diff --git a/aspnetcore/security/authentication/mfa.md b/aspnetcore/security/authentication/mfa.md
index fb9ee0ef81..fb5d559fcc 100644
--- a/aspnetcore/security/authentication/mfa.md
+++ b/aspnetcore/security/authentication/mfa.md
@@ -500,6 +500,12 @@ Alternatively, logging in using OTP with Identity:
 
 ![Logging in using OTP with Identity](~/security/authentication/mfa/_static/require_mfa_oidc_01.png)
 
+### OIDC and OAuth Parameter Customization
+
+The OAuth and OIDC authentication handlers  [`AdditionalAuthorizationParameters`](https://source.dot.net/#Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs,ddb988460467cfbf) option allows customization of authorization message parameters that are usually included as part of the redirect query string:
+
+:::code language="csharp" source="~/security/authentication/mfa/samples9/WebAddOpenIdConnect/Program.cs" id="snippet_1" :::
+
 ## Additional resources
 
 * [Enable QR Code generation for TOTP authenticator apps in ASP.NET Core](xref:security/authentication/identity-enable-qrcodes)
diff --git a/aspnetcore/security/authentication/mfa/samples9/WebAddOpenIdConnect/Program.cs b/aspnetcore/security/authentication/mfa/samples9/WebAddOpenIdConnect/Program.cs
new file mode 100644
index 0000000000..46046d898b
--- /dev/null
+++ b/aspnetcore/security/authentication/mfa/samples9/WebAddOpenIdConnect/Program.cs
@@ -0,0 +1,14 @@
+var builder = WebApplication.CreateBuilder(args);
+
+// <snippet_1>
+builder.Services.AddAuthentication().AddOpenIdConnect(options =>
+{
+    options.AdditionalAuthorizationParameters.Add("prompt", "login");
+    options.AdditionalAuthorizationParameters.Add("audience", "https://api.example.com");
+});
+// </snippet_1>
+var app = builder.Build();
+
+app.MapGet("/", () => "Hello World!");
+
+app.Run();
diff --git a/aspnetcore/security/authentication/mfa/samples9/WebAddOpenIdConnect/WebAddOpenIdConnect.csproj b/aspnetcore/security/authentication/mfa/samples9/WebAddOpenIdConnect/WebAddOpenIdConnect.csproj
new file mode 100644
index 0000000000..923ea26f1a
--- /dev/null
+++ b/aspnetcore/security/authentication/mfa/samples9/WebAddOpenIdConnect/WebAddOpenIdConnect.csproj
@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFramework>net9.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="9.0.0-rc.1.24452.1" />
+  </ItemGroup>
+
+</Project>