Merge pull request #218 from AdobeDocs/enterprise_web_app

Minor edits

Author: theManikJindal

gatsby-config.js

@@ -177,6 +177,24 @@ module.exports = {
             path: "guides/authentication/APIKeyAuthentication/index.md",
             title: "API Key Authentication"
           },
+          {
+            pages: [
+              {
+                path: "guides/authentication/AdminAuthentication/implementation.md",
+                title: "Implementation Guide"
+              },
+              {
+                path: "guides/authentication/AdminAuthentication/samples.md",
+                title: "Sample code"
+              },
+              {
+                path: "guides/authentication/AdminAuthentication/ims.md",
+                title: "API Reference"
+              }
+            ],
+            path: "guides/authentication/AdminAuthentication/index.md",
+            title: "Admin Authentication"
+          },
           {
             pages: [
               {

src/pages/guides/authentication/AdminAuthentication/implementation.md

@@ -67,22 +67,20 @@ Once the admin provides consent and is redirected back to your app, a few query
 
 The `admin_consent` parameter will not be present in the redirect in cases of error. Instead the `error` parameter will be present and the error code will be supplied as the value. Look at the [API reference](ims.md#error-codes) to view all error codes and what they mean.
 
-1. The `state` parameter is set to the value you supplied in the consent URL. 
-
-The parameter is used to prevent Cross-site Request Forgery (CSRF) attacks. To validate it, 
+2. The `state` parameter is set to the value you supplied in the consent URL. The parameter is used to prevent Cross-site Request Forgery (CSRF) attacks. To validate it:
    1. Send the `state` parameter and the user's session ID (stored in browser cookies or local storage) to your backend server. 
    2. On your backend server, compare the state value in the redirect to the version saved in the user’s session on your server. 
    3. If the values do not match, you must terminate the consent workflow and reject the redirect.
 
-1. The `id_token` parameter is only present if the admin provided consent to your application. To validate it
+3. The `id_token` parameter is only present if the admin provided consent to your application. To validate it:
    1. Send the `id_token` parameter and the user's session ID (stored in browser cookies or local storage) to your backend server. 
    2. On your backend server, inspect the `id_token` and validate its signature (view [sample code](samples.md)).
    3. On your backend server, extract the value of the `nonce` claim from the `id_token` (view [sample code](samples.md)). Compare the value of the `nonce` claim to the version saved in the user’s session on your server.
    4. If the signature of the `id_token` is not valid or the value of the `nonce` claim does not match, you must terminate the consent workflow and reject the redirect.
 
 <InlineAlert slots="text"/>
 
-Verifying the redirect is critical to the security of your application and Adobe customer data. View our [code samples](samples.md) (available in NodeJS, Python, and Java) to learn how to implement the verification logic in your application.
+Verifying the redirect is critical to the security of your application and Adobe customer data. View our [code samples](samples.md) (available in [NodeJS](samples.md#nodejs), [Python](samples.md#python), and [Java](samples.md#java)) to learn how to implement the verification logic in your application.
 
 
 ### Step 3: Generating access tokens after the admin consents
@@ -149,19 +147,13 @@ Programmatic rotation of Enterprise Web App client secrets is not currently supp
 
 Once the consent screen loads the admin can provide consent to your app or cancel the workflow. In either case and even in cases of error, the admin will be redirected back to your application. 
 
-The default redirect URI is used if no specific `redirect_uri` is passed in the consent URL. It is also used in case an error occurs during the consent workflow.
-
-The default redirect URI must be an absolute HTTPS URL without wildcards, up to 256 characters. For example: `https://localhost`, `https://localhost:8000`, `https://example.com/redirect`.
+The default redirect URI is used if no specific `redirect_uri` is passed in the consent URL. It is also used in case an error occurs during the consent workflow. The default redirect URI must be an absolute HTTPS URL without wildcards, up to 256 characters. For example: `https://localhost`, `https://localhost:8000`, `https://example.com/redirect`.
 
 However, if a `redirect_uri` was specified in the consent URL and matches one of the redirect URL patterns configured in your credential, Adobe will redirect the admin to the specified redirect URL. 
 
-The redirect URL pattern is a comma-separated list of URIs with wildcards used to validate any `redirect_uri` specified in the consent URL. 
-
-The redirect URL pattern can be up to 512 characters. It must contain `https` URLs and supports wildcards to combine multiple redirect URLs together. 
-
-As each redirect URI pattern is treated as a regex, any Periods `.` in the pattern must be escaped as `\\.`.
+The redirect URL pattern is a comma-separated list of URIs with wildcards used to validate any `redirect_uri` specified in the consent URL. The redirect URL pattern can be up to 512 characters. It must contain `https` URLs and supports wildcards to combine multiple redirect URLs together. 
 
-For security reasons, wildcards are not allowed in subdomains or HTTP port, they're only allowed in the HTTP path. For example: `https://data\\.myapp\\.com/redirect/*`.
+As each redirect URI pattern is treated as a regex, any Periods `.` in the pattern must be escaped as `\\.`. For security reasons, wildcards are not allowed in subdomains or HTTP port, they're only allowed in the HTTP path. For example: `https://data\\.myapp\\.com/redirect/*`.
 
 ### Implementing security features during the redirect
 

src/pages/guides/authentication/AdminAuthentication/index.md

@@ -1,12 +1,16 @@
 # Admin authentication
 
-If you are an Adobe Technology Partner Program (TPP) partner and your application needs to read or modify data owned by an Adobe enterprise customer organization, you can use an Admin authentication credential. Before your application can access customer data, an administrator from the customer’s organization must explicitly grant consent to your application.
+Admin authentication enables partner-built apps to read and modify Adobe enterprise customer data with their explicit consent. 
 
-Note: Before the partner app can access customer data, the customer admin must explicitly consent to the app and assign relevant product profiles. Furthermore, the admin can modify the assigned product profiles or revoke the consent altogether at any time.
+If you are an Adobe Technology Partner Program (TPP) partner and your application needs to read or modify data owned by an Adobe enterprise customer organization, you can use an Admin authentication credential. 
+
+However, before your application can access customer data, an administrator from the customer’s organization must explicitly grant consent to your application and assign relevant product profiles. 
+
+Note: The admin always remains in control and can modify the assigned product profiles or revoke your app's consent at any time.
 
 <InlineAlert slots="text"/>
 
-Note: Admin authentication and the Enterprise Web App credential is only available to Adobe Technology Partner Program (TPP) partners.
+Admin authentication and the Enterprise Web App credential is only available to Adobe Technology Partner Program (TPP) partners.
 
 
 ## Whose data can you access with Admin authentication?

src/pages/guides/authentication/index.md

@@ -67,10 +67,7 @@ View our guide on API key credentials -
 
 If you are an Adobe Technology Program Partner and your application needs to read or modify the data of an Adobe enterprise customer, you can do so using an admin authentication credential. However, before your application can view or edit the customer's data, a customer admin would need to provide explicit 'consent' to your application.
 
-TODO: fix links
-
-View our guide on user authentication credentials -
-1. [Understanding OAuth 2.0 `authorization_code` grant flow (3-legged OAuth)](./UserAuthentication/index.md)
-2. [Learning about the different user authentication credential types](./UserAuthentication/implementation.md#user-authentication-credential-types)
-3. [Understanding default redirect URI and redirect URI pattern](./UserAuthentication/implementation.md#understanding-default-redirect-uri-and-redirect-uri-patterns)
-4. [Implementing user authentication using standard OAuth2 libraries](./UserAuthentication/implementation.md#standard-oauth2-libraries)
+View our guide on admin authentication credentials -
+1. [Understanding admin authentication credentials](./AdminAuthentication/index.md)
+2. [Understanding how the Enterprise Web App credential works](./AdminAuthentication/index.md#enterprise-web-app-credential)
+3. [Implementing the Enterprise Web App credential](./AdminAuthentication/implementation.md)