Adding ja-jp and fr-ca folders

.github/workflows/integration-tests.yml

@@ -10,7 +10,7 @@ concurrency:
 jobs:
   tests:
     name: Trigger Tests
-    runs-on: ubuntu-22.04-2cpu-8ram-75ssd
+    runs-on: ubuntu-latest
     steps:
       - name: Check out code
         uses: actions/checkout@v2

config/included-folders.yml

@@ -2,6 +2,8 @@
 - /articles/api/authorization-extension
 - /articles/microsites
 - /articles/quickstart
+- /fr-ca/articles/quickstart
+- /ja-jp/articles/quickstart
 - /articles/_includes
 - /snippets
 - /updates

fr-ca/articles/_includes/_api-auth-customize-tokens.md

@@ -0,0 +1,19 @@
+You can use [Rules](/rules) to change the returned scopes of the Access Token and/or add claims to it (and the ID Token) with a script like this:
+
+```javascript
+function(user, context, callback) {
+
+  // add custom claims to Access Token and ID Token
+  context.accessToken['http://foo/bar'] = 'value';
+  context.idToken['http://fiz/baz'] = 'some other value';
+
+  // change scope
+  context.accessToken.scope = ['array', 'of', 'strings'];
+
+  callback(null, user, context);
+}
+```
+
+::: panel-warning Namespacing Custom Claims
+Auth0 returns profile information in a [structured claim format as defined by the OpenID Connect (OIDC) specification](https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims). This means that in order to add custom claims to ID Tokens or Access Tokens, they must [conform to a namespaced format](/tokens/guides/create-namespaced-custom-claims) to avoid possible collisions with standard OIDC claims. You can [add namespaced claims using Rules](#optional-customize-the-tokens).
+:::

fr-ca/articles/_includes/_api_auth_intro.md

@@ -0,0 +1,3 @@
+::: note
+**New to Auth0?** Learn [how Auth0 works](/overview) and read about [implementing API authentication and authorization ](/api-auth) using the OAuth 2.0 framework.
+:::

fr-ca/articles/_includes/_boxed.html

@@ -0,0 +1,17 @@
+<div class="boxed">
+  <h3 class="title">
+    <a href="#" class="feature">
+      <span class="section-name">Logs</span>
+    </a>
+  </h3>
+  <ul class="list clearfix">
+    <div class="clearfix">
+      <li data-toggle="popover" class="info" title="">Review the logged data of both actions taken in the dashboard by the administrators, as well as authentications made by your users.</li>
+      <li data-toggle="popover" class="info" title="">Facilitate diagnosis and resolution of authentication issues.</li>
+    </div>
+    <div class="clearfix">
+      <li data-toggle="popover" class="info" title="">Longer Storage of log data for your apps.</li>
+    </div>
+  </ul>
+  <p class="log-retention-notice">Your current subscription allows to keep your logs for the last <span class="archive-days">30</span> days.</p>
+</div>

fr-ca/articles/_includes/_callback_url.md

@@ -0,0 +1,5 @@
+<!-- markdownlint-disable MD002 MD041 -->
+
+### Configure Callback URLs
+
+A callback URL is a URL in your application where Auth0 redirects the user after they have authenticated. The callback URL for your app must be added to the **Allowed Callback URLs** field in your [Application Settings](${manage_url}/#/applications). If this field is not set, users will be unable to log in to the application and will get an error.

fr-ca/articles/_includes/_calling_apis.md

@@ -0,0 +1 @@
+A common need for any client-side application is to access resources from a data API. Some of these data resources will likely need to be protected such that only the user who is authenticated in the client-side app can access them. This can be achieved by protecting your API's endpoints with your Auth0 secret key and sending the user's JWT as an `Authorization` header when calling the API. For more detail on how to secure your API, see the [server API documentation](/quickstart/backend).

fr-ca/articles/_includes/_checksession_polling.md

@@ -0,0 +1,3 @@
+In some multi-application scenarios, where Single Logout is desired (a user logging out of one application needs to be logged out of other applications), an application can be set up to periodically poll Auth0 using `checkSession()` to see if a session exists. If the session does not exist, you can then log the user out of the application. The same polling method can be used to implement silent authentication for a <dfn data-key="single-sign-on">Single Sign-on (SSO)</dfn> scenario.
+
+The poll interval between checks to `checkSession()` should be at least 15 minutes between calls to avoid any issues in the future with rate limiting of this call.

fr-ca/articles/_includes/_co_authenticate_errors.md

@@ -0,0 +1,26 @@
+## Error Codes and Descriptions 
+
+When ${library} is used for embedded login, it employs the /co/authenticate endpoint, which has the following errors.
+
+::: warning
+The error description is human readable. It **should not be parsed by any code** and it subject to change at any time.
+:::
+
+| Status | Code | Description |
+| --- | --- | --- | --- | 
+| 400 | invalid_request | Invalid request body. All and only of client_id, credential_type, username, otp, realm are required. |
+| 401 | unauthorized_client | Cross origin login not allowed. |
+| 400 | unsupported_credential_type | Unknown credential type parameter. |
+| 400 | invalid_request | Unknown realm non-existent-connection. |
+| 403 | access_denied | Wrong email or password. |
+| 403 | access_denied | Authentication error |
+| 403 | blocked_user | Blocked user |
+| 401 | password_leaked | This login attempt has been blocked because the password you're using was previously disclosed through a data breach (not in this application). |
+| 429 | too_many_attempts | Your account has been blocked after multiple consecutive login attempts. We’ve sent you an email with instructions on how to unblock it. |
+| 429 | too_many_attempts | We have detected suspicious login behavior and further attempts will be blocked. Please contact the administrator. |
+
+In addition, you can also get a generic 403 error without an `error` or `error_description` property. The response body would just include something similar to the following:
+
+```text
+Origin https://test.app is not allowed.
+```

fr-ca/articles/_includes/_compat_warning.md

@@ -0,0 +1,3 @@
+::: panel-warning Compatibility Warning
+With the new OAuth 2.0 API Authorization features in Auth0, not everything is fully backwards compatible, including 3rd party hosted Lock. This quickstart tutorial uses Auth0 hosted Lock instead.
+:::

fr-ca/articles/_includes/_contact-sales.md

@@ -0,0 +1,3 @@
+## More Information
+
+If you have specific support requirements or need more information about the Professional Services we offer, please [contact Auth0 Sales](https://auth0.com/get-started?place=documentation%20post&type=link&text=contact%20auth0%20sales).

fr-ca/articles/_includes/_create_resource_server.md

@@ -0,0 +1,50 @@
+## Create the API
+
+Your resource server (API) needs to be configured to verify the Access Token and any claims contained within it. When you create a resource server in your Auth0 dashboard, it utilizes the RS256 signature method by default, meaning that Access Tokens are signed using Auth0's private key for your account. Verification is done using the corresponding public key. You can read more about the [JSON Web Key Set (JWKS)](/tokens/concepts/jwks) standard and also view the [public key(s)](https://${account.namespace}/.well-known/jwks.json) for your Auth0 account (https://${account.namespace}/.well-known/jwks.json). You can also learn how to [manage your signing keys](/tokens/guides/manage-signing-keys).
+
+You can use any [recommended JWT library](https://jwt.io) to validate the standard claims returned in the token. The following example will demonstrate how to create a resource server API with Node. You can find more information about resource server implementations in the [Access Token documentation](https://auth0.com/docs/api-auth/config/asking-for-access-tokens).
+
+The Access Token for your API must be verified against your JSON Web Key Set (JWKS) endpoint. This can be done easily with the **jwks-rsa** library available on npm.
+
+Install the dependencies.
+
+```bash
+npm install express express-jwt jwks-rsa
+```
+
+Create a middleware which uses **express-jwt** and **jwks-rsa** to verify the Access Token against your JWKS endpoint.
+
+```js
+const express = require('express');
+const app = express();
+const jwt = require('express-jwt');
+const jwksRsa = require('jwks-rsa');
+
+const authenticate = jwt({
+  // Dynamically provide a signing key based on the kid in the header and the signing keys provided by the JWKS endpoint.
+  secret: jwksRsa.expressJwtSecret({
+    cache: true,
+    rateLimit: true,
+    jwksRequestsPerMinute: 5,
+    jwksUri: 'https://${account.namespace}/.well-known/jwks.json'
+  }),
+
+  // Validate the audience and the issuer.
+  audience: '{API IDENTIFIER}',
+  issuer: 'https://${account.namespace}/',
+  algorithms: ['RS256']
+});
+
+app.get('/api/public', function(req, res) {
+  res.json({ message: "Hello from a public endpoint! You don't need to be authenticated to see this." });
+});
+
+app.get('/api/private', authenticate, function(req, res) {
+  res.json({ message: "Hello from a private endpoint! You DO need to be authenticated to see this." });
+});
+
+app.listen(3001);
+console.log('Listening on http://localhost:3001');
+```
+
+Note that you **must** provide the `audience` for your API. This is the identifier you set for it when you create an API in your Auth0 dashboard.

fr-ca/articles/_includes/_deprecate-delegation.md

@@ -0,0 +1,3 @@
+::: warning
+By default, delegation is disabled for tenants without an add-on in use as of 8 June 2017. Legacy tenants who currently use an add-on that requires delegation may continue to use this feature. If delegation functionality is changed or removed from service at some point, customers who currently use it will be notified beforehand and given ample time to migrate.
+:::

fr-ca/articles/_includes/_deprecate-impersonation.md

@@ -0,0 +1,3 @@
+::: warning
+Impersonation has been deprecated and will not be enabled for new customers. The functionality will continue to work for existing customers who currently have it enabled. If at some point the impersonation feature is changed or removed from service, customers who currently use it will be notified beforehand and given ample time to migrate.
+:::

fr-ca/articles/_includes/_email-domain-blacklist.md

@@ -0,0 +1,3 @@
+::: warning
+Auth0 blacklists certain "false" domains commonly used during testing. Use real email addresses to avoid disruption or `domain is blacklisted` errors.
+:::

fr-ca/articles/_includes/_embedded_login_warning.md

@@ -0,0 +1,3 @@
+::: warning
+Embedded login for web uses Cross Origin Authentication. In some browsers [this can be unreliable](/cross-origin-authentication#limitations) if you do not set up a [Custom Domain](/custom-domains) **and host your app on the same domain**. Using Custom Domains with Auth0 is a paid feature. If you cannot use Custom Domains, consider [migrating to Universal Login](/guides/login/migration-embedded-universal).
+:::

fr-ca/articles/_includes/_enable-third-party-apps-info.md

@@ -0,0 +1,3 @@
+::: note 
+To use this feature, you must [enable third-party applications for your Auth0 tenant](/applications/guides/enable-third-party-apps).
+:::

fr-ca/articles/_includes/_enforce-claim-namespacing.md

@@ -0,0 +1,5 @@
+::: warning
+By default, Auth0 always enforces namespacing; any custom claims with non-namespaced identifiers will be silently excluded from tokens.
+
+We do allow non-OIDC claims without a namespace for legacy tenants using a non-OIDC-conformant pipeline with the **Legacy User Profile** enabled, but we strongly recommend that legacy tenants migrate to an OIDC-conformant flow.
+:::

fr-ca/articles/_includes/_http-method.html

@@ -0,0 +1,4 @@
+<h3 class="http-method-box">
+  <span class="badge ${http_badge.toLowerCase()}" href="${link}">${http_method}</span>
+  <span class="path" href="${link}">${path}</span>
+</h3>

fr-ca/articles/_includes/_ip_whitelist.md

@@ -0,0 +1,3 @@
+::: note Network Firewall
+If you are behind a firewall, this feature may require [whitelisting of the appropriate Auth0 IP addresses](/guides/ip-whitelist) to work properly.
+:::

fr-ca/articles/_includes/_java_new_app.html

@@ -0,0 +1,7 @@
+<% if (account.userName) { %>
+  <p>Fetch your credentials (Domain, Client ID, and Client Secret) from your <a href="${manage_url}/#/">dashboard</a> and store them somewhere safe. You will need them while configuring your application. The sample is configured with your `Default App` credentials if you prefer to start with having a look at it.</p>
+<% } else { %>
+  <p>Create an <a href="${manage_url}/login">Auth0 account</a> (or login) and an authentication application instance from your <a href="${manage_url}/#/">dashboard</a>. Once you create an app, you'll be provided with credentials (Domain, Client ID, and Client Secret) which should be stored somewhere safe (do not commit this information to your git repo!). You can start by downloading the sample after you login as it is configured with your Default App credentials</p>
+<% } %>
+<p> Make sure that your Auth0 Application has one or more connections configured, for example, Google Social Connection, or username-password DB connection.
+</p>

fr-ca/articles/_includes/_libraries_support_frameworks.html

@@ -0,0 +1,41 @@
+<table class="table">
+  <thead>
+    <tr>
+      <th width="25%">SDK</th>
+      <th width="55%">Version</th>
+      <th width="20%">Level of Support</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td><a href="https://github.com/auth0/angular-auth0">Angular Auth0</a></td>
+      <td>v2</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr>
+      <td><a href="https://github.com/auth0/angular-lock">Angular Lock</a></td>
+      <td>v2</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr>
+      <td><a href="https://github.com/auth0/auth0-servlet">Auth0 Servlet</a></td>
+      <td>v3</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr>
+      <td><a href="https://github.com/auth0/auth0-java-mvc-common/">Auth0 Java MVC Common</a></td>
+      <td>v1</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr>
+      <td><a href="https://github.com/auth0/auth0-oidc-client-net">OIDC Client for .NET Desktop and Mobile applications</a></td>
+      <td>v1</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr>
+      <td><a href="https://github.com/auth0/jwt-auth-bundle">JWT Auth Bundle</a></td>
+      <td>v3</td>
+      <td><div class="label label-default">Supported</div></td>
+    </tr>
+  </tbody>
+</table>

fr-ca/articles/_includes/_libraries_support_lock.html

@@ -0,0 +1,36 @@
+<table class="table">
+  <thead>
+    <tr>
+      <th width="25%">Library</th>
+      <th width="55%">Version</th>
+      <th width="20%">Level of Support</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td><a href="https://github.com/auth0/lock">Lock.js</a></td>
+      <td>v11</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr>
+      <td><a href="https://github.com/auth0/Lock.Android">Lock.Android</a></td>
+      <td>v2</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr class="light-top-border">
+      <td><a href="https://github.com/auth0/Lock.Android/tree/v1">Lock.Android</a></td>
+      <td>v1</td>
+      <td><div class="label label-warning">Bug fixes</div></td>
+    </tr>
+    <tr>
+      <td><a href="https://github.com/auth0/Lock.swift">Lock for iOS v2</a></td>
+      <td>v2</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr class="light-top-border">
+      <td><a href="https://github.com/auth0/Lock.swift/tree/v1">Lock for iOS v1</a></td>
+      <td>v1</td>
+      <td><div class="label label-warning">Bug fixes</div></td>
+    </tr>
+  </tbody>
+</table>

fr-ca/articles/_includes/_libraries_support_sdks.html

@@ -0,0 +1,61 @@
+<table class="table">
+  <thead>
+    <tr>
+      <th width="25%">SDK</th>
+      <th width="55%">Version</th>
+      <th width="20%">Level of Support</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td><a href="https://github.com/auth0/auth0-spa-js">Auth0 Single Page Application SDK</a></td>
+      <td>v1</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr>
+      <td><a href="https://github.com/auth0/auth0-react">Auth0 React SDK</a></td>
+      <td>v1</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr>
+      <td><a href="https://github.com/auth0/auth0.js">Auth0.js</a></td>
+      <td>v9</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr>
+      <td><a href="https://github.com/auth0/Auth0.Android">Auth0 Android</a></td>
+      <td>v1</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr>
+      <td><a href="https://github.com/auth0/Auth0.Swift">Auth0 Swift</a></td>
+      <td>v1</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr>
+      <td><a href="https://github.com/auth0/Auth0.net">Auth0 .NET</a></td>
+      <td>v4</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr>
+      <td><a href="https://github.com/auth0/Auth0-java">Auth0 Java</a></td>
+      <td>v1</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr>
+      <td><a href="https://github.com/auth0/node-auth0">Auth0 Node</a></td>
+      <td>v2</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr>
+      <td><a href="https://github.com/auth0/auth0-python">Auth0 Python</a></td>
+      <td>v2</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+    <tr>
+      <td><a href="https://github.com/auth0/auth0-php">Auth0 PHP</a></td>
+      <td>v7.3</td>
+      <td><div class="label label-primary">Supported</div></td>
+    </tr>
+  </tbody>
+</table>

fr-ca/articles/_includes/_linking_accounts.md

@@ -0,0 +1,11 @@
+There may be situations when your users want to log in with multiple accounts that they own. In these cases, you may want to link these accounts together so that they are all reflected in the user's Auth0 profile. For example, if a user has signed up with an email and password (which provides very little information about them), you can ask them to link their account to an OAuth provider like Facebook or Google to gain access to their social profile. See [User Account Linking](/users/concepts/overview-user-account-linking) for details.
+
+## Linking Accounts
+
+To link accounts, call the [link a user account](/api/management/v2#!/Users/post_identities) endpoint. You will need the ID Token and `user_id` of the primary account and the ID Token of the secondary account.
+
+To differentiate the login from the linking login, you will need to create a second instance of `Auth0Lock` to obtain the ID Token of the secondary account.
+
+Since all instances of `Auth0Lock` will receive the `authenticated` event, you will need a way to determine if authentication came from the primary login or the linking login.
+
+You can use the `auth.params` property of the [options object](https://github.com/auth0/lock#authentication-options) of `Auth0Lock` to add a `state` property with the value `'linking'`.