Docs update- Jul 2020 (#3056)

* added existing closing stories behavior

* updated find your embed

* updated sso docs

* updated graphiql section

* clarified A user, not all the users

* clarified manual override on open/close stories

* clarified uniqueness constraints on sso

Co-authored-by: jessie.rushing <jessie.rushing@voxmedia.com>

docs/source/01-03-administration.md

@@ -60,7 +60,7 @@ characters. Commenters will be alerted that they have gone over that number and
 Set a limit on how long commenters have to edit their comments sitewide. Edited comments are marked as (Edited) on the comment stream and the moderation panel.
 
 #### **Closing comment streams**
-Set comment streams to close after a defined period of time after a story’s publication
+Set comment streams to close after a defined period of time after a story’s publication. When this feature is enabled, existing stories older than the defined period that have not been manually opened or closed will also be updated and set as closed. Manually opening or closing a story will permantenly override the auto-close functionality. 
 
 #### **Closed comment stream message**
 A message to appear when a story is closed for commenting.

docs/source/02-01-integrating.md

@@ -3,7 +3,7 @@ title: Integrating on your site
 permalink: /v5/integrating/cms/
 ---
 
-With Coral setup and running locally you can find your **Embed code** under **Configure** > **Advanced** (logged in as an ADMIN). It should look something like this, but with your domain in place of `CORAL_DOMAIN_NAME`. You can test placing the comment stream embed on your page with this sample embed script:
+With Coral setup and running locally you can find your **Embed code** under **Configure** > **Organization** > **Site Details** (when logged in as an ADMIN). It should look something like this, but with your domain in place of `CORAL_DOMAIN_NAME`. You can test placing the comment stream embed on your page with this sample embed script:
 
 ```
 <div id="coral_thread"></div>

docs/source/02-02-sso.md

@@ -11,7 +11,7 @@ learn more about how to create a JWT token, see [this introduction](https://jwt.
 2. Scroll to the `Login with Single Sign On` section
 3. Enable the Single Sign On Authentication Integration
 4. Enable `Allow Registration`
-5. Copy the string in the `Key` box
+5. Copy the string in the `Secret` box
 6. Click Save
 
 > **NOTE:** Replace the value of `{% raw %}{{ CORAL_DOMAIN_NAME }}{% endraw %}` with the location of your running instance of Coral.
@@ -20,31 +20,27 @@ You will then have to generate a JWT with the following claims:
 
 - `jti` _(optional)_ - A unique ID for this particular JWT token. We recommend
   using a [UUID](https://en.wikipedia.org/wiki/Universally_unique_identifier)
-  for this value. Without this parameter, the logout functionality inside the
-  embed stream will not work and you will need to call logout on the embed
-  itself.
+  for this value. This claim controls the logout functionality on the embed stream. To disable the “Sign Out” links in the embed, remove this claim, and disable “Login with email authentication” on the Comment Stream. You can then call `logout()` on the embed, or expire the token when the SSO user should be signed out of Coral. 
 - `exp` _(optional)_ - When the given SSO token should expire. This is
   specified as a unix time stamp in seconds. Once the token has expired, a new
-  token should be generated and passed into Coral. Without this parameter, the
-  logout functionality inside the embed stream will not work and you will need
-  to call logout on the embed itself.
+  token should be generated and passed into Coral. Without this parameter you will need to call `logout()` on the embed itself.
 - `iat` _(optional)_ - When the given SSO token was issued. This is required to
   utilize the automatic user detail update system. If this time is newer than
   the time we received the last update, the contents of the token will be used
-  to update the user.
-- `user.id` **(required)** - the ID of the user from your authentication system.
+  to update the user. Any claims not present on the jwt will be ignored on update, and will not overwrite existing values.
+- `user.id` **(required)** - the unique ID of the user from your authentication system.
   This is required to connect the user in your system to allow a seamless
   connection to Coral.
-- `user.email` **(required)** - the email address of the user from your
+- `user.email` **(required)** - the unique email address of the user from your
   authentication system. This is required to facilitate notification email's
   about status changes on a user account such as bans or suspensions.
 - `user.username` **(required)** - the username that should be used when being
   presented inside Coral to moderators and other users. There are no username validations or restrictions enforced by Coral when you're using SSO.
 - `user.badges` _(optional)_ - array of strings to be displayed as badges beside
   username inside Coral, visible to other users and moderators. For example, to indicate
-  a user's subscription status.
+  a user's subscription status. If you include the claim, but you are not passing a badge value, then use an empty array instead of null. 
 - `user.role` _(optional)_ - one of "COMMENTER", "STAFF", "MODERATOR", "ADMIN". Will create/update
-  Coral user with this role.
+  Coral user with this permission level. When users have both an assigned role greather than COMMENTER and a badge, both will be displayed.  
 - `user.url` _(optional)_ - url for user account management, where a user will
   be able to perform account management tasks such as changing password or
   deleting data. If provided, user will be able to access this URL by clicking
@@ -65,7 +61,7 @@ An example of the claims for this token would be:
 }
 ```
 
-With the claims provided, you can sign them with the `Key` obtained from the
+With the claims provided, you can sign them with the `Secret` obtained from the
 Coral administration panel in the previous steps with a `HS256` algorithm. This
 token can be provided in the above mentioned embed code by adding it to the
 `createStreamEmbed` function:
@@ -129,3 +125,8 @@ var embed = Coral.createStreamEmbed({
   }
 });
 ```
+## Troubleshooting JWT Validation Errors
+
+In addition to the uniqueness constraints on User `id` and `email` values, each `user.id`/`user.email` combination must also be unique inside Coral. This is true for both Single Sign On users created by JWT tokens, as well as users that register/login using Coral’s built in “Login with email authentication”. You can not share authentication strategies for a single user; thus if a user logs in with SSO, they can not also login with email and vice versa. When you attempt to authenticate a JWT token with an email address that already exists in Coral with a different `user.id` than was passed on the token Coral will throw a Duplicate User error. 
+
+Any JWT validation errors thrown can be found in Coral's server logs.  

docs/source/03-01-api.md

@@ -3,9 +3,21 @@ title: GraphQL API Overview
 permalink: /v5/api/overview/
 ---
 
+## GraphQL API
+
 Our API is generally served via GraphQL at `/api/graphql` on your Coral installation. If you're running Coral locally, this would be https://localhost:8080/api/graphql.
 
-You can enable the GraphiQL interface at https://localhost:3000/graphiql (Note the port number here is not 8080, this is because this route is directly served by the server, and not the webpack development server) when running in development to access a GraphQL playground to use with documentation provided in the sidebar on what edges are available to you. You can do this by setting `ENABLE_GRAPHIQL=true`. **(🚨 Note 🚨) we do not recommend using this in production environments as it disables many safety features used by the application**.
+## Enabling & Using `/graphiql`
+
+It is not required to enable the `/graphiql` playground to use Coral’s GraphQL API. The playground simply provides an easy way to explore and interact with Coral’s GraphQL schema. You can enable the GraphiQL interface at https://localhost:3000/graphiql (Note the port number here is not 8080, this is because this route is directly served by the server, and not the webpack development server) when running in development. You can do this by setting `ENABLE_GRAPHIQL=true`. 
+
+**(🚨 Note 🚨) we do not recommend using this in production environments as it disables many safety features used by the application**. 
+
+When submitting requests in the `/graphiql` playground, it is necessary to include an ADMIN level bearer token to authenticate your requests. When signed into Coral as an ADMIN level user, you can grab your current access token from your browser’s local storage. Add the following to the HTTP Headers section of your GraphiQL call.
+```sh
+{“authorization”:”Bearer <token>”}
+```
+
 
 ## Making your first request