Merge pull request #35074 from dotnet/main

Rick-Anderson · web-flow · commit 05cd151bd449 · 2025-03-27T15:36:27.000-10:00
Merge to Live
diff --git a/aspnetcore/blazor/security/blazor-web-app-with-oidc.md b/aspnetcore/blazor/security/blazor-web-app-with-oidc.md
@@ -80,6 +80,16 @@ If using Visual Studio, you can confirm the secret is set by right-clicking the
 
 The following <xref:Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions> configuration is found in the project's `Program` file on the call to <xref:Microsoft.Extensions.DependencyInjection.OpenIdConnectExtensions.AddOpenIdConnect%2A>:
 
+:::moniker range=">= aspnetcore-9.0"
+
+* <xref:Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions.PushedAuthorizationBehavior%2A>: Controls [Pushed Authorization Requests (PAR) support](xref:aspnetcore-9#openidconnecthandler-adds-support-for-pushed-authorization-requests-par). By default, the setting is to use PAR if the identity provider's discovery document (usually found at `.well-known/openid-configuration`) advertises support for PAR. If you wish to require PAR support for the app, you can assign a value of [`PushedAuthorizationBehavior.Require`](xref:Microsoft.AspNetCore.Authentication.OpenIdConnect.PushedAuthorizationBehavior). PAR isn't supported by Microsoft Entra, and there are no plans for Entra to ever support it in the future.
+
+  ```csharp
+  oidcOptions.PushedAuthorizationBehavior = PushedAuthorizationBehavior.UseIfAvailable;
+  ```
+
+:::moniker-end
+
 * <xref:Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions.SignInScheme%2A>: Sets the authentication scheme corresponding to the middleware responsible of persisting user's identity after a successful authentication. The OIDC handler needs to use a sign-in scheme that's capable of persisting user credentials across requests. The following line is present merely for demonstration purposes. If omitted, <xref:Microsoft.AspNetCore.Authentication.AuthenticationOptions.DefaultSignInScheme%2A> is used as a fallback value.
 
   ```csharp
@@ -305,6 +315,16 @@ If using Visual Studio, you can confirm the secret is set by right-clicking the
 
 The following <xref:Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions> configuration is found in the project's `Program` file on the call to <xref:Microsoft.Extensions.DependencyInjection.OpenIdConnectExtensions.AddOpenIdConnect%2A>:
 
+:::moniker range=">= aspnetcore-9.0"
+
+* <xref:Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions.PushedAuthorizationBehavior%2A>: Controls [Pushed Authorization Requests (PAR) support](xref:aspnetcore-9#openidconnecthandler-adds-support-for-pushed-authorization-requests-par). By default, the setting is to use PAR if the identity provider's discovery document (usually found at `.well-known/openid-configuration`) advertises support for PAR. If you wish to require PAR support for the app, you can assign a value of [`PushedAuthorizationBehavior.Require`](xref:Microsoft.AspNetCore.Authentication.OpenIdConnect.PushedAuthorizationBehavior). PAR isn't supported by Microsoft Entra, and there are no plans for Entra to ever support it in the future.
+
+  ```csharp
+  oidcOptions.PushedAuthorizationBehavior = PushedAuthorizationBehavior.UseIfAvailable;
+  ```
+
+:::moniker-end
+
 * <xref:Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions.SignInScheme%2A>: Sets the authentication scheme corresponding to the middleware responsible of persisting user's identity after a successful authentication. The OIDC handler needs to use a sign-in scheme that's capable of persisting user credentials across requests. The following line is present merely for demonstration purposes. If omitted, <xref:Microsoft.AspNetCore.Authentication.AuthenticationOptions.DefaultSignInScheme%2A> is used as a fallback value.
 
   ```csharp
@@ -520,6 +540,16 @@ If using Visual Studio, you can confirm the secret is set by right-clicking the
 
 The following <xref:Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions> configuration is found in the project's `Program` file on the call to <xref:Microsoft.Extensions.DependencyInjection.OpenIdConnectExtensions.AddOpenIdConnect%2A>:
 
+:::moniker range=">= aspnetcore-9.0"
+
+* <xref:Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions.PushedAuthorizationBehavior%2A>: Controls [Pushed Authorization Requests (PAR) support](xref:aspnetcore-9#openidconnecthandler-adds-support-for-pushed-authorization-requests-par). By default, the setting is to use PAR if the identity provider's discovery document (usually found at `.well-known/openid-configuration`) advertises support for PAR. If you wish to require PAR support for the app, you can assign a value of [`PushedAuthorizationBehavior.Require`](xref:Microsoft.AspNetCore.Authentication.OpenIdConnect.PushedAuthorizationBehavior). PAR isn't supported by Microsoft Entra, and there are no plans for Entra to ever support it in the future.
+
+  ```csharp
+  oidcOptions.PushedAuthorizationBehavior = PushedAuthorizationBehavior.UseIfAvailable;
+  ```
+
+:::moniker-end
+
 * <xref:Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions.SignInScheme%2A>: Sets the authentication scheme corresponding to the middleware responsible of persisting user's identity after a successful authentication. The OIDC handler needs to use a sign-in scheme that's capable of persisting user credentials across requests. The following line is present merely for demonstration purposes. If omitted, <xref:Microsoft.AspNetCore.Authentication.AuthenticationOptions.DefaultSignInScheme%2A> is used as a fallback value.
 
   ```csharp
diff --git a/aspnetcore/tutorials/first-web-api.md b/aspnetcore/tutorials/first-web-api.md
@@ -769,9 +769,6 @@ There are many other tools that can be used to test web APIs, for example:
 * [curl](https://terminalcheatsheet.com/guides/curl-rest-api). Swagger uses `curl` and shows the `curl` commands it submits.
 * [Fiddler](https://www.telerik.com/fiddler)
 
-For more information, see:
-
-* [Install and test APIs with `http-repl`](xref:tutorials/first-web-api?view=aspnetcore-6.0&preserve-view=true#ihr6)
 
 <!-- Verify https://go.microsoft.com/fwlink/?linkid=2123754 goes to this H2. Verify the latest released version is on top so this anchor works -->
 <a name="over-post"></a>
diff --git a/aspnetcore/tutorials/first-web-api/includes/first-web-api7.md b/aspnetcore/tutorials/first-web-api/includes/first-web-api7.md
@@ -457,7 +457,6 @@ There are many other tools that can be used to test web APIs, for example:
 For more information, see:
 
 * [Minimal API tutorial: test with .http files and Endpoints Explorer](xref:tutorials/min-web-api)
-* [Install and test APIs with `http-repl`](xref:tutorials/first-web-api?view=aspnetcore-6.0&preserve-view=true#ihr6)
 
 <!-- Verify https://go.microsoft.com/fwlink/?linkid=2123754 goes to this H2. Verify the latest released version is on top so this anchor works -->
 <a name="over-post"></a>
diff --git a/aspnetcore/tutorials/first-web-api/includes/first-web-api8.md b/aspnetcore/tutorials/first-web-api/includes/first-web-api8.md
@@ -413,7 +413,6 @@ There are many other tools that can be used to test web APIs, for example:
 For more information, see:
 
 * [Minimal API tutorial: test with .http files and Endpoints Explorer](xref:tutorials/min-web-api)
-* [Install and test APIs with `http-repl`](xref:tutorials/first-web-api?view=aspnetcore-6.0&preserve-view=true#ihr6)
 
 <!-- Verify https://go.microsoft.com/fwlink/?linkid=2123754 goes to this H2. Verify the latest released version is on top so this anchor works -->
 <a name="over-post"></a>
diff --git a/quest-config.json b/quest-config.json
@@ -37,51 +37,11 @@
             "ParentNodeId": 308205
         },
         {
-            "Label": "okr-freshness",
-            "Semester": "Dilithium",
-            "ParentNodeId": 237266
-        },
-        {
-            "Label": "okr-curation",
-            "Semester": "Dilithium",
-            "ParentNodeId": 237271
-        },
-        {
-            "Label": "user-feedback",
-            "Semester": "Dilithium",
-            "ParentNodeId": 233465
-        },
-        {
-            "Label": "okr-health",
-            "Semester": "Dilithium",
-            "ParentNodeId": 237266
-        },
-        {
-            "Label": "doc-bug",
-            "Semester": "Dilithium",
-            "ParentNodeId": 233465
-        },
-        {
-            "Label": "sfi-ropc",
-            "Semester": "Dilithium",
-            "ParentNodeId": 271716
-        },
-        {
-            "Label": "sfi-admin",
-            "Semester": "Dilithium",
-            "ParentNodeId": 271716
-        },
-        {
-            "Label": "sfi-images",
-            "Semester": "Dilithium",
-            "ParentNodeId": 286370
-        },
-        {
-            "Semester": "Dilithium",
-            "ParentNodeId": 227486
+            "Semester": "Bromine",
+            "ParentNodeId": 403735
         }
     ],
-    "DefaultParentNode": 308205,
+    "DefaultParentNode": 403735,
     "WorkItemTags": [
         {
             "Label": "9.0",
