From 7cb85ed2dd7fba7fa4d38793754cae8fdc1a048a Mon Sep 17 00:00:00 2001
From: himeshsiriwardana <himesh.siriwardana@gmail.com>
Date: Tue, 23 Jul 2024 15:37:04 +0530
Subject: [PATCH 1/8] Added docs for FIDO trusted apps

---
 .../add-passwordless-login-with-passkey.md    |  2 +-
 .../add-passwordless-login-with-passkey.md    |  2 +-
 .../add-passwordless-login-with-passkey.md    | 77 +++++++++++++++++++
 .../references/app-native-authentication.md   |  6 +-
 4 files changed, 84 insertions(+), 3 deletions(-)

diff --git a/en/asgardeo/docs/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md b/en/asgardeo/docs/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
index e15d51455e..61d37a6440 100644
--- a/en/asgardeo/docs/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
+++ b/en/asgardeo/docs/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
@@ -1,3 +1,3 @@
-{% set product_name = "Asgardeo" %}
+{% set base_url = "https://asgardeo.io" %}
 
 {% include "../../../../../includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md" %}
\ No newline at end of file
diff --git a/en/identity-server/7.0.0/docs/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md b/en/identity-server/7.0.0/docs/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
index 417b626ef5..c24a5c744b 100644
--- a/en/identity-server/7.0.0/docs/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
+++ b/en/identity-server/7.0.0/docs/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
@@ -1,3 +1,3 @@
-{% set product_name = "WSO2 Identity Server" %}
+{% set base_url = "https://localhost:9443" %}
 
 {% include "../../../../../../includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md" %}
\ No newline at end of file
diff --git a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
index 88f58c9b1d..b5824e83ab 100644
--- a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
+++ b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
@@ -151,3 +151,80 @@ Follow the steps below to use an enrolled passkey to sign in to an application.
 
 !!! note
     During passkey progressive enrollment, if a user wishes to use a federated authenticator, they should have their external accounts already provisioned within {{product_name}}. If, for example, a user logs in with Google using an account not provisioned in {{product_name}}, passkey enrolment results in an error and the login flow fails.
+
+
+## Make application a FIDO trusted app
+
+If you are working with a mobile application that implements passkeys, making it a FIDO trusted app allows {{product_name}} to validate the authenticity of the application by calling the validation services of the respective platform (Android or iOS). This validation ensures that the authentication requests originate from a legitimate application, safeguarding against malicious attempts to steal credentials.
+
+!!! note 
+
+    If you wish to implement passkeys with [app-native authentication]({{base_path}}/guides/authentication/app-native-authentication/), it is mandatory to make your mobile application a FIDO trusted app. 
+
+To make the application a FIDO trusted app,
+
+1. On the {{product_name}} Console, go to **Applications** and select your application.
+
+2. In its **Advanced** tab, under **Trusted App Settings**, select **Add as a FIDO trusted app**.
+
+3. Under **Platform Settings**, enter the following platform-specific details.
+    
+    - For an Android app:
+
+        - Provide the package name of the application which takes the reverse domain format (e.g. com.example.myapp)
+
+        - Provide key hashes, which are SHA256 fingerprints of the app's signing certificate.
+    
+    - For an iOS app:
+
+        - Provide the app ID of your application which consists of the team ID and the bundle ID separated by a period (.). (e.g. A1B2C3D4E5.com.domainname.applicationname)
+    
+    !!! note
+
+        {% if product_name == "Asgardeo" %}
+        Validation services of Android and iOS require the application data under **Platform Settings** to be available in the following public endpoints common to all Asgardeo organizations. 
+
+        - For Android - `{{base_url}}/.well-known/assetlinks.json`
+
+        - For iOS - `{{base_url}}/.well-known/apple-app-site-association`
+
+        Alternatively, you may publish to a custom endpoint by setting up [custom domains]({{base_path}}/guides/branding/configure-custom-domains/). Make sure the data are in the format expected by the validation services of [Android](https://developer.android.com/training/app-links/verify-android-applinks#web-assoc){target="_blank"} and [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"} and are publicly hosted in the following locations.
+
+        - For Android - `{custom_domain}/.well-known/assetlinks.json`
+
+        - For iOS - `{custom_domain}/.well-known/apple-app-site-association`
+
+        {% else %}
+        Validation services of Android and iOS require the application data under **Platform Settings** to be available in the following publicly accessible endpoints of your organization domain. 
+
+        - For Android - `{organization_domain}/.well-known/assetlinks.json`
+
+        - For iOS - `{organization_domain}/.well-known/apple-app-site-association`
+
+        {{product_name}} hosts these data in the following endpoints.
+
+        - For Android - `{{base_url}}/.well-known/trusted-apps/android`
+
+        - For iOS - `{{base_url}}/.well-known/trusted-apps/ios`
+
+        Therefore, ensure public requests to `/assetlinks.json` and `/apple-app-site-association` on your domain are mapped to the corresponding local endpoints of {{product_name}}.
+
+        {% endif %}
+
+        Learn more about the validation services of [Android](https://passkeys-auth.com/docs/implementation/flutter/android/){target="_blank"} and [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"}
+
+    !!! warning "Third-Party Data Exposure"
+
+        While not a security concern, it is still important to note that other organizations are able to access the data under **Platform Settings** by accessing the corresponding public endpoint.
+
+        {% if product_name == "WSO2 Identity Server" %}
+        Due to this behavior, you may configure {{product_name}} to display a consent screen for administrators who are attempting to make an application a FIDO trusted app. To do so, enter the following configuration to the `deployment.toml` file found in the `<IS_HOME>/repository/conf/` directory.
+
+        ```bash
+        [application_mgt]
+        trusted_app_consent_required=true
+        ```
+        Once configured, a confirmation popup will appear when enabling the feature and this consent will be recorded and published as an audit log.
+        {% endif %}
+
+4. Click **Update** to save the changes.
diff --git a/en/includes/references/app-native-authentication.md b/en/includes/references/app-native-authentication.md
index db9d3575df..96c4e99289 100644
--- a/en/includes/references/app-native-authentication.md
+++ b/en/includes/references/app-native-authentication.md
@@ -471,7 +471,11 @@ The application goes through the following steps to complete app-native authenti
 
 ### Scenario 3: User selects passkey login out of multiple options
 
-If a login step has multiple login options, the application goes through the following steps to complete app-native authentication.
+If a login step has multiple login options, the application goes through the following steps to complete passkey login with app-native authentication.
+
+!!! note "Prerequisite"
+
+    If you wish to integrate passkeys with app-native authentication for a mobile application, it is mandatory to make it a [FIDO trusted app]({{base_path}}/guides/authentication/passwordless-login/add-passwordless-login-with-passkey/#make-application-a-fido-trusted-app).
 
 - **Step 1**: Initiate the request with the `/authorize` endpoint.
 

From 25d0c9432aa14cd0bb9fae2efb64fbc90baed6ea Mon Sep 17 00:00:00 2001
From: himeshsiriwardana <himesh.siriwardana@gmail.com>
Date: Thu, 25 Jul 2024 15:31:50 +0530
Subject: [PATCH 2/8] Fixes based on feedback

---
 .../add-passwordless-login-with-passkey.md    | 89 ++++++++++++-------
 .../references/app-native-authentication.md   |  3 +-
 2 files changed, 58 insertions(+), 34 deletions(-)

diff --git a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
index b5824e83ab..6263096845 100644
--- a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
+++ b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
@@ -155,13 +155,35 @@ Follow the steps below to use an enrolled passkey to sign in to an application.
 
 ## Make application a FIDO trusted app
 
-If you are working with a mobile application that implements passkeys, making it a FIDO trusted app allows {{product_name}} to validate the authenticity of the application by calling the validation services of the respective platform (Android or iOS). This validation ensures that the authentication requests originate from a legitimate application, safeguarding against malicious attempts to steal credentials.
+If you are working with a mobile application that implements passkeys, making it a FIDO trusted app allows the hosting platform (iOS or Android) to validate the authenticity of the application by calling the corresponding validation service. This ensures that the authentication requests originate from a legitimate application, safeguarding against malicious attempts to steal credentials.
 
 !!! note 
 
-    If you wish to implement passkeys with [app-native authentication]({{base_path}}/guides/authentication/app-native-authentication/), it is mandatory to make your mobile application a FIDO trusted app. 
+    If you wish to implement passkeys with [app-native authentication]({{base_path}}/guides/authentication/app-native-authentication/), it is mandatory to validate your application against the relevant platform.
 
-To make the application a FIDO trusted app,
+{% if product_name == "WSO2 Identity Server" %}
+
+It is required by the validation services of [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"} and [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="blank"} to have details about the application exposed in a public URL. By following this guide, you are publishing details about your app to one of the following endpoints of {{product_name}} based on the platform.
+
+- For Android - `{{base_url}}/.well-known/assetlinks.json`
+
+- For iOS - `{{base_url}}/.well-known/apple-app-site-association`
+
+Therefore, ensure public requests to `/assetlinks.json` and `/apple-app-site-association` on your domain are mapped to the corresponding local endpoints of {{product_name}}.
+
+!!! note "Third-party data exposure"
+
+    While not a security concern, it is still important to note that details about your applications are publicly accessible through the endpoints.
+
+    Due to this behavior, you may configure {{product_name}} to display a consent screen for administrators who are attempting to make an application a FIDO trusted app. To do so, add the following configuration to the `deployment.toml` file found in the `<IS_HOME>/repository/conf/` directory.
+    
+    ```bash
+    [application_mgt]
+    trusted_app_consent_required=true
+    ```
+    Once configured, a confirmation popup will appear when enabling the feature and this consent will be recorded and published as an audit log.
+
+To publish app details to the relevant endpoint,
 
 1. On the {{product_name}} Console, go to **Applications** and select your application.
 
@@ -178,53 +200,54 @@ To make the application a FIDO trusted app,
     - For an iOS app:
 
         - Provide the app ID of your application which consists of the team ID and the bundle ID separated by a period (.). (e.g. A1B2C3D4E5.com.domainname.applicationname)
-    
-    !!! note
 
-        {% if product_name == "Asgardeo" %}
-        Validation services of Android and iOS require the application data under **Platform Settings** to be available in the following public endpoints common to all Asgardeo organizations. 
+4. Click **Update** to save the changes.
+
+
+{% elif product_name == "Asgardeo" %}
+To learn how to implement this, follow the relevant guide based on whether you use Asgardeo domains or custom domains in your organization 
 
-        - For Android - `{{base_url}}/.well-known/assetlinks.json`
+### For Asgardeo domains
 
-        - For iOS - `{{base_url}}/.well-known/apple-app-site-association`
+It is required by the validation services of [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"} and [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="_blank"} to have details about the application exposed in a public URL. As an Asgardeo domain user, this guide explains how you may publish details about your app to one of the following endpoints of Asgardeo based on the platform.
 
-        Alternatively, you may publish to a custom endpoint by setting up [custom domains]({{base_path}}/guides/branding/configure-custom-domains/). Make sure the data are in the format expected by the validation services of [Android](https://developer.android.com/training/app-links/verify-android-applinks#web-assoc){target="_blank"} and [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"} and are publicly hosted in the following locations.
+- For Android - `{{base_url}}/.well-known/assetlinks.json`
 
-        - For Android - `{custom_domain}/.well-known/assetlinks.json`
+- For iOS - `{{base_url}}/.well-known/apple-app-site-association`
 
-        - For iOS - `{custom_domain}/.well-known/apple-app-site-association`
+!!! note
+    
+    The URLs to which Asgardeo publishes app details are common to all organizations. This means your app details will reside together with the app details of other organizations. While this is not a security concern, it is important to note that other organization users may learn details about your applications through these URLs.
 
-        {% else %}
-        Validation services of Android and iOS require the application data under **Platform Settings** to be available in the following publicly accessible endpoints of your organization domain. 
+    If this is not desirable for your use case, you may use [custom domains]({{base_path}}/guides/branding/configure-custom-domains/) for your organization and publish app details to [custom endpoints](#for-custom-domains).
 
-        - For Android - `{organization_domain}/.well-known/assetlinks.json`
+To publish app details to the relevant Asgardeo endpoint,
 
-        - For iOS - `{organization_domain}/.well-known/apple-app-site-association`
+1. On the {{product_name}} Console, go to **Applications** and select your application.
 
-        {{product_name}} hosts these data in the following endpoints.
+2. In its **Advanced** tab, under **Trusted App Settings**, select **Add as a FIDO trusted app**.
 
-        - For Android - `{{base_url}}/.well-known/trusted-apps/android`
+3. Under **Platform Settings**, enter the following platform-specific details.
+    
+    - For an Android app:
 
-        - For iOS - `{{base_url}}/.well-known/trusted-apps/ios`
+        - Provide the package name of the application which takes the reverse domain format (e.g. com.example.myapp)
 
-        Therefore, ensure public requests to `/assetlinks.json` and `/apple-app-site-association` on your domain are mapped to the corresponding local endpoints of {{product_name}}.
+        - Provide key hashes, which are SHA256 fingerprints of the app's signing certificate.
+    
+    - For an iOS app:
 
-        {% endif %}
+        - Provide the app ID of your application which consists of the team ID and the bundle ID separated by a period (.). (e.g. A1B2C3D4E5.com.domainname.applicationname)
 
-        Learn more about the validation services of [Android](https://passkeys-auth.com/docs/implementation/flutter/android/){target="_blank"} and [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"}
+4. Click **Update** to save the changes.
 
-    !!! warning "Third-Party Data Exposure"
+### For custom domains
 
-        While not a security concern, it is still important to note that other organizations are able to access the data under **Platform Settings** by accessing the corresponding public endpoint.
+It is required by the validation services of [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"} and [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="_blank"} to have details about the application exposed in a public URL. As a custom domain user, you are required to facilitate this by publishing details about your mobile applications to the following endpoints.
 
-        {% if product_name == "WSO2 Identity Server" %}
-        Due to this behavior, you may configure {{product_name}} to display a consent screen for administrators who are attempting to make an application a FIDO trusted app. To do so, enter the following configuration to the `deployment.toml` file found in the `<IS_HOME>/repository/conf/` directory.
+- For Android - `{custom_domain}/.well-known/assetlinks.json`
 
-        ```bash
-        [application_mgt]
-        trusted_app_consent_required=true
-        ```
-        Once configured, a confirmation popup will appear when enabling the feature and this consent will be recorded and published as an audit log.
-        {% endif %}
+- For iOS - `{custom_domain}/.well-known/apple-app-site-association`
 
-4. Click **Update** to save the changes.
+Make sure the data are in the format expected by the validation services of [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="_blank"} and [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"}. 
+{% endif %}
\ No newline at end of file
diff --git a/en/includes/references/app-native-authentication.md b/en/includes/references/app-native-authentication.md
index 96c4e99289..5e89346cc8 100644
--- a/en/includes/references/app-native-authentication.md
+++ b/en/includes/references/app-native-authentication.md
@@ -475,7 +475,8 @@ If a login step has multiple login options, the application goes through the fol
 
 !!! note "Prerequisite"
 
-    If you wish to integrate passkeys with app-native authentication for a mobile application, it is mandatory to make it a [FIDO trusted app]({{base_path}}/guides/authentication/passwordless-login/add-passwordless-login-with-passkey/#make-application-a-fido-trusted-app).
+    If you wish to implement app-native authentication with passkeys on a mobile application, you must facilitate the relevant platform (iOS or Android) to validate your mobile application. Refer to the [Passkeys documentation]({{base_path}}/guides/authentication/passwordless-login/add-passwordless-login-with-passkey/#make-application-a-fido-trusted-app) for instructions.
+
 
 - **Step 1**: Initiate the request with the `/authorize` endpoint.
 

From 2d43b8078b8fc2e3e8cfd1bd1a7e6e5f4b89130a Mon Sep 17 00:00:00 2001
From: himeshsiriwardana <himesh.siriwardana@gmail.com>
Date: Mon, 29 Jul 2024 16:15:49 +0530
Subject: [PATCH 3/8] Added fixes on feedback

---
 .../add-passwordless-login-with-passkey.md                  | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
index 6263096845..ffc1843af0 100644
--- a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
+++ b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
@@ -169,7 +169,11 @@ It is required by the validation services of [iOS](https://developer.apple.com/d
 
 - For iOS - `{{base_url}}/.well-known/apple-app-site-association`
 
+<<<<<<< HEAD
 Therefore, ensure public requests to `/assetlinks.json` and `/apple-app-site-association` on your domain are mapped to the corresponding local endpoints of {{product_name}}.
+=======
+As the validation services look for these endpoints in your domain, make sure `/assetlinks.json` and `/apple-app-site-association` paths of your domain are mapped to the relevant local endpoints of {{product_name}}.
+>>>>>>> cd639a452 (minor fixes)
 
 !!! note "Third-party data exposure"
 
@@ -249,5 +253,5 @@ It is required by the validation services of [iOS](https://developer.apple.com/d
 
 - For iOS - `{custom_domain}/.well-known/apple-app-site-association`
 
-Make sure the data are in the format expected by the validation services of [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="_blank"} and [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"}. 
+Make sure the data is in the format expected by the validation services of [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="_blank"} and [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"}. 
 {% endif %}
\ No newline at end of file

From c75d4779e9b46556c35fab28fe55753663d0d22d Mon Sep 17 00:00:00 2001
From: himeshsiriwardana <himesh.siriwardana@gmail.com>
Date: Tue, 30 Jul 2024 09:13:37 +0530
Subject: [PATCH 4/8] fixed a conflict

---
 .../passwordless-login/add-passwordless-login-with-passkey.md | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
index ffc1843af0..4195aacfe0 100644
--- a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
+++ b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
@@ -169,11 +169,7 @@ It is required by the validation services of [iOS](https://developer.apple.com/d
 
 - For iOS - `{{base_url}}/.well-known/apple-app-site-association`
 
-<<<<<<< HEAD
 Therefore, ensure public requests to `/assetlinks.json` and `/apple-app-site-association` on your domain are mapped to the corresponding local endpoints of {{product_name}}.
-=======
-As the validation services look for these endpoints in your domain, make sure `/assetlinks.json` and `/apple-app-site-association` paths of your domain are mapped to the relevant local endpoints of {{product_name}}.
->>>>>>> cd639a452 (minor fixes)
 
 !!! note "Third-party data exposure"
 

From ce8313f876d64abfc1a9b173b2a189e4bf9fc705 Mon Sep 17 00:00:00 2001
From: himeshsiriwardana <himesh.siriwardana@gmail.com>
Date: Tue, 30 Jul 2024 09:17:01 +0530
Subject: [PATCH 5/8] minor fixes

---
 .../add-passwordless-login-with-passkey.md             | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
index 4195aacfe0..2f671bcbc1 100644
--- a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
+++ b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
@@ -155,7 +155,7 @@ Follow the steps below to use an enrolled passkey to sign in to an application.
 
 ## Make application a FIDO trusted app
 
-If you are working with a mobile application that implements passkeys, making it a FIDO trusted app allows the hosting platform (iOS or Android) to validate the authenticity of the application by calling the corresponding validation service. This ensures that the authentication requests originate from a legitimate application, safeguarding against malicious attempts to steal credentials.
+If you wish to integrate passkeys for a mobile application using [app-native authentication]({{base_path}}/guides/authentication/app-native-authentication/), it is required to make the application a FIDO trusted app. By doing so, you allow the hosting platform (iOS or Android) to validate the authenticity of the application. This ensures that the authentication requests originate from a legitimate application, safeguarding against malicious attempts to steal credentials.
 
 !!! note 
 
@@ -163,13 +163,13 @@ If you are working with a mobile application that implements passkeys, making it
 
 {% if product_name == "WSO2 Identity Server" %}
 
-It is required by the validation services of [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"} and [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="blank"} to have details about the application exposed in a public URL. By following this guide, you are publishing details about your app to one of the following endpoints of {{product_name}} based on the platform.
+By following this guide, you enable {{product_name}} to host details about your applications in the following endpoints as required by the validation services of [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="blank"} and [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"}.
 
 - For Android - `{{base_url}}/.well-known/assetlinks.json`
 
 - For iOS - `{{base_url}}/.well-known/apple-app-site-association`
 
-Therefore, ensure public requests to `/assetlinks.json` and `/apple-app-site-association` on your domain are mapped to the corresponding local endpoints of {{product_name}}.
+Make sure `/assetlinks.json` and `/apple-app-site-association` endpoints of your domain, are mapped to the corresponding local endpoints of {{product_name}}.
 
 !!! note "Third-party data exposure"
 
@@ -183,7 +183,7 @@ Therefore, ensure public requests to `/assetlinks.json` and `/apple-app-site-ass
     ```
     Once configured, a confirmation popup will appear when enabling the feature and this consent will be recorded and published as an audit log.
 
-To publish app details to the relevant endpoint,
+To publish app details to the endpoints,
 
 1. On the {{product_name}} Console, go to **Applications** and select your application.
 
@@ -217,7 +217,7 @@ It is required by the validation services of [iOS](https://developer.apple.com/d
 
 !!! note
     
-    The URLs to which Asgardeo publishes app details are common to all organizations. This means your app details will reside together with the app details of other organizations. While this is not a security concern, it is important to note that other organization users may learn details about your applications through these URLs.
+    Asgardeo publishes app details to URLs which are common to all organizations. This means your app details will reside together with the app details of other organizations. While this is not a security concern, it is important to note that other organization users may learn details about your applications through these URLs.
 
     If this is not desirable for your use case, you may use [custom domains]({{base_path}}/guides/branding/configure-custom-domains/) for your organization and publish app details to [custom endpoints](#for-custom-domains).
 

From a8abe2a7b5ecbd3ba144c78635272c1dda6a5952 Mon Sep 17 00:00:00 2001
From: himeshsiriwardana <himesh.siriwardana@gmail.com>
Date: Tue, 30 Jul 2024 09:32:47 +0530
Subject: [PATCH 6/8] Reworded some sections

---
 .../add-passwordless-login-with-passkey.md             | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
index 2f671bcbc1..0dd62a7320 100644
--- a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
+++ b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
@@ -157,10 +157,6 @@ Follow the steps below to use an enrolled passkey to sign in to an application.
 
 If you wish to integrate passkeys for a mobile application using [app-native authentication]({{base_path}}/guides/authentication/app-native-authentication/), it is required to make the application a FIDO trusted app. By doing so, you allow the hosting platform (iOS or Android) to validate the authenticity of the application. This ensures that the authentication requests originate from a legitimate application, safeguarding against malicious attempts to steal credentials.
 
-!!! note 
-
-    If you wish to implement passkeys with [app-native authentication]({{base_path}}/guides/authentication/app-native-authentication/), it is mandatory to validate your application against the relevant platform.
-
 {% if product_name == "WSO2 Identity Server" %}
 
 By following this guide, you enable {{product_name}} to host details about your applications in the following endpoints as required by the validation services of [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="blank"} and [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"}.
@@ -169,7 +165,7 @@ By following this guide, you enable {{product_name}} to host details about your
 
 - For iOS - `{{base_url}}/.well-known/apple-app-site-association`
 
-Make sure `/assetlinks.json` and `/apple-app-site-association` endpoints of your domain, are mapped to the corresponding local endpoints of {{product_name}}.
+As the validation services look for app details in `/assetlinks.json` and `/apple-app-site-association` paths of your domain, make sure these paths are mapped to the corresponding local endpoints of {{product_name}}.
 
 !!! note "Third-party data exposure"
 
@@ -221,7 +217,7 @@ It is required by the validation services of [iOS](https://developer.apple.com/d
 
     If this is not desirable for your use case, you may use [custom domains]({{base_path}}/guides/branding/configure-custom-domains/) for your organization and publish app details to [custom endpoints](#for-custom-domains).
 
-To publish app details to the relevant Asgardeo endpoint,
+To publish app details to an Asgardeo endpoint,
 
 1. On the {{product_name}} Console, go to **Applications** and select your application.
 
@@ -243,7 +239,7 @@ To publish app details to the relevant Asgardeo endpoint,
 
 ### For custom domains
 
-It is required by the validation services of [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"} and [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="_blank"} to have details about the application exposed in a public URL. As a custom domain user, you are required to facilitate this by publishing details about your mobile applications to the following endpoints.
+It is required by the validation services of [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"} and [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="_blank"} to have details about the application exposed in a public URL. As a custom domain user, you are required to facilitate this by hosting details about your mobile applications to the following endpoints.
 
 - For Android - `{custom_domain}/.well-known/assetlinks.json`
 

From 69e80cc40d8bbf3b5feb72475bffc97aa5bd59f7 Mon Sep 17 00:00:00 2001
From: himeshsiriwardana <himesh.siriwardana@gmail.com>
Date: Tue, 30 Jul 2024 15:46:01 +0530
Subject: [PATCH 7/8] reworded the paragraph

---
 .../add-passwordless-login-with-passkey.md    | 21 ++++++++++++-------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
index 0dd62a7320..bbb0aefd06 100644
--- a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
+++ b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
@@ -155,19 +155,24 @@ Follow the steps below to use an enrolled passkey to sign in to an application.
 
 ## Make application a FIDO trusted app
 
-If you wish to integrate passkeys for a mobile application using [app-native authentication]({{base_path}}/guides/authentication/app-native-authentication/), it is required to make the application a FIDO trusted app. By doing so, you allow the hosting platform (iOS or Android) to validate the authenticity of the application. This ensures that the authentication requests originate from a legitimate application, safeguarding against malicious attempts to steal credentials.
+If you wish to integrate passkeys into a mobile application using [app-native authentication]({{base_path}}/guides/authentication/app-native-authentication/), you must validate your application through the validation services provided by the respective platform (iOS or Android). This validation involves associating your application with the identity provider's domain. This association verifies that the authentication requests originate from a legitimate application, protecting against malicious attempts to steal credentials.
 
 {% if product_name == "WSO2 Identity Server" %}
 
-By following this guide, you enable {{product_name}} to host details about your applications in the following endpoints as required by the validation services of [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="blank"} and [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"}.
+By following this guide, you enable {{product_name}} to host details about your applications in the following endpoints:
 
-- For Android - `{{base_url}}/.well-known/assetlinks.json`
+- For Android - `{{base_url}}/.well-known/trusted-apps/android`
 
-- For iOS - `{{base_url}}/.well-known/apple-app-site-association`
+- For iOS - `{{base_url}}/.well-known/trusted-apps/ios`
+
+The validation services of [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"} and [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="blank"} require application details to be available at the following URLs on your domain,
 
-As the validation services look for app details in `/assetlinks.json` and `/apple-app-site-association` paths of your domain, make sure these paths are mapped to the corresponding local endpoints of {{product_name}}.
+- For Android - `{your_domain}/.well-known/assetlinks.json`
+- For iOS - `{your_domain}/.well-known/apple-app-site-association`
 
-!!! note "Third-party data exposure"
+Therefore, make sure these paths of your domain are mapped to the corresponding local endpoints of {{product_name}}.
+
+!!! note
 
     While not a security concern, it is still important to note that details about your applications are publicly accessible through the endpoints.
 
@@ -239,11 +244,11 @@ To publish app details to an Asgardeo endpoint,
 
 ### For custom domains
 
-It is required by the validation services of [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"} and [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="_blank"} to have details about the application exposed in a public URL. As a custom domain user, you are required to facilitate this by hosting details about your mobile applications to the following endpoints.
+It is required by the validation services of [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"} and [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="_blank"} to have details about the application exposed in a public URL. As a custom domain user, you are required to facilitate this by hosting details about your mobile applications in the following endpoints.
 
 - For Android - `{custom_domain}/.well-known/assetlinks.json`
 
 - For iOS - `{custom_domain}/.well-known/apple-app-site-association`
 
-Make sure the data is in the format expected by the validation services of [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="_blank"} and [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"}. 
+Make sure the data is in the format expected by the validation services of [iOS](https://developer.apple.com/documentation/xcode/supporting-associated-domains){target="_blank"} and [Android](https://developer.android.com/identity/sign-in/credential-manager#add-support-dal){target="_blank"}. 
 {% endif %}
\ No newline at end of file

From 2ee4c2842df2206c352a2554715acdeb6d189d8a Mon Sep 17 00:00:00 2001
From: Himesh Siriwardana <himesh.siriwardana@gmail.com>
Date: Tue, 30 Jul 2024 16:19:22 +0530
Subject: [PATCH 8/8] Update
 en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md

Co-authored-by: Imalsha Gunasekara <imalsha.sg@gmail.com>
---
 .../passwordless-login/add-passwordless-login-with-passkey.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
index bbb0aefd06..b0d652ebf3 100644
--- a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
+++ b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
@@ -216,7 +216,7 @@ It is required by the validation services of [iOS](https://developer.apple.com/d
 
 - For iOS - `{{base_url}}/.well-known/apple-app-site-association`
 
-!!! note
+!!! warning "Third-party data exposure"
     
     Asgardeo publishes app details to URLs which are common to all organizations. This means your app details will reside together with the app details of other organizations. While this is not a security concern, it is important to note that other organization users may learn details about your applications through these URLs.