add OIDC and OAuth Parameter Customization (#33625)

* add OIDC and OAuth Parameter Customization

* add OIDC and OAuth Parameter Customization

aspnetcore/security/authentication/mfa.md

@@ -500,6 +500,12 @@ Alternatively, logging in using OTP with Identity:
 
 ![Logging in using OTP with Identity](~/security/authentication/mfa/_static/require_mfa_oidc_01.png)
 
+### OIDC and OAuth Parameter Customization
+
+The OAuth and OIDC authentication handlers  [`AdditionalAuthorizationParameters`](https://source.dot.net/#Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs,ddb988460467cfbf) option allows customization of authorization message parameters that are usually included as part of the redirect query string:
+
+:::code language="csharp" source="~/security/authentication/mfa/samples9/WebAddOpenIdConnect/Program.cs" id="snippet_1" :::
+
 ## Additional resources
 
 * [Enable QR Code generation for TOTP authenticator apps in ASP.NET Core](xref:security/authentication/identity-enable-qrcodes)

aspnetcore/security/authentication/mfa/samples9/WebAddOpenIdConnect/Program.cs

@@ -0,0 +1,14 @@
+var builder = WebApplication.CreateBuilder(args);
+
+// <snippet_1>
+builder.Services.AddAuthentication().AddOpenIdConnect(options =>
+{
+    options.AdditionalAuthorizationParameters.Add("prompt", "login");
+    options.AdditionalAuthorizationParameters.Add("audience", "https://api.example.com");
+});
+// </snippet_1>
+var app = builder.Build();
+
+app.MapGet("/", () => "Hello World!");
+
+app.Run();

aspnetcore/security/authentication/mfa/samples9/WebAddOpenIdConnect/WebAddOpenIdConnect.csproj

@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFramework>net9.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="9.0.0-rc.1.24452.1" />
+  </ItemGroup>
+
+</Project>