Fixing bugs related to links in Quickstarts + minor fixes (#10511)

* fixing missing brackets around variables in URL strings

* adding external opening links to web origin snippet and device auth quickstart

* fixed next step links that are only suppose to show in the Dashboard quickstart version

* fixing misplaced '$' symbol for audience variable in auth code article

* adding more snippets used in quickstarts to have externally opened links

* fixing syntax for bolded links

* fixing wrong url, should be custom domain docs article, not localhost

* grammar fix, adding missing apostrophe

* setting links to not open externally when referencing within itself (for interactive quickstarts)

* fixing edge cases where automated URL updating failed

* some one-offs: fixing custom domain url, fixing bolded text formatting, adding missing target and rel value to <a> tag

* updating outdated or broken URLs

* fixing web auth snippet and changing references to current page links to not open externally

Author: mchang16-auth

articles/_includes/_web_origins.md

@@ -2,4 +2,4 @@
 
 ### Configure Allowed Web Origins
 
-You need to add the URL for your app to the **Allowed Web Origins** field in your [Application Settings](${manage_url}/#/applications/${account.clientId}/settings). If you don't register your application URL here, the application will be unable to silently refresh the authentication tokens and your users will be logged out the next time they visit the application, or refresh the page.
+You need to add the URL for your app to the **Allowed Web Origins** field in your <a href="${manage_url}/#/applications/${account.clientId}/settings" target="_blank" rel="noreferrer">Application Settings</a>. If you don't register your application URL here, the application will be unable to silently refresh the authentication tokens and your users will be logged out the next time they visit the application, or refresh the page.

articles/api-auth/tutorials/adoption/authorization-code.md

@@ -147,7 +147,7 @@ Pragma: no-cache
     "id_token": "eyJ..."
 }</code></pre>
         <ul>
-            <li>The returned Access Token is valid for optionally calling the API specified in the <code>audience</code> parameter and the <a href="/api/authentication#get-user-info">/userinfo endpoint</a> (provided that the API uses <code>RS256</code> as the <a href="/tokens/concepts/signing-algorithms">signing algorithm</a> and <code>openid</code> is used as a <code>scope</code> parameter). If you are not implementing your own Resource Server (API), then you can use <code>https://{$account.namespace}/userinfo</code> as the <code>audience</code> parameter, which will return an opaque Access Token.</li>
+            <li>The returned Access Token is valid for optionally calling the API specified in the <code>audience</code> parameter and the <a href="/api/authentication#get-user-info">/userinfo endpoint</a> (provided that the API uses <code>RS256</code> as the <a href="/tokens/concepts/signing-algorithms">signing algorithm</a> and <code>openid</code> is used as a <code>scope</code> parameter). If you are not implementing your own Resource Server (API), then you can use <code>https://${account.namespace}/userinfo</code> as the <code>audience</code> parameter, which will return an opaque Access Token.</li>
             <li>A Refresh Token will be returned only if the <code>offline_access</code> scope was granted.</li>
         </ul>
     </div>
@@ -224,7 +224,7 @@ Pragma: no-cache
     "scope": "openid email"
 }</code></pre>
         <ul>
-            <li>The returned Access Token is valid for optionally calling the API specified in the <code>audience</code> parameter and the <a href="/api/authentication#get-user-info">/userinfo endpoint</a> (provided that the API uses <code>RS256</code> as the <a href="/tokens/concepts/signing-algorithms">signing algorithm</a> and <code>openid</code> is used as a <code>scope</code> parameter). If you are not implementing your own Resource Server (API), then you can use <code>https://{$account.namespace}/userinfo</code> as the <code>audience</code> parameter, which will return an opaque Access Token.</li>
+            <li>The returned Access Token is valid for optionally calling the API specified in the <code>audience</code> parameter and the <a href="/api/authentication#get-user-info">/userinfo endpoint</a> (provided that the API uses <code>RS256</code> as the <a href="/tokens/concepts/signing-algorithms">signing algorithm</a> and <code>openid</code> is used as a <code>scope</code> parameter). If you are not implementing your own Resource Server (API), then you can use <code>https://${account.namespace}/userinfo</code> as the <code>audience</code> parameter, which will return an opaque Access Token.</li>
         </ul>
     </div>
   </div>

articles/flows/guides/device-auth/includes/index.md

@@ -1,30 +1,30 @@
 ::: note
-This tutorial will help you call your own API from an input-constrained device using the Device Authorization Flow. If you want to learn how the flow works and why you should use it, see [Device Authorization Flow](/flows/concepts/device-auth).
+This tutorial will help you call your own API from an input-constrained device using the Device Authorization Flow. If you want to learn how the flow works and why you should use it, see <a href="/flows/concepts/device-auth" target="_blank" rel="noreferrer">Device Authorization Flow</a>.
 :::
 
 Auth0 makes it easy for your app to implement the Device Authorization flow using:
 
-* Authentication API: Keep reading to learn how to call our API directly. For an interactive experience, see our [Device Flow Playground](https://auth0.github.io/device-flow-playground/).
+* Authentication API: Keep reading to learn how to call our API directly. For an interactive experience, see our <a href="https://auth0.github.io/device-flow-playground/" target="_blank" rel="noreferrer">Device Flow Playground</a>.
 
 ## Prerequisites
 
 **Before beginning this tutorial:**
 
 * Check [limitations](#limitations) to be sure the Device Authorization flow is suitable for your implementation.
 
-* [Register the Application with Auth0](/dashboard/guides/applications/register-app-native). 
+* <a href="/dashboard/guides/applications/register-app-native" target="_blank" rel="noreferrer">Register the Application with Auth0</a>. 
   * Select an **Application Type** of **Native**.
   * If necessary, set **Allowed Web Origins**. You can use this to allow localhost as an origin for local development, or to set an allowed origin for specific TV software with architecture subject to CORS (eg: HTML5 + JS). Most applications will not use this setting.
-  * Ensure that the **OIDC Conformant** toggle is enabled. This setting is in the [Dashboard](${manage_url}) under **Application Settings > Advanced > OAuth**.
-  * Make sure the Application's **[Grant Types](/dashboard/guides/applications/update-grant-types)** include **Device Code**. This is also in the [Dashboard](${manage_url}), under **Application Settings > Advanced > Grant Types**.
-  * If you want your Application to be able to use [Refresh Tokens](/tokens/concepts/refresh-tokens), make sure the Application's **[Grant Types](/dashboard/guides/applications/update-grant-types)** include **Refresh Token**.
+  * Ensure that the **OIDC Conformant** toggle is enabled. This setting is in the <a href="${manage_url}" target="_blank" rel="noreferrer">Dashboard</a> under **Application Settings > Advanced > OAuth**.
+  * Make sure the Application's <a href="/dashboard/guides/applications/update-grant-types" target="_blank" rel="noreferrer">**Grant Types**</a> include **Device Code**. This is also in the <a href="${manage_url}" target="_blank" rel="noreferrer">Dashboard</a>, under **Application Settings > Advanced > Grant Types**.
+  * If you want your Application to be able to use <a href="/tokens/concepts/refresh-tokens" target="_blank" rel="noreferrer">Refresh Tokens</a>, make sure the Application's <a href="/dashboard/guides/applications/update-grant-types" target="_blank" rel="noreferrer">**Grant Types**</a> include **Refresh Token**.
 
-* Set up and enable at least one connection for the Application: [Database connections](/dashboard/guides/connections/set-up-connections-database), [Social connections](/dashboard/guides/connections/set-up-connections-social)
+* Set up and enable at least one connection for the Application: <a href="/dashboard/guides/connections/set-up-connections-database" target="_blank" rel="noreferrer">Database connections</a>, <a href="/dashboard/guides/connections/set-up-connections-social" target="_blank" rel="noreferrer">Social connections</a>
 
-* [Register your API with Auth0](/architecture-scenarios/mobile-api/part-2#create-the-api)
-  * If you want your API to receive [Refresh Tokens](/tokens/concepts/refresh-tokens) to allow it to obtain new tokens when the previous ones expire, enable **Allow Offline Access**.
+* <a href="/architecture-scenarios/mobile-api/part-2#create-the-api" target="_blank" rel="noreferrer">Register your API with Auth0</a>
+  * If you want your API to receive <a href="/tokens/concepts/refresh-tokens" target="_blank" rel="noreferrer">Refresh Tokens</a> to allow it to obtain new tokens when the previous ones expire, enable **Allow Offline Access**.
 
-* [Configure Device User Code Settings](/dashboard/guides/tenants/configure-device-user-code-settings) to define the character set, format, and length of your randomly-generated user code.
+* <a href="/dashboard/guides/tenants/configure-device-user-code-settings" target="_blank" rel="noreferrer">Configure Device User Code Settings</a> to define the character set, format, and length of your randomly-generated user code.
 
 ## Steps
 
@@ -60,7 +60,7 @@ Optional: [Troubleshooting](#troubleshooting)
 
 ## Keep reading
 
-- [The OAuth 2.0 protocol](/protocols/oauth2)
-- [The OpenID Connect protocol](/protocols/oidc)
-- [Tokens](/tokens)
-- [Tenant Logs for Devices](/logs)
+- <a href="/protocols/oauth2" target="_blank" rel="noreferrer">The OAuth 2.0 protocol</a>
+- <a href="/protocols/oidc" target="_blank" rel="noreferrer">The OpenID Connect protocol</a>
+- <a href="/tokens" target="_blank" rel="noreferrer">Tokens</a>
+- <a href="/logs" target="_blank" rel="noreferrer">Tenant Logs for Devices</a>

articles/quickstart/_includes/_auth0-react-install.md

@@ -8,4 +8,4 @@ Run the following command within your project directory to install the Auth0 Rea
 npm install @auth0/auth0-react
 ```
 
-The SDK exposes methods and variables that help you integrate Auth0 with your React application idiomatically using <a href="https://reactjs.org/docs/hooks-overview.html" target="_blank" rel="noreferrer">React Hooks</a> or <a href="https://reactjs.org/docs/higher-order-components.html" target="_blank" rel="noreferrer">Higher-Order Components</a>.
+The SDK exposes methods and variables that help you integrate Auth0 with your React application idiomatically using <a href="https://react.dev/reference/react/hooks" target="_blank" rel="noreferrer">React Hooks</a> or <a href="https://reactjs.org/docs/higher-order-components.html" target="_blank" rel="noreferrer">Higher-Order Components</a>.

articles/quickstart/backend/_includes/_api_create_new.md

@@ -2,7 +2,7 @@
 
 ### Create an API
 
-In the <a href="$manage_url/#/apis" target="_blank" rel="noreferrer">APIs</a> section of the Auth0 dashboard, click **Create API**. Provide a name and an identifier for your API, for example, `https://quickstarts/api`. You will use the identifier as an `audience` later, when you are configuring the Access Token verification. Leave the **Signing Algorithm** as **RS256**.
+In the <a href="${manage_url}/#/apis" target="_blank" rel="noreferrer">APIs</a> section of the Auth0 dashboard, click **Create API**. Provide a name and an identifier for your API, for example, `https://quickstarts/api`. You will use the identifier as an `audience` later, when you are configuring the Access Token verification. Leave the **Signing Algorithm** as **RS256**.
 
 ![Create API](/media/articles/server-apis/create-api.png)
 

articles/quickstart/backend/_includes/_api_create_new_2.md

@@ -1,5 +1,5 @@
 ## Create a Resource Server (API)
 
-In the <a href="$manage_url/#/apis" target="_blank" rel="noreferrer">APIs</a> section of the Auth0 dashboard, click **Create API**. Provide a name and an identifier for your API, for example, `https://quickstarts/api`. You will use the identifier as an `audience` later, when you are configuring the Access Token verification. For **Signing Algorithm**, select **RS256**.
+In the <a href="${manage_url}/#/apis" target="_blank" rel="noreferrer">APIs</a> section of the Auth0 dashboard, click **Create API**. Provide a name and an identifier for your API, for example, `https://quickstarts/api`. You will use the identifier as an `audience` later, when you are configuring the Access Token verification. For **Signing Algorithm**, select **RS256**.
 
 ![Create API](/media/articles/server-apis/create-api.png)

articles/quickstart/backend/_includes/_api_jwks_description.md

@@ -1,7 +1,7 @@
-By default, your API uses RS256 as the algorithm for signing tokens. Since RS256 uses a private/public keypair, it verifies the tokens against the public key for your Auth0 account. The public key is in the <a href="/tokens/concepts/jwks" target="_blank" rel="noreferrer">JSON Web Key Set (JWKS)</a> format, and can be accessed <a href="https://$account.namespace/.well-known/jwks.json" target="_blank" rel="noreferrer">here</a>.
+By default, your API uses RS256 as the algorithm for signing tokens. Since RS256 uses a private/public keypair, it verifies the tokens against the public key for your Auth0 account. The public key is in the <a href="/tokens/concepts/jwks" target="_blank" rel="noreferrer">JSON Web Key Set (JWKS)</a> format, and can be accessed <a href="https://${account.namespace}/.well-known/jwks.json" target="_blank" rel="noreferrer">here</a>.
 
 <% if (typeof sampleLink == 'string') { %>
 ::: note
-We recommend using the default RS256 <a href="/tokens/concepts/signing-algorithms" target="_blank" rel="noreferrer">signing algorithm</a> for your API. If you need to use the HS256 algorithm, see the <a href="$sampleLink" target="_blank" rel="noreferrer">HS256 integration sample</a>.
+We recommend using the default RS256 <a href="/tokens/concepts/signing-algorithms" target="_blank" rel="noreferrer">signing algorithm</a> for your API. If you need to use the HS256 algorithm, see the <a href="${sampleLink}" target="_blank" rel="noreferrer">HS256 integration sample</a>.
 :::
 <% } %>

articles/quickstart/backend/_includes/_api_jwks_description_no_link.md

@@ -1 +1 @@
-By default, your API will be set up to use RS256 as the algorithm for signing tokens. Since RS256 works by using a private/public keypair, tokens can be verified against the public key for your Auth0 account. This public key is accessible at <a href="https://$account.namespace/.well-known/jwks.json" target="_blank" rel="noreferrer">https://${account.namespace}/.well-known/jwks.json</a>.
+By default, your API will be set up to use RS256 as the algorithm for signing tokens. Since RS256 works by using a private/public keypair, tokens can be verified against the public key for your Auth0 account. This public key is accessible at <a href="https://${account.namespace}/.well-known/jwks.json" target="_blank" rel="noreferrer">https://${account.namespace}/.well-known/jwks.json</a>.

articles/quickstart/backend/_includes/_api_scopes_access_resources.md

@@ -1,6 +1,6 @@
 Permissions let you define how resources can be accessed on behalf of the user with a given access token. For example, you might choose to grant read access to the `messages` resource if users have the manager access level, and a write access to that resource if they have the administrator access level.
 
-You can define allowed permissions in the **Permissions** view of the Auth0 Dashboard's <a href="$manage_url/#/apis" target="_blank" rel="noreferrer">APIs</a> section.
+You can define allowed permissions in the **Permissions** view of the Auth0 Dashboard's <a href="${manage_url}/#/apis" target="_blank" rel="noreferrer">APIs</a> section.
 
 ![Configure Permissions](/media/articles/server-apis/configure-permissions.png)
 

articles/quickstart/backend/_includes/_api_using.md

@@ -21,7 +21,7 @@ If you are calling the API from a Single-Page Application or a Mobile/Native app
 * <a href="/quickstart/spa" target="_blank" rel="noreferrer">Single-Page Applications</a>
 * <a href="/quickstart/native" target="_blank" rel="noreferrer">Mobile / Native Application</a>
 
-If you are calling the API from a command-line tool or another service, where there isn't a user entering their credentials, you need to use the <a href="/api/authentication#client-credentials" target="_blank" rel="noreferrer">OAuth Client Credentials flow</a>. To do that, register a <a href="$manage_url/#/applications" target="_blank" rel="noreferrer">Machine to Machine Application</a>, and then subsequently use the **Client ID** and **Client Secret** of this application when making the request below and pass those along in the `client_id` and `client_secret` parameters respectively. Also include the Audience for the API you want to call.
+If you are calling the API from a command-line tool or another service, where there isn't a user entering their credentials, you need to use the <a href="/api/authentication#client-credentials" target="_blank" rel="noreferrer">OAuth Client Credentials flow</a>. To do that, register a <a href="${manage_url}/#/applications" target="_blank" rel="noreferrer">Machine to Machine Application</a>, and then subsequently use the **Client ID** and **Client Secret** of this application when making the request below and pass those along in the `client_id` and `client_secret` parameters respectively. Also include the Audience for the API you want to call.
 
 :::note
 Read <a href="https://auth0.com/docs/get-started/dashboard/application-settings" target="_blank" rel="noreferrer">Application Settings</a> for more information on getting the Client ID and Client Secret for your machine-to-machine app.
@@ -62,7 +62,7 @@ Read <a href="https://auth0.com/docs/get-started/dashboard/application-settings"
 Auth0 customers are billed based on the number of Machine to Machine Access Tokens issued by Auth0. Once your application gets an Access Token it should keep using it until it expires, to minimize the number of tokens requested.
 :::
 
-For testing purposes, you can also get an Access Token from the **Test** tab in your <a href="$manage_url/#/apis" target="_blank" rel="noreferrer">API settings</a>.
+For testing purposes, you can also get an Access Token from the **Test** tab in your <a href="${manage_url}/#/apis" target="_blank" rel="noreferrer">API settings</a>.
 
 ## Test Your API 
 

articles/quickstart/backend/_includes/_call_api.md

@@ -2,7 +2,7 @@
 
 ### Make a Call to Your API
 
-To make calls to your API, you need an Access Token. You can get an Access Token for testing purposes from the **Test** view in your <a href="$manage_url/#/apis" target="_blank" rel="noreferrer">API settings</a>.
+To make calls to your API, you need an Access Token. You can get an Access Token for testing purposes from the **Test** view in your <a href="${manage_url}/#/apis" target="_blank" rel="noreferrer">API settings</a>.
 
 ![Obtain a JWT](/media/articles/server-apis/aspnet-core-webapi/request-access-token.png)
 

articles/quickstart/backend/aspnet-core-webapi/interactive.md

@@ -89,7 +89,7 @@ Regardless of the type of application you are developing or the framework you ar
 
 If you are calling your API from a Single-Page Application (SPA) or a Native application, after the authorization flow completes, you will get an access token.
 
-If you are calling the API from a command-line tool or another service where a user entering credentials does not exist, use the <a href="/api/authentication#client-credentials" target="_blank" rel="noreferrer">OAuth Client Credentials Flow</a>. To do so, register a <a href="$manage_url/#/applications" target="_blank" rel="noreferrer">Machine-to-Machine Application</a>, and pass in the **Client ID** as the `client_id` parameter, the **Client Secret** as the `client_secret` parameter, and the API Identifier (the same value you used to configure the middleware earlier in this quickstart) as the `audience` parameter when making the following request:
+If you are calling the API from a command-line tool or another service where a user entering credentials does not exist, use the <a href="/api/authentication#client-credentials" target="_blank" rel="noreferrer">OAuth Client Credentials Flow</a>. To do so, register a <a href="${manage_url}/#/applications" target="_blank" rel="noreferrer">Machine-to-Machine Application</a>, and pass in the **Client ID** as the `client_id` parameter, the **Client Secret** as the `client_secret` parameter, and the API Identifier (the same value you used to configure the middleware earlier in this quickstart) as the `audience` parameter when making the following request:
 
 :::note
 To learn more about getting the Client ID and Client Secret for your machine-to-machine application, read <a href="/get-started/dashboard/application-settings" target="_blank" rel="noreferrer">Application Settings</a>.