improve docs

2024-08-15 10:54:19 +02:00 · 2024-08-15 10:54:19 +02:00 · b721d8644b
parent 57706d8ed0
commit b721d8644b
1 changed files with 5 additions and 4 deletions
--- a/aspnetcore/security/authentication/claims.md
+++ b/aspnetcore/security/authentication/claims.md
@ -39,10 +39,11 @@ Another way to get the user claims is to use the OpenID Connect User Info API. T
 :::moniker range="> aspnetcore-8.0"
 > [!NOTE]
-> The default Open ID Connect handler uses Pushed Authorization Requests (PAR) when the secure token server supports this. If you cannot use a PAR client configuration, PAR can be disabled by using the **PushedAuthorizationBehavior** option. 
+> The default Open ID Connect handler uses Pushed Authorization Requests (PAR) if the identity provider's discovery document advertises support for PAR. The identity provider's discovery document is usually found at .well-known/openid-configuration. If you cannot update the client configuration on the identity provider, PAR can be disabled by using the **PushedAuthorizationBehavior** option. 
-> See:
+
->
+:::code language="csharp" source="~/release-notes/aspnetcore-9/samples/PAR/Program.cs" id="snippet_1" highlight="8-99":::
-> [Pushed Authorization Requests (PAR)](xref:release-notes/aspnetcore-9/includes/par)
+
 To ensure that authentication only succeeds if PAR is used, use [PushedAuthorizationBehavior.Require](https://source.dot.net/#Microsoft.AspNetCore.Authentication.OpenIdConnect/PushedAuthorizationBehavior.cs,3af73de8f33b70c5) instead. This change also introduces a new [OnPushAuthorization](https://source.dot.net/#Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs,6a21c8f3a90753c1) event to [OpenIdConnectEvents](/dotnet/api/microsoft.aspnetcore.authentication.openidconnect.openidconnectevents) which can be used customize the pushed authorization request or handle it manually. See the [API proposal](https://github.com/dotnet/aspnetcore/issues/51686) for more details.
 :::moniker-end