From 6ddbf201f32729356a5fb63339aa4116b6eb8980 Mon Sep 17 00:00:00 2001
From: Gabriel <83644514+gpene@users.noreply.github.com>
Date: Wed, 12 Oct 2022 13:07:10 +0200
Subject: [PATCH 1/5] Update U&P

---
 docs/.vuepress/config/sidebar-developer.js    |   1 -
 .../latest/guides/auth-request.md             | 253 ------------------
 .../latest/plugins/users-permissions.md       | 157 ++++++-----
 3 files changed, 97 insertions(+), 314 deletions(-)
 delete mode 100644 docs/developer-docs/latest/guides/auth-request.md

diff --git a/docs/.vuepress/config/sidebar-developer.js b/docs/.vuepress/config/sidebar-developer.js
index c89b61847c..a2ece7bec3 100644
--- a/docs/.vuepress/config/sidebar-developer.js
+++ b/docs/.vuepress/config/sidebar-developer.js
@@ -486,7 +486,6 @@ const developer = [
     title: '📚 Guides',
     collapsable: true,
     children: [
-      ['/developer-docs/latest/guides/auth-request', 'Authenticated request'],
       // ['/developer-docs/latest/guides/slug', 'Create a slug system'],
       // ['/developer-docs/latest/guides/is-owner', 'Create is owner policy'],
       // ['/developer-docs/latest/guides/custom-admin', 'Custom admin'],
diff --git a/docs/developer-docs/latest/guides/auth-request.md b/docs/developer-docs/latest/guides/auth-request.md
deleted file mode 100644
index a1d2919a80..0000000000
--- a/docs/developer-docs/latest/guides/auth-request.md
+++ /dev/null
@@ -1,253 +0,0 @@
----
-title: Authenticated request - Strapi Developer Docs
-description: Learn how you can request the API of your Strapi project as an authenticated user.
-canonicalUrl: https://docs.strapi.io/developer-docs/latest/guides/auth-request.html
----
-
-# Authenticated request
-
-Learn how to make API requests as an authenticated user. 
-
-## Introduction
-
-This guide shows you how to assign [roles and permissions](/developer-docs/latest/plugins/users-permissions.md) to multiple users and [authenticate API requests](/developer-docs/latest/plugins/users-permissions.md#authentication) with JSON Web Tokens (JWT).
-
-To demonstrate how roles work, you will create two different roles and grant each role certain permissions. 
-
-**Authors** can fetch, create, and update Articles; **Readers** can only fetch Articles. 
-
-## Project Setup
-
-To follow along, you must have a Strapi project. If you don’t have a Strapi project, run the following command: 
-
-<code-group>
-
-<code-block title="NPM">
-```sh
-npx create-strapi-app@latest my-project --quickstart
-```
-</code-block>
-
-<code-block title="YARN">
-```sh
-yarn create strapi-app my-project --quickstart
-```
-</code-block>
-
-</code-group>
-
-After creating your Strapi project, you will be redirected to your project’s [admin panel](http://localhost:1337/admin). 
-
-### Create a new Collection Type
-
-Create an **Articles** collection type. 
-
-To create a new collection:
-1. In the left sidebar, select **Content-Type Builder**.
-2. Select **+ Create new collection type**.
-3. In the *Display Name* field, enter “Articles”. 
-  a. In the *API ID (Singular)* field, enter “article”.
-  b. In the *API ID (Plural)* field, enter “articles”. 
-4. Select **Continue**. 
-5. Select *Text*. 
-6. In the *Name* field, enter “title”, select *Short text*, and select **Finish**.
-7. Select **Add another field to this collection type** and select *Rich text*. 
-8. In the *Name* field, enter “content” and select **Finish**.
-9. Select **Save**.
-
-With your Articles content type ready, create some sample articles: 
-
-1. Go to *Content Manager*.
-2. Under *COLLECTION TYPES*, select *Articles*. 
-3. Select **+ Create new  entry**.
-4. Enter a title and some sample text in the content textbox.
-5. Select **Save** and then **Publish**.
-
-### Create Roles and Permissions
-
-Create an Author role and manage its permissions:
-1. From the left sidebar, select *Settings*.
-2. Under *Users & Permissions Plugin*, select *Roles*.
-3. Select **+ Add new role**.
-4. In the *Name* field, enter “Author” and enter a **Description** (for example, “User with author permissions”).
-5. Select the *Article* content type and **Select All**.
-6. Select **Save**.
-
-Create another role called Reader by repeating the steps above, but only select **find** and **findOne** from the Article content type permissions. 
-
-::: note
-Roles are authenticated by default. 
-:::
-
-### Create users
-
-Create **two users** with the following data.
-
-| **User 1**   | **User Data**       |
-|--------------|---------------------|
-| **username** | author              |
-| **email**    | author@strapi.io    |
-| **password** | strapi              |
-| **role**     | Author              |
-
-| **User 2**   | **User Data**       |
-|--------------|---------------------|
-| **username** | reader              |
-| **email**    | reader@strapi.io    |
-| **password** | strapi              |
-| **role**     | Reader              |
-
-## Log in as a Reader
-
-To log in as a user with the role of Reader, send a **POST** request to the `/api/auth/local` API route.
-
-:::: tabs card
-
-::: tab axios
-
-```js
-import axios from 'axios';
-
-const { data } = await axios.post('http://localhost:1337/api/auth/local', {
-  identifier: 'reader@strapi.io',
-  password: 'strapi',
-});
-
-console.log(data);
-```
-
-:::
-
-::: tab Postman
-
-If you use **Postman**, set the **body** to **raw** and select **JSON** as your data format:
-
-```json
-{
-  "identifier": "reader@strapi.io",
-  "password": "strapi"
-}
-```
-
-:::
-
-::::
-If your request is successful, you will receive the **user's JWT** in the `jwt` key:  
-
-```json
-{
-    "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiaWF0IjoxNTc2OTM4MTUwLCJleHAiOjE1Nzk1MzAxNTB9.UgsjjXkAZ-anD257BF7y1hbjuY3ogNceKfTAQtzDEsU",
-    "user": {
-        "id": 1,
-        "username": "reader",
-        ...
-    }
-}
-```
-
-Save the `JWT` in your application or copy it to your clipboard. You will use it to make future requests. 
-
-::: note
-See the [login documentation](/developer-docs/latest/plugins/users-permissions.md#login) for more information.
-:::
-
-### Fetch articles
-
-Fetch the Articles you created earlier by sending a **GET** request to the `/articles` route:
-
-:::: tabs card
-
-::: tab axios
-
-```js
-import axios from 'axios';
-
-const { data } = await axios.get('http://localhost:1337/api/articles');
-
-console.log(data);
-```
-
-:::
-
-::: tab Postman
-
-```http
-GET http://localhost:1337/api/articles
-```
-
-:::
-
-::::
-Your response will return a `403 Forbidden` error. 
-
-When a user sends an unauthorized request (a request that omits an `Authorization` header), Strapi assigns that user a [Public role](https://docs.strapi.io/developer-docs/latest/plugins/users-permissions.html#public-role) by default.
-
-To authenticate a user’s request, use the bearer authentication scheme by including an `Authorization` header signed with the user’s JWT ( `Bearer [JWT Token]`):  
-
-```js
-import axios from 'axios';
-
-const { data } = await axios.get('http://localhost:1337/api/articles', {
-  headers: {
-    Authorization:
-      'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiaWF0IjoxNTc2OTM4MTUwLCJleHAiOjE1Nzk1MzAxNTB9.UgsjjXkAZ-anD257BF7y1hbjuY3ogNceKfTAQtzDEsU',
-  },
-});
-
-console.log(data);
-```
-
-With your bearer token included in the `Authorization` header, you will receive a `Status: 200 OK` response and a payload containing your articles. 
-
-### Create an Article
-
-Now, create an Article by sending a **POST** request to the `/api/articles` route: 
-
-:::: tabs card
-
-::: tab axios 
-
-```js
-import axios from 'axios';
-
-const { data } = await axios.post(
-      'http://localhost:1337/api/articles',
-      {
-        data: {
-          title: 'my article',
-          content: 'my super article content',
-        }
-      },
-      {
-        headers: {
-          Authorization:
-            'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiaWF0IjoxNTc2OTM4MTUwLCJleHAiOjE1Nzk1MzAxNTB9.UgsjjXkAZ-anD257BF7y1hbjuY3ogNceKfTAQtzDEsU',
-        },
-      }
-    );
-
-    console.log(data);
-```
-
-:::
-
-::: tab Postman
-
-```json
-{
-  "data": {
-    "title": "my article",
-    "content": "my super article content"
-    }
-}
-```
-
-:::
-
-::::
-
-You will receive a `403 Forbidden` response because you made this request as a user with the role Reader.
-
-Only users with the role Author can create Articles. Sign in with the Author user credentials to receive your JWT. Then, send the **POST** request to the `/articles` endpoint by including the JWT in the `Authorization` header. 
-
-You will receive a `200 OK` response and see your new article in the payload.
diff --git a/docs/developer-docs/latest/plugins/users-permissions.md b/docs/developer-docs/latest/plugins/users-permissions.md
index 8a57c95d11..c586c43cb9 100644
--- a/docs/developer-docs/latest/plugins/users-permissions.md
+++ b/docs/developer-docs/latest/plugins/users-permissions.md
@@ -1,59 +1,123 @@
 ---
-title: Roles & Permissions - Strapi Developer Docs
+title: Users & Permissions - Strapi Developer Docs
 description: Protect your API with a full authentication process based on JWT and manage the permissions between the groups of users.
 sidebarDepth: 2
 canonicalUrl: https://docs.strapi.io/developer-docs/latest/plugins/users-permissions.html
 ---
 
-# Roles & Permissions
+# Users & Permissions
 
-This plugin provides a way to protect your API with a full authentication process based on JWT. This plugin comes also with an ACL strategy that allows you to manage the permissions between the groups of users.
+This plugin provides a full authentication process based on [JSON Web Tokens (JWT)](https://en.wikipedia.org/wiki/JSON_Web_Token) to protect your API. It also provides an access-control list (ACL) strategy that enables you to manage permissions between groups of users.
 
-To access the plugin admin panel, click on the **Settings** link in the left menu and then everything will be under the **USERS & PERMISSIONS PLUGIN** section.
+To access the plugin admin panel, click on the **Settings** link in the left menu of your Strapi application dashboard and under the **USERS & PERMISSIONS PLUGIN** section you will find sections for managing **Roles**, **Providers**, **Email Templates**, and **Advanced Settings**.
 
 ## Concept
 
 When this plugin is installed, it adds an access layer on your application.
-The plugin uses [`jwt token`](https://en.wikipedia.org/wiki/JSON_Web_Token) to authenticate users.
+The plugin uses `JWTs` to authenticate users. Your JWT contains your user ID, which is matched to the group your user is in and used to determine whether to allow access to the route.
 
-Each time an API request is sent, the server checks if an `Authorization` header is present and verifies if the user making the request has access to the resource.
-
-To do so, your JWT contains your user ID and we are able to match the group your user is in and at the end to know if the group allows access to the route.
+Each time an API request is sent the server checks if an `Authorization` header is present and verifies if the user making the request has access to the resource.
 
 ## Manage role permissions
 
 ### Public role
 
-This role is used when you receive a request that doesn't have an `Authorization` header.
-If you allow some permissions in this role, everybody will be able to access the endpoints you selected.
-This is common practice to select `find` / `findOne` endpoints when you want your front-end application to access all the content without developing user authentication and authorization.
+This is the default role used when the server receives a request without an `Authorization` header. Any permissions (i.e. accessible endpoints) granted to this role will be accessible by anyone.
+
+It is common practice to select `find` / `findOne` endpoints when you want your front-end application to access all the content without requiring user authentication and authorization.
 
 ### Authenticated role
 
-This is the default role that is given to every **new user** if no role is provided at creation. In this role you will be able to define routes that a user can access.
+This is the default role that is given to every **new user** at creation if no role is provided. In this role you define routes that a user can access.
 
 ### Permissions management
 
-By clicking on the **Role** name, you will be able to see all functions available in your application (and these functions are related to a specific route)
+By clicking on the **Role** name, you can see all functions available in your application (with these functions related to the specific route displayed).
 
-If you check a function name, it makes this route accessible by the current role you are editing.
-On the right sidebar you will be able to see the URL related to this function.
+If you check a function name, it makes this route accessible by the current role you are editing. On the right sidebar you can see the URL related to this function.
 
 ### Update the default role
 
-When you create a user without a role or if you use the `/api/auth/local/register` route, the `authenticated` role is given to the user.
+When you create a user without a role, or if you use the `/api/auth/local/register` route, the `authenticated` role is given to the user.
 
 To change the default role, go to the `Advanced settings` tab and update the `Default role for authenticated users` option.
 
 ## Authentication
 
+### Login
+
+Submit the user's identifier and password credentials for authentication. On successful authentication the response data will have the user's information along with an authentication token.
+
+#### Local
+
+The `identifier` param can be an **email** or **username**.
+
+:::: tabs card
+
+::: tab axios
+
+```js
+import axios from 'axios';
+
+// Request API.
+axios
+  .post('http://localhost:1337/api/auth/local', {
+    identifier: 'user@strapi.io',
+    password: 'strapiPassword',
+  })
+  .then(response => {
+    // Handle success.
+    console.log('Well done!');
+    console.log('User profile', response.data.user);
+    console.log('User token', response.data.jwt);
+  })
+  .catch(error => {
+    // Handle error.
+    console.log('An error occurred:', error.response);
+  });
+```
+
+:::
+
+::: tab Postman
+
+If you use **Postman**, set the **body** to **raw** and select **JSON** as your data format:
+
+```json
+{
+  "identifier": "user@strapi.io",
+  "password": "strapiPassword"
+}
+```
+
+If the request is successful you will receive the **user's JWT** in the `jwt` key:  
+
+```json
+{
+    "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiaWF0IjoxNTc2OTM4MTUwLCJleHAiOjE1Nzk1MzAxNTB9.UgsjjXkAZ-anD257BF7y1hbjuY3ogNceKfTAQtzDEsU",
+    "user": {
+        "id": 1,
+        "username": "user",
+        ...
+    }
+}
+``` 
+
+:::
+
+::::
+
 ### Token usage
 
-A jwt token may be used for making permission-restricted API requests. To make an API request as a user, place the jwt token into an `Authorization` header of the GET request. A request without a token, will assume the `public` role permissions by default. Modify the permissions of each user's role in admin dashboard. Authentication failures return a 401 (unauthorized) error.
+The `jwt` may then be used for making permission-restricted API requests. To make an API request as a user place the JWT into an `Authorization` header of the `GET` request. 
+
+Any request without a token will assume the `public` role permissions by default. Modify the permissions of each user's role in the admin dashboard. 
+
+Authentication failures return a `401 (unauthorized)` error.
 
 #### Usage
 
-- The `token` variable is the `data.jwt` received when logging in or registering.
+The `token` variable is the `data.jwt` received when logging in or registering.
 
 ```js
 import axios from 'axios';
@@ -80,12 +144,13 @@ axios
 ### JWT configuration
 
 You can configure the JWT generation by using the [plugins configuration file](/developer-docs/latest/setup-deployment-guides/configurations/optional/plugins.md).
-We are using [jsonwebtoken](https://www.npmjs.com/package/jsonwebtoken) to generate the JWT.
+
+Strapi uses [jsonwebtoken](https://www.npmjs.com/package/jsonwebtoken) to generate the JWT.
 
 Available options:
 
 - `jwtSecret`: random string used to create new JWTs, typically set using the `JWT_SECRET` [environment variable](/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.md#strapi-s-environment-variables).
-- `jwt.expiresIn`: expressed in seconds or a string describing a time span zeit/ms.<br>
+- `jwt.expiresIn`: expressed in seconds or a string describing a time span.<br>
   Eg: 60, "45m", "10h", "2 days", "7d", "2y". A numeric value is interpreted as a seconds count. If you use a string be sure you provide the time units (minutes, hours, days, years, etc), otherwise milliseconds unit is used by default ("120" is equal to "120ms").
 
 <code-group>
@@ -133,7 +198,7 @@ export default ({ env }) => ({
 </code-group>
 
 :::warning
-Setting JWT expiry for more than 30 days is **absolutely not recommended** due to massive security concerns.
+Setting JWT expiry for more than 30 days is **not recommended** due to security concerns.
 :::
 
 ### Registration
@@ -165,60 +230,32 @@ axios
   });
 ```
 
-### Login
-
-Submit the user's identifier and password credentials for authentication. When the authentication is successful, the response data returned will have the user's information along with a jwt authentication token.
-
-#### Local
-
-- The `identifier` param can either be an **email** or a **username**.
-
-```js
-import axios from 'axios';
-
-// Request API.
-axios
-  .post('http://localhost:1337/api/auth/local', {
-    identifier: 'user@strapi.io',
-    password: 'strapiPassword',
-  })
-  .then(response => {
-    // Handle success.
-    console.log('Well done!');
-    console.log('User profile', response.data.user);
-    console.log('User token', response.data.jwt);
-  })
-  .catch(error => {
-    // Handle error.
-    console.log('An error occurred:', error.response);
-  });
-```
-
 ### Providers
 
-Thanks to [Grant](https://github.com/simov/grant) and [Purest](https://github.com/simov/purest), you can easily use OAuth and OAuth2 providers to enable authentication in your application.
+Thanks to [Grant](https://github.com/simov/grant) and [Purest](https://github.com/simov/purest), you can use OAuth and OAuth2 providers to enable authentication in your application.
 
-For better understanding, you may find as follows the description of the login flow. To simplify the explanation, we used `github` as the provider but it works the same for the other providers.
+For better understanding, review the following description of the login flow. We used `github` as the provider but it works the same for other providers.
 
 #### Understanding the login flow
 
-Let's say that strapi's backend is located at: strapi.website.com.
-Let's say that your app frontend is located at: website.com.
+Let's say that:
+* Strapi's backend is located at: `strapi.website.com`, and
+* Your app frontend is located at: `website.com`
 
-1. The user goes on your frontend app (`https://website.com`) and click on your button `connect with Github`.
-2. The frontend redirect the tab to the backend URL: `https://strapi.website.com/api/connect/github`.
+1. The user goes on your frontend app (`https://website.com`) and clicks on your button `connect with Github`.
+2. The frontend redirects the tab to the backend URL: `https://strapi.website.com/api/connect/github`.
 3. The backend redirects the tab to the GitHub login page where the user logs in.
 4. Once done, Github redirects the tab to the backend URL:`https://strapi.website.com/api/connect/github/callback?code=abcdef`.
-5. The backend uses the given `code` to get from Github an `access_token` that can be used for a period of time to make authorized requests to Github to get the user info (the email of the user of example).
-6. Then, the backend redirects the tab to the url of your choice with the param `access_token` (example: `http://website.com/connect/github/redirect?access_token=eyfvg`)
-7. The frontend (`http://website.com/connect/github/redirect`) calls the backend with `https://strapi.website.com/api/auth/github/callback?access_token=eyfvg` that returns the strapi user profile with its `jwt`. <br> (Under the hood, the backend asks Github for the user's profile and a match is done on Github user's email address and Strapi user's email address)
+5. The backend uses the given `code` to get an `access_token` from Github that can be used for a period of time to make authorized requests to Github to get the user info.
+6. Then, the backend redirects the tab to the url of your choice with the param `access_token` (example: `http://website.com/connect/github/redirect?access_token=eyfvg`).
+7. The frontend (`http://website.com/connect/github/redirect`) calls the backend with `https://strapi.website.com/api/auth/github/callback?access_token=eyfvg` that returns the Strapi user profile with its `jwt`. <br> (Under the hood, the backend asks Github for the user's profile and a match is done on Github user's email address and Strapi user's email address).
 8. The frontend now possesses the user's `jwt`, which means the user is connected and the frontend can make authenticated requests to the backend!
 
 An example of a frontend app that handles this flow can be found here: [react login example app](https://github.com/strapi/strapi-examples/tree/master/login-react).
 
 #### Setting up the server url
 
-Before setting up a provider, you need to specify the absolute url of your backend in `server.js`.
+Before setting up a provider you must specify the absolute url of your backend in `server.js`.
 
 **example -** `config/server.js`
 

From 802b617faada751f73b4c02092b181b90535079e Mon Sep 17 00:00:00 2001
From: Gabriel <83644514+gpene@users.noreply.github.com>
Date: Fri, 14 Oct 2022 11:31:17 +0200
Subject: [PATCH 2/5] Edits & Remove Outdated content

---
 .../latest/plugins/users-permissions.md       | 59 ++++++++++---------
 1 file changed, 30 insertions(+), 29 deletions(-)

diff --git a/docs/developer-docs/latest/plugins/users-permissions.md b/docs/developer-docs/latest/plugins/users-permissions.md
index c586c43cb9..82a5992000 100644
--- a/docs/developer-docs/latest/plugins/users-permissions.md
+++ b/docs/developer-docs/latest/plugins/users-permissions.md
@@ -234,7 +234,7 @@ axios
 
 Thanks to [Grant](https://github.com/simov/grant) and [Purest](https://github.com/simov/purest), you can use OAuth and OAuth2 providers to enable authentication in your application.
 
-For better understanding, review the following description of the login flow. We used `github` as the provider but it works the same for other providers.
+For better understanding, review the following description of the login flow. We use `github` as the provider but it works the same for other providers.
 
 #### Understanding the login flow
 
@@ -292,12 +292,12 @@ export default ({ env }) => ({
 </code-group>
 
 :::tip
-Later on you will give this url to your provider. <br> For development, some providers accept the use of localhost urls but many don't. In this case we recommend to use [ngrok](https://ngrok.com/docs) (`ngrok http 1337`) that will make a proxy tunnel from a url it created to your localhost url (ex: `url: env('', 'https://5299e8514242.ngrok.io'),`).
+Later you will give this url to your provider. <br> For development, some providers accept the use of localhost urls but many don't. In this case we recommend to use [ngrok](https://ngrok.com/docs) (`ngrok http 1337`) that will make a proxy tunnel from a url it created to your localhost url (ex: `url: env('', 'https://5299e8514242.ngrok.io'),`).
 :::
 
 #### Setting up the provider - examples
 
-Instead of a generic explanation, for better understanding, we decided to show an example for each provider.
+Instead of a generic explanation we decided to show an example for each provider.
 
 In the following examples, the frontend app will be the [react login example app](https://github.com/strapi/strapi-examples/tree/master/login-react). <br>
 It (the frontend app) will be running on `http://localhost:3000`. <br>
@@ -819,28 +819,28 @@ Now you can make authenticated requests 🎉 More info here: [token usage](#toke
 
 ::: tab Forgot & Reset flow
 
-The flow was thought this way:
+The assumed general flow:
 
-1. The user goes to your **forgotten password page**
-2. The user enters his/her email address
-3. Your forgotten password page sends a request to the backend to send an email with the reset password link to the user
-4. The user receives the email, and clicks on the special link
-5. The link redirects the user to your **reset password page**
-6. The user enters his/her new password
-7. The **reset password page** sends a request to the backend with the new password
-8. If the request contains the code contained in the link at step 3., the password is updated
-9. The user can log in with the new password
+1. The user goes to your **forgotten password page**.
+2. The user enters their email address.
+3. Your forgotten password page sends a request to the backend to send an email with the reset password link to the user.
+4. The user receives the email and clicks on the special link.
+5. The link redirects the user to your **reset password page**.
+6. The user enters their new password.
+7. The **reset password page** sends a request to the backend with the new password.
+8. If the request contains the code contained in the link at step 3, the password is updated.
+9. The user can log in with the new password.
 
 In the following section we will detail steps 3. and 7..
 
 #### Forgotten password: ask for the reset password link
 
-This action sends an email to a user with the link to your own reset password page.
-The link will be enriched with the url param `code` that is needed for the [reset password](#reset-password) at step 7..
+This action sends an email to a user with the link to your reset password page.
+The link will be enriched with the url param `code` that is needed for the [reset password](#reset-password) at step 7.
 
 First, you must specify the url to your reset password page in the admin panel: **Settings > USERS & PERMISSIONS PLUGIN > Advanced Settings > Reset Password Page**.
 
-Then, your **forgotten password page** has to make the following request to your backend.
+Then, your **forgotten password page** has to make the following request to your backend:
 
 ```js
 import axios from 'axios';
@@ -861,9 +861,9 @@ axios
 #### Reset Password: send the new password
 
 This action will update the user password.
-Also works with the [GraphQL Plugin](./graphql.md), with the `resetPassword` mutation.
+This also works with the [GraphQL Plugin](./graphql.md), with the `resetPassword` mutation.
 
-Your **reset password page** has to make the following request to your backend.
+Your **reset password page** has to make the following request to your backend:
 
 ```js
 import axios from 'axios';
@@ -903,7 +903,7 @@ axios.post(
   },
   {
     headers: {
-      Authorization: 'Bearer <user jwt token>',
+      Authorization: 'Bearer <user jwt>',
     },
   }
 );
@@ -919,11 +919,11 @@ axios.post(
 In production, make sure the `url` config property is set. Otherwise the validation link will redirect to `localhost`. More info on the config [here](/developer-docs/latest/setup-deployment-guides/configurations/required/server.md).
 :::
 
-After having registered, if you have set **Enable email confirmation** to **ON**, the user will receive a confirmation link by email. The user has to click on it to validate his/her registration.
+After registering, if you have set **Enable email confirmation** to **ON**, the user will receive a confirmation link by email. The user has to click on it to validate their registration.
 
 _Example of the confirmation link:_ `https://yourwebsite.com/api/auth/email-confirmation?confirmation=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MywiaWF0IjoxNTk0OTgxMTE3LCJleHAiOjE1OTc1NzMxMTd9.0WeB-mvuguMyr4eY8CypTZDkunR--vZYzZH6h6sChFg`
 
-If needed, you can re-send the confirmation email by making the following request.
+If needed you can re-send the confirmation email by making the following request:
 
 ```js
 import axios from 'axios';
@@ -945,9 +945,7 @@ axios
 
 The `user` object is available to successfully authenticated requests.
 
-#### Usage
-
-- The authenticated `user` object is a property of `ctx.state`.
+The authenticated `user` object is a property of `ctx.state`.
 
 ```js
 create: async ctx => {
@@ -965,6 +963,8 @@ create: async ctx => {
 };
 ```
 
+<!-- Needs to be updated to v4>
+
 ## Adding a new provider (to your project)
 
 ::: caution
@@ -1085,12 +1085,11 @@ discord: {
   ]
 },
 ```
-
-<!-- #### Tests -->
+-->
 
 ## Templating emails
 
-By default, this plugin comes with only two templates (reset password and email address confirmation) at the moment. More templates will come later. The templates use Lodash's template() method to populate the variables.
+By default this plugin comes with two templates: reset password and email address confirmation. More templates will come later. The templates use Lodash's `template()` method to populate the variables.
 
 You can update these templates under **Plugins** > **Roles & Permissions** > **Email Templates** tab in the admin panel.
 
@@ -1112,7 +1111,9 @@ You can update these templates under **Plugins** > **Roles & Permissions** > **E
 
 ## Security configuration
 
-JWT tokens can be verified and trusted because the information is digitally signed. To sign a token a _secret_ is required. By default Strapi generates one that is stored in `./extensions/users-permissions/config/jwt.js`. This is useful during development but for security reasons it is **recommended** to set a custom token via an environment variable `JWT_SECRET` when deploying to production.
+JWTs can be verified and trusted because the information is digitally signed. To sign a token a _secret_ is required. By default Strapi generates and stores it in `./extensions/users-permissions/config/jwt.js`. 
+
+This is useful during development but for security reasons it is **recommended** to set a custom token via an environment variable `JWT_SECRET` when deploying to production.
 
 By default you can set a `JWT_SECRET` environment variable and it will be used as secret. If you want to use another variable you can update the configuration file.
 
@@ -1145,5 +1146,5 @@ export default {
 </code-group>
 
 ::: tip
-You can learn more on configuration in the documentation [here](/developer-docs/latest/setup-deployment-guides/configurations.md).
+You can learn more about configuration [here](/developer-docs/latest/setup-deployment-guides/configurations.md).
 :::

From bd74724d1647389b936dc449fca92f100b610d03 Mon Sep 17 00:00:00 2001
From: Gabriel <83644514+gpene@users.noreply.github.com>
Date: Tue, 18 Oct 2022 13:17:04 +0200
Subject: [PATCH 3/5] Update
 docs/developer-docs/latest/plugins/users-permissions.md

Co-authored-by: Shaun Brown  <97027841+StrapiShaun@users.noreply.github.com>
---
 docs/developer-docs/latest/plugins/users-permissions.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/developer-docs/latest/plugins/users-permissions.md b/docs/developer-docs/latest/plugins/users-permissions.md
index 82a5992000..3e44f9a067 100644
--- a/docs/developer-docs/latest/plugins/users-permissions.md
+++ b/docs/developer-docs/latest/plugins/users-permissions.md
@@ -1089,7 +1089,7 @@ discord: {
 
 ## Templating emails
 
-By default this plugin comes with two templates: reset password and email address confirmation. More templates will come later. The templates use Lodash's `template()` method to populate the variables.
+By default this plugin comes with two templates: reset password and email address confirmation. The templates use Lodash's `template()` method to populate the variables.
 
 You can update these templates under **Plugins** > **Roles & Permissions** > **Email Templates** tab in the admin panel.
 

From 37dad03d7a8a1e9140dc33f8159a4ef59126b70f Mon Sep 17 00:00:00 2001
From: Pierre Wizla <pwizla+github@gmail.com>
Date: Tue, 25 Oct 2022 17:20:50 +0200
Subject: [PATCH 4/5] Add redirection :)

---
 docs/.vuepress/redirects | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/.vuepress/redirects b/docs/.vuepress/redirects
index 073a8289ee..8c322a2a1d 100644
--- a/docs/.vuepress/redirects
+++ b/docs/.vuepress/redirects
@@ -5,3 +5,4 @@
 /developer-docs/latest/setup-deployment-guides/installation/platformsh.html /developer-docs/latest/setup-deployment-guides/installation/installation.html
 /developer-docs/latest/setup-deployment-guides/installation/digitalocean-customization.html /developer-docs/latest/setup-deployment-guides/installation/installation.html
 /developer-docs/latest/concepts/draft-and-publish.html /user-docs/latest/content-manager/saving-and-publishing-content.html
+/developer-docs/latest/guides/auth-request.html /developer-docs/latest/plugins/users-permissions.html

From bfc379478bf9845447064699930ec441b299f846 Mon Sep 17 00:00:00 2001
From: Gabriel <83644514+gpene@users.noreply.github.com>
Date: Tue, 25 Oct 2022 18:04:47 +0200
Subject: [PATCH 5/5] Forget PW updates

---
 docs/developer-docs/latest/plugins/users-permissions.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/docs/developer-docs/latest/plugins/users-permissions.md b/docs/developer-docs/latest/plugins/users-permissions.md
index 3e44f9a067..93ead4641e 100644
--- a/docs/developer-docs/latest/plugins/users-permissions.md
+++ b/docs/developer-docs/latest/plugins/users-permissions.md
@@ -835,10 +835,12 @@ In the following section we will detail steps 3. and 7..
 
 #### Forgotten password: ask for the reset password link
 
-This action sends an email to a user with the link to your reset password page.
-The link will be enriched with the url param `code` that is needed for the [reset password](#reset-password) at step 7.
+This action sends an email to a user with the link to your reset password page. The link will be enriched with the url param `code` that is needed for the [reset password](#reset-password) at step 7.
 
-First, you must specify the url to your reset password page in the admin panel: **Settings > USERS & PERMISSIONS PLUGIN > Advanced Settings > Reset Password Page**.
+First, you must specify the following:
+
+*  In the admin panel: **Settings > USERS & PERMISSIONS PLUGIN > Advanced Settings > Reset Password** page, the `url` to your reset password page.
+* In the admin panel: **Settings > USERS & PERMISSIONS PLUGIN > Email Template** page, the **Shipper email**.
 
 Then, your **forgotten password page** has to make the following request to your backend: