docs: links in callouts and missing references (#8907)

author: Hendrik Sievers <89412959+hendrik1120@users.noreply.github.com> 2025-03-07 14:12:28 +0100
committer: GitHub <noreply@github.com> 2025-03-07 13:12:28 +0000
commit: fa05bd6cc957b685507bb0145663ba64c4e83844 (patch)
tree: a08ef60c7106469a1e5b3cffbfff98596e7000d6
parent: f07c42a12eb64a383c2723e16f3e86eea195a306 (diff)
3 files changed, 31 insertions, 19 deletions
diff --git a/docs/content/configuration/identity-providers/openid-connect/clients.md b/docs/content/configuration/identity-providers/openid-connect/clients.md
index 686b96ed2..c82a31166 100644
--- a/docs/content/configuration/identity-providers/openid-connect/clients.md
+++ b/docs/content/configuration/identity-providers/openid-connect/clients.md
@@ -878,15 +878,19 @@ The content encryption algorithm used to encrypt the authorization responses.
 
 See the encryption algorithms section of the
 [integration guide](../../../integration/openid-connect/introduction.md#encryption-algorithms) for more information
-including the algorithm column for supported values.### introspection_signed_response_key_id
+including the algorithm column for supported values.
+
+### introspection_signed_response_key_id
 
 {{< confkey type="string" required="no" >}}
 
 {{< callout context="caution" title="Important Note" icon="outline/alert-triangle" >}}
 A majority of clients will not support this option with any value other than `none` as this enables encoding the
-[Introspection Response] as a JWT as per [JWT Response for OAuth Token Introspection] i.e. rather than being a JSON
-document the [Introspection Response] becomes a signed JWT in the `application/token-introspection+jwt` format and the
-signed JWT is optionally nested within an encrypted JWT.
+[Introspection Response](https://datatracker.ietf.org/doc/html/rfc7662#section-2.2) as a JWT as per
+[JWT Response for OAuth Token Introspection](https://www.ietf.org/archive/id/draft-ietf-oauth-jwt-introspection-response-12.html)
+i.e. rather than being a JSON document the
+[Introspection Response](https://datatracker.ietf.org/doc/html/rfc7662#section-2.2) becomes a signed JWT in the
+`application/token-introspection+jwt` format and the signed JWT is optionally nested within an encrypted JWT.
 {{< /callout >}}
 
 {{< callout context="note" title="Note" icon="outline/info-circle" >}}
@@ -907,9 +911,11 @@ To be considered valid:
 
 {{< callout context="caution" title="Important Note" icon="outline/alert-triangle" >}}
 A majority of clients will not support this option with any value other than `none` as this enables encoding the
-[Introspection Response] as a JWT as per [JWT Response for OAuth Token Introspection] i.e. rather than being a JSON
-document the [Introspection Response] becomes a signed JWT in the `application/token-introspection+jwt` format and the
-signed JWT is optionally nested within an encrypted JWT.
+[Introspection Response](https://datatracker.ietf.org/doc/html/rfc7662#section-2.2) as a JWT as per
+[JWT Response for OAuth Token Introspection](https://www.ietf.org/archive/id/draft-ietf-oauth-jwt-introspection-response-12.html)
+i.e. rather than being a JSON document the
+[Introspection Response](https://datatracker.ietf.org/doc/html/rfc7662#section-2.2) becomes a signed JWT in the
+`application/token-introspection+jwt` format and the signed JWT is optionally nested within an encrypted JWT.
 {{< /callout >}}
 
 {{< callout context="note" title="Note" icon="outline/info-circle" >}}
@@ -933,9 +939,11 @@ supported values come from the algorithm column with a use of `sig`.
 
 {{< callout context="caution" title="Important Note" icon="outline/alert-triangle" >}}
 A majority of clients will not support this option with any value other than `none` as this enables encoding the
-[Introspection Response] as a JWT as per [JWT Response for OAuth Token Introspection] i.e. rather than being a JSON
-document the [Introspection Response] becomes a signed JWT in the `application/token-introspection+jwt` format and the
-signed JWT is optionally nested within an encrypted JWT.
+[Introspection Response](https://datatracker.ietf.org/doc/html/rfc7662#section-2.2) as a JWT as per
+[JWT Response for OAuth Token Introspection](https://www.ietf.org/archive/id/draft-ietf-oauth-jwt-introspection-response-12.html)
+i.e. rather than being a JSON document the
+[Introspection Response](https://datatracker.ietf.org/doc/html/rfc7662#section-2.2) becomes a signed JWT in the
+`application/token-introspection+jwt` format and the signed JWT is optionally nested within an encrypted JWT.
 {{< /callout >}}
 
 {{< callout context="note" title="Note" icon="outline/info-circle" >}}
@@ -954,9 +962,11 @@ To be considered valid:
 
 {{< callout context="caution" title="Important Note" icon="outline/alert-triangle" >}}
 A majority of clients will not support this option with any value other than `none` as this enables encoding the
-[Introspection Response] as a JWT as per [JWT Response for OAuth Token Introspection] i.e. rather than being a JSON
-document the [Introspection Response] becomes a signed JWT in the `application/token-introspection+jwt` format and the
-signed JWT is optionally nested within an encrypted JWT.
+[Introspection Response](https://datatracker.ietf.org/doc/html/rfc7662#section-2.2) as a JWT as per
+[JWT Response for OAuth Token Introspection](https://www.ietf.org/archive/id/draft-ietf-oauth-jwt-introspection-response-12.html)
+i.e. rather than being a JSON document the
+[Introspection Response](https://datatracker.ietf.org/doc/html/rfc7662#section-2.2) becomes a signed JWT in the
+`application/token-introspection+jwt` format and the signed JWT is optionally nested within an encrypted JWT.
 {{< /callout >}}
 
 {{< callout context="note" title="Note" icon="outline/info-circle" >}}
@@ -983,9 +993,11 @@ supported values come from the algorithm column with a use of `enc`.
 
 {{< callout context="caution" title="Important Note" icon="outline/alert-triangle" >}}
 A majority of clients will not support this option with any value other than `none` as this enables encoding the
-[Introspection Response] as a JWT as per [JWT Response for OAuth Token Introspection] i.e. rather than being a JSON
-document the [Introspection Response] becomes a signed JWT in the `application/token-introspection+jwt` format and the
-signed JWT is optionally nested within an encrypted JWT.
+[Introspection Response](https://datatracker.ietf.org/doc/html/rfc7662#section-2.2) as a JWT as per
+[JWT Response for OAuth Token Introspection](https://www.ietf.org/archive/id/draft-ietf-oauth-jwt-introspection-response-12.html)
+i.e. rather than being a JSON document the
+[Introspection Response](https://datatracker.ietf.org/doc/html/rfc7662#section-2.2) becomes a signed JWT in the
+`application/token-introspection+jwt` format and the signed JWT is optionally nested within an encrypted JWT.
 {{< /callout >}}
 
 The content encryption algorithm used to encrypt the authorization responses.
@@ -1310,5 +1322,3 @@ To integrate Authelia's [OpenID Connect 1.0] implementation with a relying party
 [Pushed Authorization Requests]: https://datatracker.ietf.org/doc/html/rfc9126
 [jwks]: provider.md#jwks
 [JSON Web Key]: provider.md#jwks
-[JWT Response for OAuth Token Introspection]: https://www.ietf.org/archive/id/draft-ietf-oauth-jwt-introspection-response-12.html
-[Introspection Response]: https://datatracker.ietf.org/doc/html/rfc7662#section-2.2
diff --git a/docs/content/integration/openid-connect/introduction.md b/docs/content/integration/openid-connect/introduction.md
index d9ee268ce..d869a2458 100644
--- a/docs/content/integration/openid-connect/introduction.md
+++ b/docs/content/integration/openid-connect/introduction.md
@@ -275,6 +275,8 @@ it then you're encouraged to create a [feature request](https://www.authelia.com
 A list of [RFC8176] Authentication Method Reference Values can be found in the
 [reference guide](../../reference/guides/authentication-method-references.md).
 
+[RFC8176]: https://datatracker.ietf.org/doc/html/rfc8176
+
 ## Introspection Signing Algorithm
 
 The following table describes the response from the [Introspection] endpoint depending on the
diff --git a/docs/content/reference/guides/attributes.md b/docs/content/reference/guides/attributes.md
index b615f0bb2..b239f354c 100644
--- a/docs/content/reference/guides/attributes.md
+++ b/docs/content/reference/guides/attributes.md
@@ -18,7 +18,7 @@ Authelia has three primary methods of deriving attributes:
 
 1. Standard Attributes derived directly from the authentication backend.
 2. Extra Attributes which are manually configured but still derived from the authentication backend.
-3. Custom Attributes derived from the other available attribute sources using the [Common Expression Language].
+3. Custom Attributes derived from the other available attribute sources using the [Common Expression Language](https://github.com/google/cel-spec).
 
 ## Standard Attributes
author	Hendrik Sievers <89412959+hendrik1120@users.noreply.github.com>	2025-03-07 14:12:28 +0100
committer	GitHub <noreply@github.com>	2025-03-07 13:12:28 +0000
commit	fa05bd6cc957b685507bb0145663ba64c4e83844 (patch)
tree	a08ef60c7106469a1e5b3cffbfff98596e7000d6
parent	f07c42a12eb64a383c2723e16f3e86eea195a306 (diff)