diff --git a/docs/documentation/securing_apps/topics/oidc/javascript-adapter.adoc b/docs/documentation/securing_apps/topics/oidc/javascript-adapter.adoc index 84dd98bc0c3..df35da879e7 100644 --- a/docs/documentation/securing_apps/topics/oidc/javascript-adapter.adoc +++ b/docs/documentation/securing_apps/topics/oidc/javascript-adapter.adoc @@ -44,9 +44,9 @@ try { } ---- -To authenticate, you call the `login` function. Two options exist to make the adapter automatically authenticate. You can pass `login-required` or `check-sso` to the `init()` function. +To authenticate, you call the `login` function. Two options exist to make the adapter automatically authenticate. You can pass `login-required` or `check-sso` to the `init()` function. -* `login-required` authenticates the client if the user is logged in to {project_name} or displays the login page if the user is not logged in. +* `login-required` authenticates the client if the user is logged in to {project_name} or displays the login page if the user is not logged in. * `check-sso` only authenticates the client if the user is already logged in. If the user is not logged in, the browser is redirected back to the application and remains unauthenticated. You can configure a _silent_ `check-sso` option. With this feature enabled, your browser will not perform a full redirect to the {project_name} server and back to your application, but this action will be performed in a hidden iframe. Therefore, your application resources are only loaded and parsed once by the browser, namely when the application is initialized and not again after the redirect back from {project_name} to your application. This approach is particularly useful in case of SPAs (Single Page Applications). @@ -206,9 +206,9 @@ This adapter requires two additional plugins: The technical details for linking to an app differ on each platform and special setup is needed. Please refer to the Android and iOS sections of the https://github.com/e-imaxina/cordova-plugin-deeplinks/blob/master/README.md[deeplinks plugin documentation] for further instructions. -Different kinds of links exist for opening apps: +Different kinds of links exist for opening apps: * custom schemes, such as `myapp://login` or `android-app://com.example.myapp/https/example.com/login` -* https://developer.apple.com/ios/universal-links/[Universal Links (iOS)]) / https://developer.android.com/training/app-links/deep-linking[Deep Links (Android)]. +* https://developer.apple.com/documentation/xcode/allowing-apps-and-websites-to-link-to-your-content/[Universal Links (iOS)] / https://developer.android.com/training/app-links/deep-linking[Deep Links (Android)]. While the former are easier to set up and tend to work more reliably, the latter offer extra security because they are unique and only the owner of a domain can register them. Custom-URLs are deprecated on iOS. For best reliability, we recommend that you use universal links combined with a fallback site that uses a custom-url link. Furthermore, we recommend the following steps to improve compatibility with the adapter: @@ -487,8 +487,8 @@ Returns true if the token has less than minValidity seconds left before it expir *updateToken(minValidity)* If the token expires within minValidity seconds (minValidity is optional, if not specified 5 is used) the token is refreshed. -If -1 is passed as the minValidity, the token will be forcibly refreshed. -If the session status iframe is enabled, the session status is also checked. +If -1 is passed as the minValidity, the token will be forcibly refreshed. +If the session status iframe is enabled, the session status is also checked. Returns a promise that resolves with a boolean indicating whether or not the token has been refreshed.