markdown links in summary blocks

docs/user-guides/anonymous-access.md

@@ -3,14 +3,10 @@
 Bypass identity verification or fall back to anonymous access when credentials fail to validate
 
 <details markdown="1">
-  <summary>
-    <strong>Authorino capabilities featured in this guide:</strong>
-    <ul>
-      <li>Identity verification & authentication → <a href="./../features.md#anonymous-access-authenticationanonymous">Anonymous access</a></li>
-    </ul>
-  </summary>
-
-  For further details about Authorino features in general, check the [docs](./../features.md).
+  <summary>Authorino capabilities featured in this guide</summary>
+  - Identity verification & authentication →[Anonymous access](./../features.md#anonymous-access-authenticationanonymous)
+
+    For further details about Authorino features in general, check the [docs](./../features.md).
 </details>
 
 <br/>

docs/user-guides/api-key-authentication.md

@@ -3,12 +3,8 @@
 Issue API keys stored in Kubernetes `Secret`s for clients to authenticate with your protected hosts.
 
 <details markdown="1">
-  <summary>
-    <strong>Authorino capabilities featured in this guide:</strong>
-    <ul>
-      <li>Identity verification & authentication → <a href="../features.md#api-key-authenticationapikey">API key</a></li>
-    </ul>
-  </summary>
+  <summary>Authorino capabilities featured in this guide</summary>
+  - Identity verification & authentication →[API key](../features.md#api-key-authenticationapikey)
 
   In Authorino, API keys are stored as Kubernetes `Secret`s. Each resource must contain an `api_key` entry with the value of the API key, and labeled to match the selectors specified in `spec.identity.apiKey.selector` of the `AuthConfig`.
 

docs/user-guides/authenticated-rate-limiting-envoy-dynamic-metadata.md

@@ -3,14 +3,10 @@
 Provide Envoy with dynamic metadata about the external authorization process to be injected into the rate limiting filter.
 
 <details markdown="1">
-  <summary>
-    <strong>Authorino capabilities featured in this guide:</strong>
-    <ul>
-      <li>Dynamic response → Response wrappers → <a href="../features.md#envoy-dynamic-metadata">Envoy Dynamic Metadata</a></li>
-      <li>Dynamic response → <a href="../features.md#json-injection-responsesuccessheadersdynamicmetadatajson">JSON injection</a></li>
-      <li>Identity verification & authentication → <a href="../features.md#api-key-authenticationapikey">API key</a></li>
-    </ul>
-  </summary>
+  <summary>Authorino capabilities featured in this guide</summary>
+  - Dynamic response → Response wrappers →[Envoy Dynamic Metadata](../features.md#envoy-dynamic-metadata)
+  - Dynamic response →[JSON injection](../features.md#json-injection-responsesuccessheadersdynamicmetadatajson)
+  - Identity verification & authentication →[API key](../features.md#api-key-authenticationapikey)
 
   Dynamic JSON objects built out of static values and values fetched from the [Authorization JSON](../architecture.md#the-authorization-json) can be wrapped to be returned to the reverse-proxy as Envoy Well Known Dynamic Metadata content. Envoy can use those to inject data returned by the external authorization service into the other filters, such as the rate limiting filter.
 

docs/user-guides/authzed.md

@@ -3,13 +3,9 @@
 Permission requests sent to a Google Zanzibar-based [Authzed/SpiceDB](https://authzed.com) instance, via gRPC.
 
 <details markdown="1">
-  <summary>
-    <strong>Authorino capabilities featured in this guide:</strong>
-    <ul>
-      <li>Authorization → <a href="../features.md#spicedb-authorizationspicedb">SpiceDB</a></li>
-      <li>Identity verification & authentication → <a href="../features.md#api-key-authenticationapikey">API key</a></li>
-    </ul>
-  </summary>
+  <summary>Authorino capabilities featured in this guide</summary>
+  - Authorization →[SpiceDB](../features.md#spicedb-authorizationspicedb)
+  - Identity verification & authentication →[API key](../features.md#api-key-authenticationapikey)
 </details>
 
 <br/>

docs/user-guides/caching.md

@@ -17,18 +17,14 @@ Cases where one will **NOT** want to enable caching, due to relatively cheap com
 - Anonymous access
 
 <details markdown="1">
-  <summary>
-    <strong>Authorino capabilities featured in this guide:</strong>
-    <ul>
-      <li>Common feature → <a href="../features.md#common-feature-caching-cache">Caching</a></li>
-      <li>Identity verification & authentication → <a href="../features.md#anonymous-access-authenticationanonymous">Anonymous access</a></li>
-      <li>External auth metadata → <a href="../features.md#http-getget-by-post-metadatahttp">HTTP GET/GET-by-POST</a></li>
-      <li>Authorization → <a href="../features.md#open-policy-agent-opa-rego-policies-authorizationopa">Open Policy Agent (OPA) Rego policies</a></li>
-      <li>Dynamic response → <a href="../features.md#json-injection-responsesuccessheadersdynamicmetadatajson">JSON injection</a></li>
-    </ul>
-  </summary>
-
-  For further details about Authorino features in general, check the [docs](../features.md).
+  <summary>Authorino capabilities featured in this guide</summary>
+  - Common feature →[Caching](../features.md#common-feature-caching-cache)
+  - Identity verification & authentication →[Anonymous access](../features.md#anonymous-access-authenticationanonymous)
+  - External auth metadata →[HTTP GET/GET-by-POST](../features.md#http-getget-by-post-metadatahttp)
+  - Authorization →[Open Policy Agent (OPA) Rego policies](../features.md#open-policy-agent-opa-rego-policies-authorizationopa)
+  - Dynamic response →[JSON injection](../features.md#json-injection-responsesuccessheadersdynamicmetadatajson)
+
+    For further details about Authorino features in general, check the [docs](../features.md).
 </details>
 
 <br/>

docs/user-guides/deny-with-redirect-to-login.md

@@ -3,14 +3,10 @@
 Customize response status code and headers on failed requests to redirect users of a web application protected with Authorino to a login page instead of a `401 Unauthorized`.
 
 <details markdown="1">
-  <summary>
-    <strong>Authorino capabilities featured in this guide:</strong>
-    <ul>
-      <li>Dynamic response → <a href="../features.md#custom-denial-status-responseunauthenticated-and-responseunauthorized">Custom denial status</a></li>
-      <li>Identity verification & authentication → <a href="../features.md#api-key-authenticationapikey">API key</a></li>
-      <li>Identity verification & authentication → <a href="../features.md#jwt-verification-authenticationjwt">JWT verification</a></li>
-    </ul>
-  </summary>
+  <summary>Authorino capabilities featured in this guide</summary>
+  - Dynamic response →[Custom denial status](../features.md#custom-denial-status-responseunauthenticated-and-responseunauthorized)
+  - Identity verification & authentication →[API key](../features.md#api-key-authenticationapikey)
+  - Identity verification & authentication →[JWT verification](../features.md#jwt-verification-authenticationjwt)
 
   Authorino's default response status codes, messages and headers for unauthenticated (`401`) and unauthorized (`403`) requests can be customized with static values and values fetched from the [Authorization JSON](../architecture.md#the-authorization-json).
 

docs/user-guides/edge-authentication-architecture-festival-wristbands.md

@@ -11,15 +11,11 @@ The very definition of "edge" is subject to discussion, but the underlying idea
 As a minimum, EAA allows to simplify authentication between applications and microservices inside the network, as well as to reduce authorization to domain-specific rules and policies, rather than having to deal all the complexity to support all types of clients in every node.
 
 <details markdown="1">
-  <summary>
-    <strong>Authorino capabilities featured in this guide:</strong>
-    <ul>
-      <li>Dynamic response → <a href="../features.md#festival-wristband-tokens-responsesuccessheadersdynamicmetadatawristband">Festival Wristband tokens</a></li>
-      <li>Identity verification & authentication → <a href="../features.md#extra-identity-extension-authenticationdefaults-and-authenticationoverrides">Identity extension</a></li>
-      <li>Identity verification & authentication → <a href="../features.md#api-key-authenticationapikey">API key</a></li>
-      <li>Identity verification & authentication → <a href="../features.md#jwt-verification-authenticationjwt">JWT verification</a></li>
-    </ul>
-  </summary>
+  <summary>Authorino capabilities featured in this guide</summary>
+  - Dynamic response →[Festival Wristband tokens](../features.md#festival-wristband-tokens-responsesuccessheadersdynamicmetadatawristband)
+  - Identity verification & authentication →[Identity extension](../features.md#extra-identity-extension-authenticationdefaults-and-authenticationoverrides)
+  - Identity verification & authentication →[API key](../features.md#api-key-authenticationapikey)
+  - Identity verification & authentication →[JWT verification](../features.md#jwt-verification-authenticationjwt)
 
   Festival Wristbands are OpenID Connect ID tokens (signed JWTs) issued by Authorino by the end of the Auth Pipeline, for authorized requests. It can be configured to include claims based on static values and values fetched from the [Authorization JSON](../architecture.md#the-authorization-json).
 

docs/user-guides/envoy-jwt-authn-and-authorino.md

@@ -9,17 +9,13 @@ The policy defines a geo-fence by which only requests originated in Great Britai
 All requests to the Talker API will be authenticated in Envoy. However, requests to `/global` will **not** trigger the external authorization.
 
 <details markdown="1">
-  <summary>
-    <strong>Authorino capabilities featured in this guide:</strong>
-    <ul>
-      <li>Identity verification & authentication → <a href="../features.md#plain-authenticationplain">Plain</a></li>
-      <li>External auth metadata → <a href="../features.md#http-getget-by-post-metadatahttp">HTTP GET/GET-by-POST</a></li>
-      <li>Authorization → <a href="../features.md#pattern-matching-authorization-authorizationpatternmatching">Pattern-matching authorization</a></li>
-      <li>Dynamic response → <a href="../features.md#custom-denial-status-responseunauthenticated-and-responseunauthorized">Custom denial status</a></li>
-    </ul>
-  </summary>
-
-  For further details about Authorino features in general, check the [docs](../features.md).
+  <summary>Authorino capabilities featured in this guide</summary>
+  - Identity verification & authentication →[Plain](../features.md#plain-authenticationplain)
+  - External auth metadata →[HTTP GET/GET-by-POST](../features.md#http-getget-by-post-metadatahttp)
+  - Authorization →[Pattern-matching authorization](../features.md#pattern-matching-authorization-authorizationpatternmatching)
+  - Dynamic response →[Custom denial status](../features.md#custom-denial-status-responseunauthenticated-and-responseunauthorized)
+
+    For further details about Authorino features in general, check the [docs](../features.md).
 </details>
 
 <br/>

docs/user-guides/external-metadata.md

@@ -3,22 +3,18 @@
 Get online data from remote HTTP services to enhance authorization rules.
 
 <details markdown="1">
-  <summary>
-    <strong>Authorino capabilities featured in this guide:</strong>
-    <ul>
-      <li>External auth metadata → <a href="../features.md#http-getget-by-post-metadatahttp">HTTP GET/GET-by-POST</a></li>
-      <li>Identity verification & authentication → <a href="../features.md#api-key-authenticationapikey">API key</a></li>
-      <li>Authorization → <a href="../features.md#open-policy-agent-opa-rego-policies-authorizationopa">Open Policy Agent (OPA) Rego policies</a></li>
-    </ul>
-  </summary>
+  <summary>Authorino capabilities featured in this guide</summary>
+  - External auth metadata →[HTTP GET/GET-by-POST](../features.md#http-getget-by-post-metadatahttp)
+  - Identity verification & authentication →[API key](../features.md#api-key-authenticationapikey)
+  - Authorization →[Open Policy Agent (OPA) Rego policies](../features.md#open-policy-agent-opa-rego-policies-authorizationopa)
 
-  You can configure Authorino to fetch additional metadata from external sources in request-time, by sending either GET or POST request to an HTTP service. The service is expected to return a JSON content which is appended to the [Authorization JSON](../architecture.md#the-authorization-json), thus becoming available for usage in other configs of the Auth Pipeline, such as in authorization policies or custom responses.
+    You can configure Authorino to fetch additional metadata from external sources in request-time, by sending either GET or POST request to an HTTP service. The service is expected to return a JSON content which is appended to the [Authorization JSON](../architecture.md#the-authorization-json), thus becoming available for usage in other configs of the Auth Pipeline, such as in authorization policies or custom responses.
 
-  URL, parameters and headers of the request to the external source of metadata can be configured, including with dynamic values. Authentication between Authorino and the service can be set as part of these configuration options, or based on shared authentication token stored in a Kubernetes `Secret`.
+    URL, parameters and headers of the request to the external source of metadata can be configured, including with dynamic values. Authentication between Authorino and the service can be set as part of these configuration options, or based on shared authentication token stored in a Kubernetes `Secret`.
 
-  Check out as well the user guides about [Authentication with API keys](api-key-authentication.md) and [Open Policy Agent (OPA) Rego policies](opa-authorization.md).
+    Check out as well the user guides about [Authentication with API keys](api-key-authentication.md) and [Open Policy Agent (OPA) Rego policies](opa-authorization.md).
 
-  For further details about Authorino features in general, check the [docs](../features.md).
+    For further details about Authorino features in general, check the [docs](../features.md).
 </details>
 
 <br/>

docs/user-guides/http-basic-authentication.md

@@ -3,21 +3,17 @@
 Turn Authorino API key `Secret`s settings into HTTP basic auth.
 
 <details markdown="1">
-  <summary>
-    <strong>Authorino capabilities featured in this guide:</strong>
-    <ul>
-      <li>Identity verification & authentication → <a href="../features.md#api-key-authenticationapikey">API key</a></li>
-        <li>Authorization → <a href="../features.md#pattern-matching-authorization-authorizationpatternmatching">Pattern-matching authorization</a></li>
-    </ul>
-  </summary>
+  <summary>Authorino capabilities featured in this guide</summary>
+  - Identity verification & authentication →[API key](../features.md#api-key-authenticationapikey)
+  - Authorization →[Pattern-matching authorization](../features.md#pattern-matching-authorization-authorizationpatternmatching)
 
-  HTTP "Basic" Authentication ([RFC 7235](https://datatracker.ietf.org/doc/html/rfc7235)) is not recommended if you can afford other more secure methods such as OpenID Connect. To support legacy nonetheless it is sometimes necessary to implement it.
+    HTTP "Basic" Authentication ([RFC 7235](https://datatracker.ietf.org/doc/html/rfc7235)) is not recommended if you can afford other more secure methods such as OpenID Connect. To support legacy nonetheless it is sometimes necessary to implement it.
 
-  In Authorino, HTTP "Basic" Authentication can be modeled leveraging the API key authentication feature (stored as Kubernetes `Secret`s with an `api_key` entry and labeled to match selectors specified in `spec.identity.apiKey.selector` of the `AuthConfig`).
+    In Authorino, HTTP "Basic" Authentication can be modeled leveraging the API key authentication feature (stored as Kubernetes `Secret`s with an `api_key` entry and labeled to match selectors specified in `spec.identity.apiKey.selector` of the `AuthConfig`).
 
-  Check out as well the user guide about [Authentication with API keys](api-key-authentication.md).
+    Check out as well the user guide about [Authentication with API keys](api-key-authentication.md).
 
-  For further details about Authorino features in general, check the [docs](../features.md).
+    For further details about Authorino features in general, check the [docs](../features.md).
 </details>
 
 <br/>

docs/user-guides/injecting-data.md

@@ -3,19 +3,15 @@
 Inject HTTP headers with serialized JSON content.
 
 <details markdown="1">
-  <summary>
-    <strong>Authorino capabilities featured in this guide:</strong>
-    <ul>
-      <li>Dynamic response → <a href="../features.md#json-injection-responsesuccessheadersdynamicmetadatajson">JSON injection</a></li>
-      <li>Identity verification & authentication → <a href="../features.md#api-key-authenticationapikey">API key</a></li>
-    </ul>
-  </summary>
+  <summary>Authorino capabilities featured in this guide</summary>
+  - Dynamic response →[JSON injection](../features.md#json-injection-responsesuccessheadersdynamicmetadatajson)
+  - Identity verification & authentication →[API key](../features.md#api-key-authenticationapikey)
 
-  Inject serialized custom JSON objects as HTTP request headers. Values can be static or fetched from the [Authorization JSON](../architecture.md#the-authorization-json).
+    Inject serialized custom JSON objects as HTTP request headers. Values can be static or fetched from the [Authorization JSON](../architecture.md#the-authorization-json).
 
-  Check out as well the user guide about [Authentication with API keys](api-key-authentication.md).
+    Check out as well the user guide about [Authentication with API keys](api-key-authentication.md).
 
-  For further details about Authorino features in general, check the [docs](../features.md).
+    For further details about Authorino features in general, check the [docs](../features.md).
 </details>
 
 <br/>

docs/user-guides/json-pattern-matching-authorization.md

@@ -3,19 +3,15 @@
 Write simple authorization rules based on JSON patterns matched against Authorino's Authorization JSON; check contextual information of the request, validate JWT claims, cross metadata fetched from external sources, etc.
 
 <details markdown="1">
-  <summary>
-    <strong>Authorino capabilities featured in this guide:</strong>
-    <ul>
-      <li>Authorization → <a href="../features.md#pattern-matching-authorization-authorizationpatternmatching">Pattern-matching authorization</a></li>
-      <li>Identity verification & authentication → <a href="../features.md#jwt-verification-authenticationjwt">JWT verification</a></li>
-    </ul>
-  </summary>
+  <summary>Authorino capabilities featured in this guide</summary>
+  - Authorization →[Pattern-matching authorization](../features.md#pattern-matching-authorization-authorizationpatternmatching)
+  - Identity verification & authentication →[JWT verification](../features.md#jwt-verification-authenticationjwt)
 
-  Authorino provides a built-in authorization module to check simple pattern-matching rules against the [Authorization JSON](../architecture.md#the-authorization-json). This is an alternative to [OPA](../features.md#open-policy-agent-opa-rego-policies-authorizationopa) when all you want is to check for some simple rules, without complex logics, such as match the value of a JWT claim.
+    Authorino provides a built-in authorization module to check simple pattern-matching rules against the [Authorization JSON](../architecture.md#the-authorization-json). This is an alternative to [OPA](../features.md#open-policy-agent-opa-rego-policies-authorizationopa) when all you want is to check for some simple rules, without complex logics, such as match the value of a JWT claim.
 
-  Check out as well the user guide about [OpenID Connect Discovery and authentication with JWTs](oidc-jwt-authentication.md).
+    Check out as well the user guide about [OpenID Connect Discovery and authentication with JWTs](oidc-jwt-authentication.md).
 
-  For further details about Authorino features in general, check the [docs](../features.md).
+    For further details about Authorino features in general, check the [docs](../features.md).
 </details>
 
 <br/>