a `association_required` error, indicating the user needs to enroll to use MFA. Check [Add an authenticator](#add-an-authenticator) below on how to proceed.
 
-### More information
+### Learn More
 
 * [Authenticate With Resource Owner Password Grant and MFA](/mfa/guides/mfa-api/authenticate)
 * [Manage Authenticator Factors using the MFA API](/mfa/guides/mfa-api/manage)
@@ -161,6 +163,7 @@ request(options, function (error, response, body) {
 ```
 
 > RESPONSE SAMPLE FOR OTP:
+
 ```JSON
 HTTP/1.1 200 OK
 Content-Type: application/json
@@ -196,7 +199,7 @@ The response is the same as responses for `password` or `http://auth0.com/oauth/
 | `mfa_token` <br/><span class="label label-danger">Required</span> | The `mfa_token` you received from `mfa_required` error. |
 | `otp` <br/><span class="label label-danger">Required</span> | OTP Code provided by the user. |
 
-### More information
+### Learn More
 
 - [Associate OTP Authenticators](/mfa/guides/mfa-api/otp)
 
@@ -239,6 +242,7 @@ request(options, function (error, response, body) {
 ```
 
 > RESPONSE SAMPLE FOR PENDING CHALLENGE:
+
 ```JSON
 HTTP/1.1 200 OK
 Content-Type: application/json
@@ -249,6 +253,7 @@ Content-Type: application/json
 ```
 
 > RESPONSE SAMPLE FOR VERIFIED CHALLENGE:
+
 ```JSON
 HTTP/1.1 200 OK
 Content-Type: application/json
@@ -260,6 +265,7 @@ Content-Type: application/json
 ```
 
 > RESPONSE SAMPLE FOR REJECTED CHALLENGE:
+
 ```JSON
 HTTP/1.1 200 OK
 Content-Type: application/json
@@ -300,7 +306,7 @@ When the challenge response includes a `binding_method: prompt`, your app needs
 | `oob_code` <br/><span class="label label-danger">Required</span> | The oob code received from the challenge request. |
 | `binding_code`| A code used to bind the side channel (used to deliver the challenge) with the main channel you are using to authenticate. This is usually an OTP-like code delivered as part of the challenge message. |
 
-### More information
+### Learn More
 
 - [Associate Out-of-Band Authenticators](/mfa/guides/mfa-api/oob)
 
@@ -342,6 +348,7 @@ request(options, function (error, response, body) {
 ```
 
 > RESPONSE SAMPLE FOR OTP:
+
 ```JSON
 HTTP/1.1 200 OK
 Content-Type: application/json
@@ -426,6 +433,7 @@ request(options, function (error, response, body) {
 ```
 
 > RESPONSE SAMPLE FOR OOB (SMS channel):
+
 ```JSON
 HTTP/1.1 200 OK
 Content-Type: application/json
@@ -439,6 +447,7 @@ Content-Type: application/json
 ```
 
 > RESPONSE SAMPLE FOR OOB (Auth0 channel):
+
 ```JSON
 HTTP/1.1 200 OK
 Content-Type: application/json
@@ -452,6 +461,7 @@ Content-Type: application/json
 ```
 
 > RESPONSE SAMPLE FOR OTP:
+
 ```JSON
 HTTP/1.1 200 OK
 Content-Type: application/json
@@ -495,7 +505,7 @@ To access this endpoint, you must set an Access Token at the Authorization heade
 | `oob_channels` | The type of OOB channels supported by the client. An array with values `"auth0"`, `"sms"`, `"voice"`. Required if `authenticator_types` include `oob`. |
 | `phone_number` | The phone number to use for SMS or Voice. Required if `oob_channels` includes `sms` or `voice`. |
 
-### More information
+### Learn More
 
 - [Multi-factor Authentication API](/mfa/concepts/mfa-api)
 
@@ -533,6 +543,7 @@ request(options, function (error, response, body) {
 ```
 
 > RESPONSE SAMPLE:
+
 ```JSON
 HTTP/1.1 200 OK
 Content-Type: application/json
@@ -570,6 +581,7 @@ Content-Type: application/json
   }
 ]
 ```
+
 <%= include('../../_includes/_http-method', {
   "http_badge": "badge-primary",
   "http_method": "GET",
@@ -590,7 +602,7 @@ To access this endpoint you must set an <dfn data-key="access-token">Access Toke
 | `ACCESS_TOKEN` <br/><span class="label label-danger">Required</span> | The Access Token obtained during login. |
 
 
-#### More information
+#### Learn More
 
 - [Manage Authenticators](/mfa/guides/mfa-api/manage)
 
@@ -626,6 +638,7 @@ request(options, function (error, response, body) {
 ```
 
 > RESPONSE SAMPLE:
+
 ```JSON
 HTTP/1.1 204 OK
 ```
@@ -644,14 +657,13 @@ To access this endpoint, you must set an <dfn data-key="access-token">Access Tok
 - `scope`: `remove:authenticators`
 - `audience`: `https://${account.namespace}/mfa/`
 
-
 ### Request Parameters
 
 | Parameter        | Description |
 |:-----------------|:------------|
 | `ACCESS_TOKEN` <br/><span class="label label-danger">Required</span> | The Access Token obtained during login. |
 | `AUTHENTICATOR_ID` <br/><span class="label label-danger">Required</span> | The ID of the authenticator to delete.
 
-### More information
+### Learn More
 
 - [Manage Authenticators](/mfa/guides/mfa-api/manage)

articles/api/authentication/_sign-up.md

@@ -102,9 +102,9 @@ This endpoint only works for database connections.
 - The sample auth0.js script uses the library version 8. If you are using auth0.js version 7, please see this [reference guide](/libraries/auth0js/v7).
 
 
-### More Information
+### Learn More
 
 - [Password Strength in Auth0 Database Connections](/connections/database/password-strength)
 - [Password Options in Auth0 Database Connections](/connections/database/password-options)
 - [Adding Username for Database Connections](/connections/database/require-username)
-- [Metadata Overview](/users/concepts/overview-user-metadata)
+- [Metadata Overview](/users/concepts/overview-user-metadata)

articles/api/authentication/_wsfed-req.md

@@ -32,30 +32,16 @@ This endpoint accepts a WS-Federation request to initiate a login.
 | `wctx`           | Your application's state. |
 | `wreply`         | The <dfn data-key="callback">callback URL</dfn>. |
 
-
-### Test with Authentication API Debugger
-
-<%= include('../../_includes/_test-this-endpoint') %>
-
-1. At the *Configuration* tab, set the field **Application** (select the application you want to use for the test) and **Connection** (the name of the configured identity provider).
-
-1. Copy the **Callback URL** and set it as part of the **Allowed Callback URLs** of your [Application Settings](${manage_url}/#/applications).
-
-1. At the *Other Flows* tab, click **WS-Federation**.
-
-
 ### Remarks
 
 - The `wtrealm` parameter must be in one of these formats:
   - `urn:clientID` (for example, urn:${account.clientId})
   - If this parameter does not begin with a urn, the `client.clientAliases` array is used for look-up. This can only be set with the [/api/v2/clients](/api/management/v2#!/Clients/get_clients) Management API.
 - The `whr` parameter is mapped to the connection like this: `urn:CONNECTION_NAME`. For example, `urn:google-oauth2` indicates login with Google. If there is no `whr` parameter included, the user will be directed to the [Auth0 Login Page](/login_page).
 
-
-### More Information
+### Learn More
 - [WS-Federation](/protocols/ws-fed)
 
-
 ## Get Metadata
 
 ```http
@@ -78,7 +64,6 @@ include('../../_includes/_http-method', {
 
 This endpoint returns the WS-Federation metadata.
 
-
-### More Information
+### Learn More
 
 - [WS-Federation](/protocols/ws-fed)