docs: update offer authentication flow (#204)

Co-authored-by: jjeroch <94133633+jjeroch@users.noreply.github.com>
Reviewed-By: Evelyn Gurschler <evelyn.gurschler@bmw.de>

docs/09. Others/12. Offer Authentication Flow.md

@@ -6,56 +6,56 @@
 
 <br>
 
-> > Key Concepts
-> >
-> > - Get an understanding of the app/service CX listing, subscription and running the service for an customer process
-> > - Understand the concept of user authentication and client separation
-> > - Review the troubleshooting tips (coming soon)
+>> Key Concepts
+>>
+>> - Get an understanding of the app/service CX listing, subscription and running the servive for an customer process
+>> - Understand the concept of user authentication and client separation
+>> - Review the troubleshooting tips (coming soon)
+>>
 
 <br>
 <br>
 
 ### Process
 
-In the description below the high level process of app/service listing; subscription; activation and configuration with authentication are stated.
+In the description below the highlevel process of app/service listing; subscription; activation and configuration with authentication are stated.
 The process is relevant for App Provider, Service Provider and the App/Service Customer.
 
-The integration to the operator keycloak enables:
 
-- app provider to register the application instance (per customer)
-- app provider separate app customer instances (each instance has a own client)
-- customer to assign app user roles to their company user members and get access to the app client
+The integration to the operator keycloak enables:
+* app provider to register the application instance (per customer)
+* app provider separate app customer instances (each instance has a own client)
+* customer to assign app user roles to their company user members and get access to the app client
 
 <br>
 <br>
 
-## High level Process
+## Highlevel Process
 
 <img width="756" alt="image" src="/docs/static/high-level-app-process.png">
 
+
 <br>
 <br>
 
+
 ## Background Information
 
 ### Client Concept
 
-Identity provider client separation refers to the practice of keeping distinct and isolated client applications within an identity provider (IdP) ecosystem.
+Identity provider client separation refers to the practice of keeping distinct and isolated client applications within an identity provider (IdP) ecosystem. 
 This separation enhances security and manageability in the following ways:
 
 <br>
 
-> > #### Isolation
-> >
-> > of Permissions: Each client application has its own set of permissions. This ensures that an application can only access the specific resources and data it needs, reducing the risk of unauthorized access.
-> >
-> > #### Security
-> >
-> > Boundaries: Client separation establishes clear security boundaries between applications. If one client is compromised, it doesn't automatically jeopardize the security of other clients, as they operate independently.
-> >
-> > #### Auditing
-> >
-> > and Monitoring: Separation makes it easier to monitor and audit the activities of individual clients. Suspicious behavior or security breaches can be detected more easily.
+>> #### Isolation 
+>> of Permissions: Each client application has its own set of permissions. This ensures that an application can only access the specific resources and data it needs, reducing the risk of unauthorized access.
+>>
+>> #### Security
+>> Boundaries: Client separation establishes clear security boundaries between applications. If one client is compromised, it doesn't automatically jeopardize the security of other clients, as they operate independently.
+>>
+>> #### Auditing
+>> and Monitoring: Separation makes it easier to monitor and audit the activities of individual clients. Suspicious behavior or security breaches can be detected more easily.
 
 <br>
 
@@ -73,17 +73,17 @@ Overall, identity provider client separation is a best practice in identity and
 The catena-x marketplace is hosted/operated by an CX operator. As dataspace member (companies which have successfully registered for CX dataspace with one or several operators) app provider or service provider roles can get selected.
 The company role "App Provider" or "Service Provider" enables the participant to use the app/service release process to request app/service listing on the operator marketplace.
 
-To view the app registration process and the single steps - follow the link [App Registration Process](</docs/04.%20App(s)/02.%20App%20Release%20Process/index.md>)
+To view the app registration process and the single steps - follow the link [App Registration Process](/docs/04.%20App(s)/02.%20App%20Release%20Process/index.md)
 The app registration is relevant to list your offer inside the CX marketplace. Clients/Technical user accounts get created with subscription activation. (see details below)
 
 <br>
 
 ### #2 App Subscription and activation
 
-Customers are able to subscribe app/services offered inside the marketplace. [Create a subscription request](</docs/04.%20App(s)/05.%20App%20Subscription/01.%20Subscription%20Request%20(Customer).md>)
+Customers are able to subscribe app/services offered inside the marketplace. [Create a subscription request](/docs/04.%20App(s)/05.%20App%20Subscription/01.%20Subscription%20Request%20(Customer).md)
 The subscription triggers the request on the app/service provider side. The app/service provider gets informed via email and can look up the request inside the portal => app/service subscription management board. As soon as all data are reviewed, the app/service provider will ramp up the app/service in its domain and configure the app/service for the customer.  
-In most of the cases the app/service needs access to a certain core applications provided by the operator. Via the technical user the connection is supposed to get established. If the app/service provider is ready for app/service configuration, the app/service provider can generate the necessary technical user by using the app/service subscription board and select for the specific customer "configuration".  
-The configuration requests a app/service tenant url (depending on the offer type) - the endpoint url is the url with which the customer can access the app. The url is used to create the IdP app client and to configure allowed user roles (as per the defined roles by the app provider). At the end of the process, the technical user (as configured previously in the release process) is getting created and technical user client id as well as the secret is getting shared with the offer provider.
+In most of the cases the app/service needs access to a certain core applications provided by the operator. Via the technical user the connection is supposed to get established. If the app/service provider is ready for app/service configuration, the app/service provider can generate the necessary technical user by using the app/service subscription baord and select for the specific customer "configuration".  
+The configuration requests a app/service tenant url (depending on the offer type) - the endpoint url is the url with which the customer can access the app. The url is used to create the IdP app client and to configure allowed user roles (as per the defined roles by the app provider). At the end of the process, the technical user (as configured previsously in the release process) is getting created and technical user client id as well as the secret is getting shared with the offer provider.
 This technical user is supposed to get used for the app/service configuration.  
 As soon as all steps are finished on the provider side, the provider is supposed to active the subscription inside the "subscription management" board. With that, the technical user as well as the client are set to enabled and the customer is getting informed about the available app/service which can now get accessed.
 
@@ -92,11 +92,11 @@ Special Note: apps have generally additional user roles defined. In this scenari
 <br>
 <br>
 
-### Connected Topics
+### Connected Topics 
 
-- [>> Technical User Profiles]()
-- [>> Technical Implementation Details]()
-- [>> ...]()
+* [>> Technical User Profiles]()  
+* [>> Technical Implementation Details]()  
+* [>> ...]()  
 
 ## NOTICE