AP-283 Normalise section headings in the Authenticate your user page

source/before-integrating/choose-which-user-attributes-your-service-can-request.html.md.erb

@@ -31,7 +31,7 @@ You can find details of the scopes in the following table.
 | `openid`          | Required              | OIDC requests to the `/authorize` endpoint must contain the `openid` scope value to indicate that an application intends to use the OIDC protocol. <br> <br>This will return the sub claim, which uniquely identifies your user. |
 | `email`           | Optional              | Returns the `email` claim, which contains:<ul><li>your user's email address</li><li>`email_verified`, which is a boolean indicating whether your user has verified their email address or not</li></ul> |
 | `phone`           | Optional              | Returns the `phone_number` claim, which contains:<ul><li>your user's phone number</li><li>`phone_number_verified`, which is a boolean indicating whether your user has verified their phone number or not</li></ul> |
-| `wallet-subject-id` | Optional (required to use GOV.UK Wallet) | Returns the `walletSubjectId` claim, which is a pairwise identifier that GOV.UK Wallet uses when it issues a credential. By comparing the returned value with the value GOV.UK Wallet submits when requesting a credential, you can be sure that the user logged into your service and GOV.UK Wallet are the same user. <br> <br>You must include this scope if you plan to [onboard with GOV.UK Wallet](https://docs.wallet.service.gov.uk/before-integrating.html#onboard-with-gov-uk-one-login) after you have onboarded with GOV.UK One Login. <br> <br>The value is returned in the format: <br>`urn:fdc:wallet.account.gov.uk:2024:3c_jJtXcLttICSNrkW7M1vO2_w-SMDm2nrHsZpWQQ9`<br> <br>where the part after `urn:fdc:` is [Base 64 Encoding with URL and Filename Safe Alphabet](https://datatracker.ietf.org/doc/html/rfc4648#section-5) of the output from a SHA256 hash function.    |
+| `wallet-subject-id` | Optional (required to use GOV.UK Wallet) | Returns the `walletSubjectId` claim, which is a pairwise identifier that GOV.UK Wallet uses when it issues a credential. By comparing the returned value with the value GOV.UK Wallet submits when requesting a credential, you can be sure that the user logged into your service and GOV.UK Wallet are the same user. <br> <br>You must include this scope if you plan to [onboard with GOV.UK Wallet](https://docs.wallet.service.gov.uk/issue-credentials/before-integrating.html#onboard-with-gov-uk-one-login) after you have onboarded with GOV.UK One Login. <br> <br>The value is returned in the format: <br>`urn:fdc:wallet.account.gov.uk:2024:3c_jJtXcLttICSNrkW7M1vO2_w-SMDm2nrHsZpWQQ9`<br> <br>where the part after `urn:fdc:` is [Base 64 Encoding with URL and Filename Safe Alphabet](https://datatracker.ietf.org/doc/html/rfc4648#section-5) of the output from a SHA256 hash function.    |
 
 ## Choose which claims your service can request
 

source/configure-for-production/index.html.md.erb

@@ -46,7 +46,7 @@ Before you can configure your service for production, you must [integrate with G
 | `SubjectType` | Leave this field as `pairwise`. |
 | `TestClient` | Leave this field as `false`.  |
 | `TokenAuthMethod` | Specify the token authentication method your service is using. This will be `private_key_jwt` or `client_secret_post`. <br><br>There’s further [guidance on using the correct token authentication method for your service](/before-integrating/use-correct-token-authentication-method/).   |
-| `PKCEEnforced` | Specify whether your service must provide the parameters required for Proof Key for Code Exchange (PKCE) protocol in the [authorize](/integrate-with-integration-environment/authenticate-your-user/#make-a-request-to-the-authorize-endpoint) and [token](/integrate-with-integration-environment/authenticate-your-user/#make-a-token-request) requests. <br><br>You can [read more about PKCE in RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636).   |
+| `PKCEEnforced` | Specify whether your service must provide the parameters required for Proof Key for Code Exchange (PKCE) protocol in the [authorize](/integrate-with-integration-environment/authenticate-your-user/#make-a-request-to-the-authorize-endpoint) and [token](/integrate-with-integration-environment/authenticate-your-user/#make-a-request-to-the-token-endpoint) requests. <br><br>You can [read more about PKCE in RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636).   |
 
 
 ## Use the production discovery endpoint

source/how-gov-uk-one-login-works.html.md.erb

@@ -54,7 +54,7 @@ You should <a href="/integrate-with-integration-environment/authenticate-your-us
 
 <ol start="12">
 <li>Your service <a href="/integrate-with-integration-environment/authenticate-your-user/#create-a-jwt-assertion">creates a JWT assertion</a> and signs it with its private key.</li>
-<li>Your service sends a <code>POST</code> request to the <a href="/integrate-with-integration-environment/authenticate-your-user/#make-a-token-request"><code>/token</code></a> endpoint, including the <a href="/integrate-with-integration-environment/authenticate-your-user/#generate-an-authorisation-code">authorisation code</a> and <a href="/integrate-with-integration-environment/authenticate-your-user/#create-a-jwt-assertion">assertion</a>.</li>
+<li>Your service sends a <code>POST</code> request to the <a href="/integrate-with-integration-environment/authenticate-your-user/#make-a-request-to-the-token-endpoint"><code>/token</code></a> endpoint, including the <a href="/integrate-with-integration-environment/authenticate-your-user/#generate-an-authorisation-code">authorisation code</a> and <a href="/integrate-with-integration-environment/authenticate-your-user/#create-a-jwt-assertion">assertion</a>.</li>
 <li>GOV.UK One Login sends a <code>GET</code> request to your <code>/.well-known/jwks.json endpoint</code> to fetch your public keys, which verify the signature on the request JWT passed in your authorize request.</li>
 <li>Your service returns the public keys as a <a href="https://datatracker.ietf.org/doc/html/rfc7517#section-5">JWKS document</a>. GOV.UK One Login caches these keys for 24 hours.</li>
 <li>GOV.UK One Login validates the token request. This includes validating the assertion JWT signature using the public key from the JWKS that matches the <code>kid</code> specified in the assertion JWT header.</li>
@@ -69,8 +69,8 @@ You should <a href="/integrate-with-integration-environment/authenticate-your-us
 ### Retrieve userinfo
 
 <ol start="21">
-<li>Your service sends a <code>GET</code> request to the <a href="/integrate-with-integration-environment/authenticate-your-user/#retrieve-user-information"><code>/userinfo</code></a> endpoint, including the access token received in response to the <a href="/integrate-with-integration-environment/authenticate-your-user/#make-a-token-request"><code>POST /token</code></a> request.</li>
-<li>GOV.UK One Login returns the <a href="/integrate-with-integration-environment/authenticate-your-user/#receive-response-for-retrieve-user-information">userinfo</a> (including a <a href="/integrate-with-integration-environment/prove-users-identity/#understand-your-user-s-core-identity-claim">core identity claim</a> if requested).</li>
+<li>Your service sends a <code>GET</code> request to the <a href="/integrate-with-integration-environment/authenticate-your-user/#make-a-request-to-the-userinfo-endpoint"><code>/userinfo</code></a> endpoint, including the access token received in response to the <a href="/integrate-with-integration-environment/authenticate-your-user/#make-a-request-to-the-token-endpoint"><code>POST /token</code></a> request.</li>
+<li>GOV.UK One Login returns the <a href="/integrate-with-integration-environment/authenticate-your-user/#responses-from-the-userinfo-endpoint">userinfo</a> (including a <a href="/integrate-with-integration-environment/prove-users-identity/#understand-your-user-s-core-identity-claim">core identity claim</a> if requested).</li>
 <li>Your service sends a <code>GET</code> request to the GOV.UK One Login <code>/.well-known/did.json</code> to fetch its public keys, which verify the signature on the core identity claim JWT issued by GOV.UK One Login.</li>
 <li>GOV.UK One Login returns its public keys in a DID document.</li>
 <li>Your service <a href="/integrate-with-integration-environment/prove-users-identity/#validate-the-core-identity-claim-jwt-using-a-public-key">validates the signature of the core identity claim</a> with the public key from the DID document with the matching <code>kid</code>.</li>