Minor adjustments to fix links and build warnings

Author: carbonrobot

README.md

@@ -1,5 +1,5 @@
 <a href="https://formidable.com/open-source/" target="_blank">
-  <img alt="React Native App Auth — Formidable, We build the modern web" src="https://raw.githubusercontent.com/FormidableLabs/react-native-app-auth/main/react-native-app-auth-Hero.png" />
+  <img alt="React Native App Auth — Formidable, We build the modern web" src="https://oss.nearform.com/api/banner?text=react+native+app+auth" />
 </a>
 <p align="center">
 <strong>React native bridge for AppAuth - an SDK for communicating with OAuth2 providers</strong>
@@ -123,7 +123,7 @@ with optional overrides.
   - **registrationEndpoint** - (`string`) fully formed url to your OAuth/OpenID Connect registration endpoint. Only necessary for servers that require client registration.
   - **endSessionEndpoint** - (`string`) fully formed url to your OpenID Connect end session endpoint. If you want to be able to end a user's session and no `issuer` is specified, this field is mandatory.
 - **clientId** - (`string`) _REQUIRED_ your client id on the auth server
-- **clientSecret** - (`string`) client secret to pass to token exchange requests. :warning: Read more about [client secrets](#note-about-client-secrets)
+- **clientSecret** - (`string`) client secret to pass to token exchange requests. :warning: Read more about [client secrets](/docs/client-secrets)
 - **redirectUrl** - (`string`) _REQUIRED_ the url that links back to your app with the auth code
 - **scopes** - (`array<string>`) the scopes for your token, e.g. `['email', 'offline_access']`.
 - **additionalParameters** - (`object`) additional parameters that will be passed in the authorization request.
@@ -547,6 +547,6 @@ Please see our [contributing guide](./.github/CONTRIBUTING.md).
 
 ## Maintenance Status
 
-**Active:** Formidable is actively working on this project, and we expect to continue for work for the foreseeable future. Bug reports, feature requests and pull requests are welcome.
+**Active:** Nearform is actively working on this project, and we expect to continue for work for the foreseeable future. Bug reports, feature requests and pull requests are welcome.
 
 [maintenance-image]: https://img.shields.io/badge/maintenance-active-green.svg

docs/docs/client-secrets.md

@@ -0,0 +1,11 @@
+---
+sidebar_position: 2
+---
+
+# Client Secrets
+
+Some authentication providers, including examples cited below, require you to provide a client secret. The authors of the AppAuth library
+
+> [strongly recommend](https://github.com/openid/AppAuth-Android#utilizing-client-secrets-dangerous) you avoid using static client secrets in your native applications whenever possible. Client secrets derived via a dynamic client registration are safe to use, but static client secrets can be easily extracted from your apps and allow others to impersonate your app and steal user data. If client secrets must be used by the OAuth2 provider you are integrating with, we strongly recommend performing the code exchange step on your backend, where the client secret can be kept hidden.
+
+Having said this, in some cases using client secrets is unavoidable. In these cases, a `clientSecret` parameter can be provided to `authorize`/`refresh` calls when performing a token request.

docs/docs/config-examples/dropbox.md

@@ -5,7 +5,7 @@ Dropbox provides an OAuth 2.0 endpoint for logging in with a Dropbox user's cred
 Please note:
 
 - Dropbox does not provide a OIDC discovery endpoint, so `serviceConfiguration` is used instead.
-- Dropbox OAuth requires a [client secret](#note-about-client-secrets).
+- Dropbox OAuth requires a [client secret](/docs/client-secrets).
 - Dropbox access tokens are short lived and will expire after a short period of time. To update your access token a separate call needs to be made to [/oauth2/token](https://www.dropbox.com/developers/documentation/http/documentation#oauth2-token) to obtain a new access token.
 
 ```js

docs/docs/config-examples/fitbit.md

@@ -5,7 +5,7 @@ Fitbit provides an OAuth 2.0 endpoint for logging in with a Fitbit user's creden
 Please note:
 
 - Fitbit does not provide a OIDC discovery endpoint, so `serviceConfiguration` is used instead.
-- Fitbit OAuth requires a [client secret](#note-about-client-secrets).
+- Fitbit OAuth requires a [client secret](/docs/client-secrets).
 
 ```js
 const config = {

docs/docs/config-examples/uber.md

@@ -5,7 +5,7 @@ Uber provides an OAuth 2.0 endpoint for logging in with a Uber user's credential
 Please note:
 
 - Uber does not provide a OIDC discovery endpoint, so `serviceConfiguration` is used instead.
-- Uber OAuth requires a [client secret](#note-about-client-secrets).
+- Uber OAuth requires a [client secret](/docs/client-secrets).
 
 ```js
 const config = {

docs/docusaurus.config.ts

@@ -6,7 +6,7 @@ const config: Config = {
   tagline: 'React native bridge for AppAuth - an SDK for communicating with OAuth2 providers.',
   favicon: 'img/nearform-icon.svg',
   url: 'https://commerce.nearform.com/',
-  baseUrl: '/open-source/react-native-app-auth/',
+  baseUrl: '/open-source/react-native-app-auth',
   onBrokenLinks: 'throw',
   onBrokenMarkdownLinks: 'warn',
   i18n: {
@@ -20,9 +20,7 @@ const config: Config = {
       {
         docs: {
           sidebarPath: './sidebars.ts',
-          editUrl: 'https://github.com/FormidableLabs/react-native-app-auth/tree/main',
         },
-        blog: false,
         theme: {
           customCss: './src/css/custom.css',
         },
@@ -35,6 +33,7 @@ const config: Config = {
       /** @type {import("@easyops-cn/docusaurus-search-local").PluginOptions} */
       {
         hashed: true,
+        indexBlog: false,
       },
     ],
   ],