DuendeSoftware
diff --git a/‎astro.config.mjs
Lines changed: 9 additions & 1 deletion b/‎astro.config.mjs
Lines changed: 9 additions & 1 deletion
diff --git a/‎package-lock.json
Lines changed: 16 additions & 29 deletions b/‎package-lock.json
Lines changed: 16 additions & 29 deletions
diff --git a/‎package.json
Lines changed: 1 addition & 0 deletions b/‎package.json
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/content/docs/accesstokenmanagement/advanced/client-credentials.md
Lines changed: 2 additions & 2 deletions b/‎src/content/docs/accesstokenmanagement/advanced/client-credentials.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/content/docs/accesstokenmanagement/advanced/user-tokens.md
Lines changed: 1 addition & 1 deletion b/‎src/content/docs/accesstokenmanagement/advanced/user-tokens.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/content/docs/accesstokenmanagement/blazor-server.md
Lines changed: 3 additions & 3 deletions b/‎src/content/docs/accesstokenmanagement/blazor-server.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/content/docs/accesstokenmanagement/web-apps.md
Lines changed: 1 addition & 1 deletion b/‎src/content/docs/accesstokenmanagement/web-apps.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/content/docs/accesstokenmanagement/workers.md
Lines changed: 1 addition & 1 deletion b/‎src/content/docs/accesstokenmanagement/workers.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/content/docs/bff/architecture/ui-hosting.md
Lines changed: 1 addition & 1 deletion b/‎src/content/docs/bff/architecture/ui-hosting.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/content/docs/bff/fundamentals/apis/index.md
Lines changed: 1 addition & 0 deletions b/‎src/content/docs/bff/fundamentals/apis/index.md
Lines changed: 1 addition & 0 deletions
@@ -11,6 +11,7 @@ import starlightLlmsTxt from "starlight-llms-txt";
 import rehypeAstroRelativeMarkdownLinks from "astro-rehype-relative-markdown-links";
 import opengraphImages from "astro-opengraph-images";
 import { duendeOpenGraphImage } from "./src/components/duende-og-image.js";
+import rehypeExternalLinks from "rehype-external-links";
 import * as fs from "node:fs";
 
 // https://astro.build/config
@@ -75,7 +76,7 @@ export default defineConfig({
             defer: true,
             async: true,
           },
-        }
+        },
       ],
       logo: {
         light: "./src/assets/duende-logo.svg",
@@ -191,6 +192,13 @@ export default defineConfig({
           },
         },
       ],
+      [
+        rehypeExternalLinks,
+        {
+          target: "_blank",
+          rel: ["noopener", "noreferrer"],
+        },
+      ],
     ],
   },
 });
@@ -35,6 +35,7 @@
     "jsdom": "^26.0.0",
     "patch-package": "^8.0.0",
     "react": "^19.0.0",
+    "rehype-external-links": "^3.0.0",
     "satori": "^0.12.1",
     "sharp": "^0.34.1",
     "starlight-auto-sidebar": "^0.1.1",
 
@@ -12,7 +12,7 @@ The most common way to use the access token management for machine to machine co
 
 ## Client options
 
-You can add token client definitions to your host while configuring the DI container, e.g.:
+You can add token client definitions to your host while configuring the ASP.NET Core service provider, e.g.:
 
 ```cs
 services.AddClientCredentialsTokenManagement()
@@ -53,7 +53,7 @@ services.Configure<ClientCredentialsClient>("invoices", client =>
 });
 ```
 
-Or use the `IConfigureNamedOptions` if you need access to the DI container during registration, e.g.:
+Or use the `IConfigureNamedOptions` if you need access to the ASP.NET Core service provider during registration, e.g.:
 
 ```cs
 public class ClientCredentialsClientConfigureOptions : IConfigureNamedOptions<ClientCredentialsClient>
 
@@ -12,7 +12,7 @@ The most common way to use the access token management for interactive web appli
 
 ## General options
 
-You can pass in some global options when registering token management in DI.
+You can pass in some global options when registering token management in the ASP.NET Core service provider.
 
 * `ChallengeScheme` - by default the OIDC configuration is inferred from the default challenge scheme. This is recommended approach. If for some reason your OIDC handler is not the default challenge scheme, you can set the scheme name on the options
 * `UseChallengeSchemeScopedTokens` - the general assumption is that you only have one OIDC handler configured. If that is not the case, token management needs to maintain multiple sets of token artefacts simultaneously. You can opt in to that feature using this setting.
 
@@ -21,9 +21,9 @@ Fortunately, Duende.AccessTokenManagement provides a straightforward solution to
 
 Since the tokens cannot be managed in the authentication session, you need to store them somewhere else. The options include an in-memory data structure, a distributed cache like redis, or a database. Duende.AccessTokenManagement describes this store for tokens with the *IUserTokenStore* interface. In non-blazor scenarios, the default implementation that stores the tokens in the session is used. In your Blazor server application, you'll need to decide where you want to store the tokens and implement the store interface.
 
-The store interface is very simple. `StoreTokenAsync` adds a token to the store for a particular user, `GetTokenAsync` retrieves the user's token, and *ClearTokenAsync* clears the tokens stored for a particular user. A sample implementation that stores the tokens in memory can be found in the *ServerSideTokenStore* in the [*BlazorServer* sample](https://github.com/DuendeSoftware/foss/tree/main/access-token-management/samples/BlazorServer).
+The store interface is straightforward. `StoreTokenAsync` adds a token to the store for a particular user, `GetTokenAsync` retrieves the user's token, and *ClearTokenAsync* clears the tokens stored for a particular user. A sample implementation that stores the tokens in memory can be found in the *ServerSideTokenStore* in the [*BlazorServer* sample](https://github.com/DuendeSoftware/foss/tree/main/access-token-management/samples/BlazorServer).
 
-Register your token store in the DI container and tell Duende.AccessTokenManagement to integrate with Blazor by calling `AddBlazorServerAccessTokenManagement<TTokenStore>`:
+Register your token store in the ASP.NET Core service provider and tell Duende.AccessTokenManagement to integrate with Blazor by calling `AddBlazorServerAccessTokenManagement<TTokenStore>`:
 
 ```cs
 builder.Services.AddOpenIdConnectAccessTokenManagement()
@@ -64,7 +64,7 @@ Once registered and initialized, Duende.AccessTokenManagement will keep the stor
 
 ## Retrieving And Using Tokens
 
-If you've registered your token store with `AddBlazorServerAccessTokenManagement`, Duende.AccessTokenManagement will register the services necessary to attach tokens to outgoing HTTP requests automatically, using the same API as a non-blazor application. You inject an HTTP client factory and resolve named HTTP clients where ever you need to make HTTP requests, and you register the HTTP client's that use access tokens in the DI system with our extension method:
+If you've registered your token store with `AddBlazorServerAccessTokenManagement`, Duende.AccessTokenManagement will register the services necessary to attach tokens to outgoing HTTP requests automatically, using the same API as a non-blazor application. You inject an HTTP client factory and resolve named HTTP clients where ever you need to make HTTP requests, and you register the HTTP client's that use access tokens in the ASP.NET Core service provider with our extension method:
 
 ```cs
 builder.Services.AddUserAccessTokenHttpClient("demoApiClient", configureClient: client =>
 
@@ -176,7 +176,7 @@ public async Task<IActionResult> CallApi()
 
 ### HTTP Client Factory
 
-Last but not least, if you registered clients with the factory, you can simply use them. They will try to make sure that a current access token is always sent along. If that is not possible, ultimately a 401 will be returned to the calling code.
+Last but not least, if you registered clients with the factory, you can use them. They will try to make sure that a current access token is always sent along. If that is not possible, ultimately a 401 will be returned to the calling code.
 
 ```cs
 public async Task<IActionResult> CallApi()
 
@@ -19,7 +19,7 @@ Have a look for the `Worker` project in the [samples folder](https://github.com/
 
 Start by adding a reference to the `Duende.AccessTokenManagement` NuGet package to your application.
 
-You can add the necessary services to the DI system by calling `AddClientCredentialsTokenManagement()`. After that you can add one or more named client definitions by calling `AddClient`.
+You can add the necessary services to the ASP.NET Core service provider by calling `AddClientCredentialsTokenManagement()`. After that you can add one or more named client definitions by calling `AddClient`.
 
 ```cs
 // default cache
 
@@ -47,7 +47,7 @@ development time. Visual Studio includes SPA templates that start up a SPA and p
 Samples of Duende.BFF that take this approach using [React](/bff/samples#reactjs-frontend)
 and [Angular](/bff/samples#angular-frontend) are available.
 
-Microsoft's templates are easy-to-use at dev time from Visual Studio. They allow you to simply run the solution, and the
+Microsoft's templates are easy-to-use at dev time from Visual Studio. They allow you to run the solution, and the
 template proxies requests to the front end for you. At deploy time, that proxy is removed and the static assets of the
 site are served by the static file middleware.
 
 
@@ -5,6 +5,7 @@ sidebar:
   label: Overview
   order: 1
 redirect_from:
+  - /bff/apis/
   - /bff/v2/apis/
   - /bff/v3/fundamentals/apis/
   - /identityserver/v5/bff/apis/