typo

Author: damienbod

aspnetcore/security/authentication/configure-jwt-bearer-authentication.md

@@ -46,7 +46,7 @@ See [The OAuth 2.0 Authorization Framework](https://datatracker.ietf.org/doc/htm
 
 #### Application access tokens and delegeted Access tokens
 
-When requesting or creating an access token, an application or an application acting on behalf of a user can request and access token. The tokens are **application access tokens** or **delegated access tokens**. The tokens have different claims and are handled and persisted in different ways. An application is normally persisted once in the application until it expires where the delegated access token is persisted per user, either in a cookie or in a cache on a secure server.
+When requesting or creating an access token, an application or an application acting on behalf of a user can request an access token. The tokens are **application access tokens** or **delegated access tokens**. The tokens have different claims and are handled and persisted in different ways. An application is normally persisted once in the application until it expires where the delegated access token is persisted per user, either in a cookie or in a cache on a secure server.
 
 It is recommended to user-delegated user access tokens whenever a user is involved. Downstream APIs can request a delegated user access token on behalf of the authenticated user.