Updating links in Quickstarts to open in new tab (#10505)

* updating links in quickstarts to open in new tab

* fixing _api_auth_intro

* adding noreferrer value to anchor tags

* adding noreferrer to missed anchor tag

* signing commits

---------

Co-authored-by: Michelle Chang <michelle.chang@hkvq90q3ch.local.dev.auth0.com>

articles/_includes/_api_auth_intro.md

@@ -1,3 +1,3 @@
 ::: note
-**New to Auth0?** Learn [how Auth0 works](/overview) and read about [implementing API authentication and authorization ](/api-auth) using the OAuth 2.0 framework.
+**New to Auth0?** Learn <a href="/overview" target="_blank" rel="noreferrer">how Auth0 works</a> and read about <a href="/api-auth" target="_blank" rel="noreferrer">implementing API authentication and authorization</a> using the OAuth 2.0 framework.
 :::

articles/_includes/_callback_url.md

@@ -2,4 +2,4 @@
 
 ### Configure Callback URLs
 
-A callback URL is a URL in your application where Auth0 redirects the user after they have authenticated. The callback URL for your app must be added to the **Allowed Callback URLs** field in your [Application Settings](${manage_url}/#/applications). If this field is not set, users will be unable to log in to the application and will get an error.
+A callback URL is a URL in your application where Auth0 redirects the user after they have authenticated. The callback URL for your app must be added to the **Allowed Callback URLs** field in your <a href="${manage_url}/#/applications" target="_blank" rel="noreferrer">Application Settings</a>. If this field is not set, users will be unable to log in to the application and will get an error.

articles/_includes/_logout_url.md

@@ -2,7 +2,7 @@
 
 ### Configure Logout URLs
 
-A logout URL is a URL in your application that Auth0 can return to after the user has been logged out of the authorization server. This is specified in the `returnTo` query parameter. The logout URL for your app must be added to the **Allowed Logout URLs** field in your [Application Settings](${manage_url}/#/applications). If this field is not set, users will be unable to log out from the application and will get an error.
+A logout URL is a URL in your application that Auth0 can return to after the user has been logged out of the authorization server. This is specified in the `returnTo` query parameter. The logout URL for your app must be added to the **Allowed Logout URLs** field in your <a href="${manage_url}/#/applications" target="_blank" rel="noreferrer">Application Settings</a>. If this field is not set, users will be unable to log out from the application and will get an error.
 
 <% if (typeof(returnTo) !== "undefined") { %>
   ::: note

articles/_includes/_new_app.md

@@ -1,7 +1,7 @@
 ## Configure Auth0
 ### Get Your Application Keys
 
-When you signed up for Auth0, a new application was created for you, or you could have created a new one. You will need some details about that application to communicate with Auth0. You can get these details from the [Application Settings](${manage_url}/#/applications) section in the Auth0 dashboard.
+When you signed up for Auth0, a new application was created for you, or you could have created a new one. You will need some details about that application to communicate with Auth0. You can get these details from the <a href="${manage_url}/#/applications" target="_blank" rel="noreferrer">Application Settings</a> section in the Auth0 dashboard.
 
 <% if(typeof hideDashboardScreenshot === 'undefined' || hideDashboardScreenshot !== true) { %>
 ![App Dashboard](/media/articles/dashboard/client_settings.png)

articles/quickstart/_includes/_auth0-react-classes-info.md

@@ -1,5 +1,5 @@
 <!-- markdownlint-disable MD041 -->
 
 :::note
-This guide focuses on using the `useAuth0()` custom React Hook. If you are using class components, check out [these samples using the `withAuth0()` higher-order component](https://github.com/auth0/auth0-react/blob/master/EXAMPLES.md#use-with-a-class-component).
+This guide focuses on using the `useAuth0()` custom React Hook. If you are using class components, check out <a href="https://github.com/auth0/auth0-react/blob/master/EXAMPLES.md#use-with-a-class-component" target="_blank" rel="noreferrer">these samples using the `withAuth0()` higher-order component</a>.
 :::

articles/quickstart/_includes/_auth0-react-install.md

@@ -8,4 +8,4 @@ Run the following command within your project directory to install the Auth0 Rea
 npm install @auth0/auth0-react
 ```
 
-The SDK exposes methods and variables that help you integrate Auth0 with your React application idiomatically using [React Hooks](https://reactjs.org/docs/hooks-overview.html) or [Higher-Order Components](https://reactjs.org/docs/higher-order-components.html).
+The SDK exposes methods and variables that help you integrate Auth0 with your React application idiomatically using <a href="https://reactjs.org/docs/hooks-overview.html" target="_blank" rel="noreferrer">React Hooks</a> or <a href="https://reactjs.org/docs/higher-order-components.html" target="_blank" rel="noreferrer">Higher-Order Components</a>.

articles/quickstart/_includes/_configure_auth0_interactive.md

@@ -6,7 +6,7 @@ To use Auth0 services, you’ll need to have an application set up in the Auth0
 
 Use the interactive selector to create a new Auth0 application or select an existing application that represents the project you want to integrate with. Every application in Auth0 is assigned an alphanumeric, unique client ID that your application code will use to call Auth0 APIs through the SDK.
 
-Any settings you configure using this quickstart will automatically update for your Application in the <a href="${manage_url}/#/">Dashboard</a>, which is where you can manage your Applications in the future.
+Any settings you configure using this quickstart will automatically update for your Application in the <a href="${manage_url}/#/" target="_blank" rel="noreferrer">Dashboard</a>, which is where you can manage your Applications in the future.
 
 If you would rather explore a complete configuration, you can view a sample application instead.
 

articles/quickstart/backend/_includes/_api_auth_preamble.md

@@ -3,4 +3,4 @@ This example demonstrates:
 
 * How to check for a JSON Web Token (JWT) in the `Authorization` header of an incoming HTTP request.
 
-* How to check if the token is valid, using the [JSON Web Key Set (JWKS)](/tokens/concepts/jwks) for your Auth0 account. To learn more about validating Access Tokens, see [Validate Access Tokens](/tokens/guides/validate-access-tokens).
+* How to check if the token is valid, using the <a href="/tokens/concepts/jwks" target="_blank" rel="noreferrer">JSON Web Key Set (JWKS)</a> for your Auth0 account. To learn more about validating Access Tokens, see <a href="/tokens/guides/validate-access-tokens" target="_blank" rel="noreferrer">Validate Access Tokens</a>.

articles/quickstart/backend/_includes/_api_create_new.md

@@ -2,7 +2,7 @@
 
 ### Create an API
 
-In the [APIs](${manage_url}/#/apis) section of the Auth0 dashboard, click **Create API**. Provide a name and an identifier for your API, for example, `https://quickstarts/api`. You will use the identifier as an `audience` later, when you are configuring the Access Token verification. Leave the **Signing Algorithm** as **RS256**.
+In the <a href="$manage_url/#/apis" target="_blank" rel="noreferrer">APIs</a> section of the Auth0 dashboard, click **Create API**. Provide a name and an identifier for your API, for example, `https://quickstarts/api`. You will use the identifier as an `audience` later, when you are configuring the Access Token verification. Leave the **Signing Algorithm** as **RS256**.
 
 ![Create API](/media/articles/server-apis/create-api.png)
 

articles/quickstart/backend/_includes/_api_create_new_2.md

@@ -1,5 +1,5 @@
 ## Create a Resource Server (API)
 
-In the [APIs](${manage_url}/#/apis) section of the Auth0 dashboard, click **Create API**. Provide a name and an identifier for your API, for example, `https://quickstarts/api`. You will use the identifier as an `audience` later, when you are configuring the Access Token verification. For **Signing Algorithm**, select **RS256**.
+In the <a href="$manage_url/#/apis" target="_blank" rel="noreferrer">APIs</a> section of the Auth0 dashboard, click **Create API**. Provide a name and an identifier for your API, for example, `https://quickstarts/api`. You will use the identifier as an `audience` later, when you are configuring the Access Token verification. For **Signing Algorithm**, select **RS256**.
 
 ![Create API](/media/articles/server-apis/create-api.png)

articles/quickstart/backend/_includes/_api_jwks_description.md

@@ -1,7 +1,7 @@
-By default, your API uses RS256 as the algorithm for signing tokens. Since RS256 uses a private/public keypair, it verifies the tokens against the public key for your Auth0 account. The public key is in the [JSON Web Key Set (JWKS)](/tokens/concepts/jwks) format, and can be accessed [here](https://${account.namespace}/.well-known/jwks.json).
+By default, your API uses RS256 as the algorithm for signing tokens. Since RS256 uses a private/public keypair, it verifies the tokens against the public key for your Auth0 account. The public key is in the <a href="/tokens/concepts/jwks" target="_blank" rel="noreferrer">JSON Web Key Set (JWKS)</a> format, and can be accessed <a href="https://$account.namespace/.well-known/jwks.json" target="_blank" rel="noreferrer">here</a>.
 
 <% if (typeof sampleLink == 'string') { %>
 ::: note
-We recommend using the default RS256 [signing algorithm](/tokens/concepts/signing-algorithms) for your API. If you need to use the HS256 algorithm, see the [HS256 integration sample](${sampleLink}).
+We recommend using the default RS256 <a href="/tokens/concepts/signing-algorithms" target="_blank" rel="noreferrer">signing algorithm</a> for your API. If you need to use the HS256 algorithm, see the <a href="$sampleLink" target="_blank" rel="noreferrer">HS256 integration sample</a>.
 :::
 <% } %>

articles/quickstart/backend/_includes/_api_jwks_description_no_link.md

@@ -1 +1 @@
-By default, your API will be set up to use RS256 as the algorithm for signing tokens. Since RS256 works by using a private/public keypair, tokens can be verified against the public key for your Auth0 account. This public key is accessible at [https://${account.namespace}/.well-known/jwks.json](https://${account.namespace}/.well-known/jwks.json).
+By default, your API will be set up to use RS256 as the algorithm for signing tokens. Since RS256 works by using a private/public keypair, tokens can be verified against the public key for your Auth0 account. This public key is accessible at <a href="https://$account.namespace/.well-known/jwks.json" target="_blank" rel="noreferrer">https://${account.namespace}/.well-known/jwks.json</a>.

articles/quickstart/backend/_includes/_api_scope_description.md

@@ -1,3 +1,3 @@
 So far, the API is only checking for whether the incoming request has valid authentication information. This solves the case of restricting endpoints such that only authenticated users can access them; however, it doesn't currently provide any way to check for **authorization**.
 
-Authorization can be added to your authentication flow by use of a **scope** claim in the Access Token which provides some indication of what that token allows access to. For more information on how to add scopes to an Access Token, see the [Scopes documentation](/scopes).
+Authorization can be added to your authentication flow by use of a **scope** claim in the Access Token which provides some indication of what that token allows access to. For more information on how to add scopes to an Access Token, see the <a href="/scopes" target="_blank" rel="noreferrer">Scopes documentation</a>.

articles/quickstart/backend/_includes/_api_scopes_access_resources.md

@@ -1,6 +1,6 @@
 Permissions let you define how resources can be accessed on behalf of the user with a given access token. For example, you might choose to grant read access to the `messages` resource if users have the manager access level, and a write access to that resource if they have the administrator access level.
 
-You can define allowed permissions in the **Permissions** view of the Auth0 Dashboard's [APIs](${manage_url}/#/apis) section.
+You can define allowed permissions in the **Permissions** view of the Auth0 Dashboard's <a href="$manage_url/#/apis" target="_blank" rel="noreferrer">APIs</a> section.
 
 ![Configure Permissions](/media/articles/server-apis/configure-permissions.png)
 

articles/quickstart/backend/_includes/_api_troubleshooting.md

@@ -8,7 +8,7 @@ This document will help you troubleshoot your JWT middleware configuration.
 
 In terms of validating a JWT, there are various things to consider:
 
-1. **Is the token well-formed?** In other words, is this token conforming to the structure of a JSON Web Token (JWT)? To get more information on the structure of a JWT, please refer to [this section on the structure of a JWT](/jwt#what-is-the-json-web-token-structure-)
+1. **Is the token well-formed?** In other words, is this token conforming to the structure of a JSON Web Token (JWT)? To get more information on the structure of a JWT, please refer to <a href="/jwt#what-is-the-json-web-token-structure-" target="_blank" rel="noreferrer">this section on the structure of a JWT</a>
 
 2. **Has the token been tampered with?** The last part of a JWT is the signature. The signature is used to verify that the token was in fact signed by the sender and not altered in any way.
 
@@ -24,7 +24,7 @@ In terms of validating a JWT, there are various things to consider:
 
 ## Inspecting a Token
 
-A quick way to inspect a JWT is by using the [JWT.io](https://jwt.io/) website. It has a handy debugger which allows you to quickly check that a JWT is well-formed, and also inspect the values of the various claims.
+A quick way to inspect a JWT is by using the <a href="https://jwt.io/" target="_blank" rel="noreferrer">JWT.io</a> website. It has a handy debugger which allows you to quickly check that a JWT is well-formed, and also inspect the values of the various claims.
 
 ![Debugging a JWT on JWT.io](/media/articles/server-apis/aspnet-core-webapi/jwt-io-debugger-rs256.png)
 

articles/quickstart/backend/_includes/_api_using.md

@@ -18,13 +18,13 @@ You can call the API from your application by passing an Access Token in the `Au
 
 If you are calling the API from a Single-Page Application or a Mobile/Native application, after the authorization flow is completed, you will get an Access Token. How you get the token and how you make the call to the API will be dependent on the type of application you are developing and the framework you are using. For more information refer to the relevant application Quickstarts which contain detailed instructions:
 
-* [Single-Page Applications](/quickstart/spa)
-* [Mobile / Native Application](/quickstart/native)
+* <a href="/quickstart/spa" target="_blank" rel="noreferrer">Single-Page Applications</a>
+* <a href="/quickstart/native" target="_blank" rel="noreferrer">Mobile / Native Application</a>
 
-If you are calling the API from a command-line tool or another service, where there isn't a user entering their credentials, you need to use the [OAuth Client Credentials flow](/api/authentication#client-credentials). To do that, register a [Machine to Machine Application](${manage_url}/#/applications), and then subsequently use the **Client ID** and **Client Secret** of this application when making the request below and pass those along in the `client_id` and `client_secret` parameters respectively. Also include the Audience for the API you want to call.
+If you are calling the API from a command-line tool or another service, where there isn't a user entering their credentials, you need to use the <a href="/api/authentication#client-credentials" target="_blank" rel="noreferrer">OAuth Client Credentials flow</a>. To do that, register a <a href="$manage_url/#/applications" target="_blank" rel="noreferrer">Machine to Machine Application</a>, and then subsequently use the **Client ID** and **Client Secret** of this application when making the request below and pass those along in the `client_id` and `client_secret` parameters respectively. Also include the Audience for the API you want to call.
 
 :::note
-Read [Application Settings](https://auth0.com/docs/get-started/dashboard/application-settings) for more information on getting the Client ID and Client Secret for your machine-to-machine app.
+Read <a href="https://auth0.com/docs/get-started/dashboard/application-settings" target="_blank" rel="noreferrer">Application Settings</a> for more information on getting the Client ID and Client Secret for your machine-to-machine app.
 :::
 
 ```har
@@ -62,7 +62,7 @@ Read [Application Settings](https://auth0.com/docs/get-started/dashboard/applica
 Auth0 customers are billed based on the number of Machine to Machine Access Tokens issued by Auth0. Once your application gets an Access Token it should keep using it until it expires, to minimize the number of tokens requested.
 :::
 
-For testing purposes, you can also get an Access Token from the **Test** tab in your [API settings](${manage_url}/#/apis).
+For testing purposes, you can also get an Access Token from the **Test** tab in your <a href="$manage_url/#/apis" target="_blank" rel="noreferrer">API settings</a>.
 
 ## Test Your API 
 

articles/quickstart/backend/_includes/_call_api.md

@@ -2,7 +2,7 @@
 
 ### Make a Call to Your API
 
-To make calls to your API, you need an Access Token. You can get an Access Token for testing purposes from the **Test** view in your [API settings](${manage_url}/#/apis).
+To make calls to your API, you need an Access Token. You can get an Access Token for testing purposes from the **Test** view in your <a href="$manage_url/#/apis" target="_blank" rel="noreferrer">API settings</a>.
 
 ![Obtain a JWT](/media/articles/server-apis/aspnet-core-webapi/request-access-token.png)
 

articles/quickstart/backend/_thirdPartyApi.md

@@ -17,7 +17,7 @@ Each integration is different and requires different parameters and configuratio
 
 ## 2. Use it
 
-The key to this integration is the Delegation endpoint in Auth0. Check the documentation of any of our frontend or Mobile SDKs to learn how to call [the /delegation endpoint](/api/authentication#delegation). You can download your favorite library from any of the [Quickstarts](/).
+The key to this integration is the Delegation endpoint in Auth0. Check the documentation of any of our frontend or Mobile SDKs to learn how to call <a href="/api/authentication#delegation" target="_blank" rel="noreferrer">the /delegation endpoint</a>. You can download your favorite library from any of the <a href="/" target="_blank" rel="noreferrer">Quickstarts</a>.
 
 ## 3. You are done!
 

articles/quickstart/backend/aspnet-core-webapi/01-authorization.md

@@ -85,7 +85,7 @@ app.UseEndpoints(endpoints =>
 
 ### Validate scopes
 
-To make sure that an Access Token contains the correct scope, use the [Policy-Based Authorization](https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies) in ASP.NET Core.
+To make sure that an Access Token contains the correct scope, use the <a href="https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies" target="_blank" rel="noreferrer">Policy-Based Authorization</a> in ASP.NET Core.
 
 Create a new authorization requirement called `HasScopeRequirement`. This requirement checks if the `scope` claim issued by your Auth0 tenant is present. If the `scope` claim exists, the requirement checks if the `scope` claim contains the requested scope.
 
@@ -144,7 +144,7 @@ builder.Services.AddSingleton<IAuthorizationHandler, HasScopeHandler>();
 
 ## Protect API Endpoints
 
-The JWT middleware integrates with the standard ASP.NET Core [Authentication](https://docs.microsoft.com/en-us/aspnet/core/security/authentication/) and [Authorization](https://docs.microsoft.com/en-us/aspnet/core/security/authorization/) mechanisms. 
+The JWT middleware integrates with the standard ASP.NET Core <a href="https://docs.microsoft.com/en-us/aspnet/core/security/authentication/" target="_blank" rel="noreferrer">Authentication</a> and <a href="https://docs.microsoft.com/en-us/aspnet/core/security/authorization/" target="_blank" rel="noreferrer">Authorization</a> mechanisms. 
 
 To secure an endpoint, you need to add the `[Authorize]` attribute to your controller action: