From 903e12d2c06068571decda0febc1a9859ef21825 Mon Sep 17 00:00:00 2001
From: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
Date: Tue, 17 Sep 2024 15:48:21 -1000
Subject: [PATCH] add OIDC and OAuth Parameter Customization (#33625)

* add OIDC and OAuth Parameter Customization

* add OIDC and OAuth Parameter Customization
---
 aspnetcore/security/authentication/mfa.md          |  6 ++++++
 .../mfa/samples9/WebAddOpenIdConnect/Program.cs    | 14 ++++++++++++++
 .../WebAddOpenIdConnect/WebAddOpenIdConnect.csproj | 13 +++++++++++++
 3 files changed, 33 insertions(+)
 create mode 100644 aspnetcore/security/authentication/mfa/samples9/WebAddOpenIdConnect/Program.cs
 create mode 100644 aspnetcore/security/authentication/mfa/samples9/WebAddOpenIdConnect/WebAddOpenIdConnect.csproj

diff --git a/aspnetcore/security/authentication/mfa.md b/aspnetcore/security/authentication/mfa.md
index fb9ee0ef81d1..fb5d559fcc16 100644
--- a/aspnetcore/security/authentication/mfa.md
+++ b/aspnetcore/security/authentication/mfa.md
@@ -500,6 +500,12 @@ Alternatively, logging in using OTP with Identity:
 
 ![Logging in using OTP with Identity](~/security/authentication/mfa/_static/require_mfa_oidc_01.png)
 
+### OIDC and OAuth Parameter Customization
+
+The OAuth and OIDC authentication handlers  [`AdditionalAuthorizationParameters`](https://source.dot.net/#Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs,ddb988460467cfbf) option allows customization of authorization message parameters that are usually included as part of the redirect query string:
+
+:::code language="csharp" source="~/security/authentication/mfa/samples9/WebAddOpenIdConnect/Program.cs" id="snippet_1" :::
+
 ## Additional resources
 
 * [Enable QR Code generation for TOTP authenticator apps in ASP.NET Core](xref:security/authentication/identity-enable-qrcodes)
diff --git a/aspnetcore/security/authentication/mfa/samples9/WebAddOpenIdConnect/Program.cs b/aspnetcore/security/authentication/mfa/samples9/WebAddOpenIdConnect/Program.cs
new file mode 100644
index 000000000000..46046d898b75
--- /dev/null
+++ b/aspnetcore/security/authentication/mfa/samples9/WebAddOpenIdConnect/Program.cs
@@ -0,0 +1,14 @@
+var builder = WebApplication.CreateBuilder(args);
+
+// <snippet_1>
+builder.Services.AddAuthentication().AddOpenIdConnect(options =>
+{
+    options.AdditionalAuthorizationParameters.Add("prompt", "login");
+    options.AdditionalAuthorizationParameters.Add("audience", "https://api.example.com");
+});
+// </snippet_1>
+var app = builder.Build();
+
+app.MapGet("/", () => "Hello World!");
+
+app.Run();
diff --git a/aspnetcore/security/authentication/mfa/samples9/WebAddOpenIdConnect/WebAddOpenIdConnect.csproj b/aspnetcore/security/authentication/mfa/samples9/WebAddOpenIdConnect/WebAddOpenIdConnect.csproj
new file mode 100644
index 000000000000..923ea26f1abf
--- /dev/null
+++ b/aspnetcore/security/authentication/mfa/samples9/WebAddOpenIdConnect/WebAddOpenIdConnect.csproj
@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFramework>net9.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="9.0.0-rc.1.24452.1" />
+  </ItemGroup>
+
+</Project>