Social auth overview updates (#35732)

Author: guardrex

aspnetcore/security/authentication/social/facebook-logins.md

@@ -134,9 +134,7 @@ We recommend the `AccessDeniedPath` page contains the following information:
 <!-- End of React  -->
 [!INCLUDE[Forward request information when behind a proxy or load balancer section](includes/forwarded-headers-middleware.md)]
 
-[!INCLUDE[](includes/chain-auth-providers.md)]
-
- For more information on configuration options supported by Facebook authentication, see the <xref:Microsoft.AspNetCore.Builder.FacebookOptions> API reference. Configuration options can be used to:
+For more information on configuration options supported by Facebook authentication, see the <xref:Microsoft.AspNetCore.Builder.FacebookOptions> API reference. Configuration options can be used to:
 
 * Request different information about the user.
 * Add query string arguments to customize the login experience.
@@ -153,3 +151,7 @@ We recommend the `AccessDeniedPath` page contains the following information:
 * Once you publish your web site to Azure web app, you should reset the `AppSecret` in the Facebook developer portal.
 
 * Set the `Authentication:Facebook:AppId` and `Authentication:Facebook:AppSecret` as application settings in the Azure portal. The configuration system is set up to read keys from environment variables.
+
+## Additional resources
+
+[Multiple authentication providers](xref:security/authentication/social/index#multiple-authentication-providers)

aspnetcore/security/authentication/social/google-logins.md

@@ -117,3 +117,7 @@ The user is now logged in using Google credentials.
 * This article demonstrates authentication with Google. For information on authenticating with other external providers, see <xref:security/authentication/social/index>.
 * After the app is deployed to Azure, reset the `ClientSecret` in the Google API console.
 * Set the `Authentication:Google:ClientId` and `Authentication:Google:ClientSecret` as app settings in the Azure portal. The configuration system is set up to read keys from the environment variables.
+
+## Additional resources
+
+[Multiple authentication providers](xref:security/authentication/social/index#multiple-authentication-providers)

aspnetcore/security/authentication/social/includes/chain-auth-providers.md

@@ -4,21 +4,18 @@ author: rick-anderson
 description: Create an ASP.NET Core app using Identity with external authentication providers such as Facebook, Twitter, Google, and Microsoft.
 ms.author: riande
 ms.custom: mvc
-ms.date: 03/07/2022
+ms.date: 07/09/2025
 uid: security/authentication/social/index
 ---
 # External provider authentication in ASP.NET Core Identity
 
 By [Valeriy Novytskyy](https://github.com/01binary) and [Rick Anderson](https://twitter.com/RickAndMSFT)
 
-This tutorial demonstrates how to build an ASP.NET Core app that enables users to sign in using OAuth 2.0 with credentials from external authentication providers.
+This article explains how to build an ASP.NET Core app that enables users to sign in using OAuth 2.0 with credentials from external authentication providers.
 
 [Facebook](xref:security/authentication/facebook-logins), [Twitter](xref:security/authentication/twitter-logins), [Google](xref:security/authentication/google-logins), and [Microsoft](xref:security/authentication/microsoft-logins) providers are covered in the following sections and use the starter project created in this article. Other providers are available in third-party packages such as [OpenIddict](https://documentation.openiddict.com/integrations/web-providers), [AspNet.Security.OAuth.Providers](https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers) and [AspNet.Security.OpenId.Providers](https://github.com/aspnet-contrib/AspNet.Security.OpenId.Providers).
 
-Enabling users to sign in with their existing credentials:
-
-* Is convenient for the users.
-* Shifts many of the complexities of managing the sign-in process onto a third party.
+Enabling users to sign in with their existing credentials is convenient for the users and shifts many of the complexities of managing the sign-in process onto a third party.
 
 ## Create a New ASP.NET Core Project
 
@@ -27,11 +24,11 @@ Enabling users to sign in with their existing credentials:
 * Select the **ASP.NET Core Web App** template. Select **OK**.
 * In the **Authentication type** input,  select  **Individual Accounts**.
 
-# [Visual Studio Code](#tab/visual-studio-code)
+# [Visual Studio Code / .NET CLI](#tab/visual-studio-code+net-cli)
 
-* Open the terminal.  For Visual Studio Code you can open the [integrated terminal](https://code.visualstudio.com/docs/editor/integrated-terminal).
+* Open a command shell. For Visual Studio Code, you can use the [integrated terminal](https://code.visualstudio.com/docs/editor/integrated-terminal).
 
-* Change directories (`cd`) to a folder which will contain the project.
+* Change directories (`cd`) to a folder for the sample app.
 
 * For Windows, run the following command:
 
@@ -45,10 +42,12 @@ Enabling users to sign in with their existing credentials:
   dotnet new webapp -o WebApp1 -au Individual
   ```
 
-  * The `dotnet new` command creates a new Razor Pages project in the *WebApp1* folder.
+  * The `dotnet new` command uses the `-o|--output` option to create a new Razor Pages project in the `WebApp1` folder.
   * `-au Individual` creates the code for Individual authentication.
   * `-uld` uses LocalDB, a lightweight version of SQL Server Express for Windows. Omit `-uld` to use SQLite.
 
+  For more information, see [`dotnet new <TEMPLATE>`](/dotnet/core/tools/dotnet-new).
+
 ---
 
 ## Apply migrations
@@ -59,45 +58,69 @@ Enabling users to sign in with their existing credentials:
 
 [!INCLUDE[Forward request information when behind a proxy or load balancer section](includes/forwarded-headers-middleware.md)]
 
-## Use SecretManager to store tokens assigned by login providers
+## Use Secret Manager to store tokens assigned by login providers
 
-Social login providers assign **Application Id** and **Application Secret** tokens during the registration process. The exact token names vary by provider. These tokens represent the credentials your app uses to access their API. The tokens constitute the "user secrets" that can be linked to your app configuration with the help of [Secret Manager](xref:security/app-secrets#secret-manager). User secrets are a more secure alternative to storing the tokens in a configuration file, such as `appsettings.json`.
+Social login providers assign **Application Id** and **Application Secret** tokens during the registration process. The exact token names vary by provider. These tokens represent the credentials that the app uses to access the provider's API. The tokens constitute *user secrets* that can be linked to your app configuration with the help of [Secret Manager](xref:security/app-secrets#secret-manager). User secrets are a more secure alternative to storing the tokens in a configuration file, such as `appsettings.json`.
 
 > [!IMPORTANT]
-> Secret Manager is for development purposes only. You can store and protect Azure test and production secrets with the [Azure Key Vault configuration provider](xref:security/key-vault-configuration).
+> Secret Manager is only for local development and testing. Protect staging and production secrets with the [Azure Key Vault configuration provider](xref:security/key-vault-configuration), which can also be used for local development and testing if you prefer not to use the Secret Manager locally.
 
-Follow the steps in [Safe storage of app secrets in development in ASP.NET Core](xref:security/app-secrets) topic to store tokens assigned by each login provider below.
+For guidance on storing the tokens assigned by each login provider, see <xref:security/app-secrets>.
 
-## Setup login providers required by your application
+## Configure login providers
 
-Use the following topics to configure your application to use the respective providers:
+Use the following articles to configure login providers and the app:
 
 * [Facebook](xref:security/authentication/facebook-logins) instructions
 * [Twitter](xref:security/authentication/twitter-logins) instructions
 * [Google](xref:security/authentication/google-logins) instructions
 * [Microsoft](xref:security/authentication/microsoft-logins) instructions
 * [Other provider](xref:security/authentication/otherlogins) instructions
 
-[!INCLUDE[](includes/chain-auth-providers6.md)]
+## Multiple authentication providers
+
+When the app requires multiple providers, chain the provider extension methods on <xref:Microsoft.Extensions.DependencyInjection.AuthenticationServiceCollectionExtensions.AddAuthentication%2A>:
+
+```csharp
+builder.Services.AddAuthentication()
+    .AddGoogle(options =>
+    {
+        // Google configuration options
+    })
+    .AddFacebook(options =>
+    {
+        // Facebook configuration options
+    })
+    .AddMicrosoftAccount(options =>
+    {
+        // Microsoft Account configuration options
+    })
+    .AddTwitter(options =>
+    {
+        // Twitter configuration options
+    });
+```
+
+For detailed configuration guidance on each provider, see their respective articles.
 
-## Optionally set password
+## Optionally set a password
 
-When you register with an external login provider, you don't have a password registered with the app. This alleviates you from creating and remembering a password for the site, but it also makes you dependent on the external login provider. If the external login provider is unavailable, you won't be able to sign in to the web site.
+When you register with an external login provider, you don't have a password registered with the app. This alleviates you from creating and remembering a password for the site, but it also makes you completely dependent on the external login provider for site access. If the external login provider is unavailable, you won't be able to sign in to the app.
 
-To create a password and sign in using your email that you set during the sign in process with external providers:
+To create a password and sign in using your email that you set during the sign-in process with external providers:
 
-* Select the **Hello &lt;email alias&gt;** link at the top-right corner to navigate to the **Manage** view.
+* Select the **Hello &lt;email alias&gt;** link at the top-right corner to navigate to the **Manage** view:
 
 ![Web application Manage view](index/_static/pass1a.png)
 
-* Select **Create**
+* Select **Create**:
 
 ![Set your password page](index/_static/pass2a.png)
 
-* Set a valid password and you can use this to sign in with your email.
+* Set a valid password, and you can use this credential to sign in with your email address.
 
 ## Additional information
 
 * [Sign in with Apple Example Integration](https://github.com/martincostello/SignInWithAppleSample)
-* See [this GitHub issue](https://github.com/dotnet/AspNetCore.Docs/issues/10563) for information on how to customize the login buttons.
-* Persist additional data about the user and their access and refresh tokens. For more information, see <xref:security/authentication/social/additional-claims>.
+* [How to customize the login buttons (`dotnet/AspNetCore.Docs` #10563)](https://github.com/dotnet/AspNetCore.Docs/issues/10563)
+* [Persist additional data about the user and their access and refresh tokens](xref:security/authentication/social/additional-claims)

aspnetcore/security/authentication/social/includes/chain-auth-providers6.md

@@ -57,7 +57,7 @@ For more information about configuration options supported by Microsoft Account
 
 You're now logged in using your Microsoft credentials.
 
-[!INCLUDE[](includes/chain-auth-providers.md)]
+To use multiple authentication providers, see <xref:security/authentication/social/index#multiple-authentication-providers>.
 
 [!INCLUDE[Forward request information when behind a proxy or load balancer section](includes/forwarded-headers-middleware.md)]
 
@@ -124,8 +124,6 @@ Tap **Yes** and you'll be redirected back to the web site where you can set your
 
 You're now logged in using your Microsoft credentials.
 
-[!INCLUDE[](includes/chain-auth-providers.md)]
-
 [!INCLUDE[Forward request information when behind a proxy or load balancer section](includes/forwarded-headers-middleware.md)]
 
 ## Troubleshooting
@@ -143,3 +141,7 @@ You're now logged in using your Microsoft credentials.
 * Set the `Authentication:Microsoft:ClientId` and `Authentication:Microsoft:ClientSecret` as application settings in Microsoft Entra admin center. The configuration system is set up to read keys from environment variables.
 
 :::moniker-end
+
+## Additional resources
+
+[Multiple authentication providers](xref:security/authentication/social/index#multiple-authentication-providers)

aspnetcore/security/authentication/social/index.md

@@ -44,6 +44,6 @@ The following list includes common external OAuth authentication providers that
 
 * [VK](https://vk.com/apps?act=manage) ([Instructions](https://vk.com/pages?oid=-17680044&p=Authorizing_Sites))
 
-[!INCLUDE[Multiple authentication providers](includes/chain-auth-providers.md)]
+To use multiple authentication providers, see <xref:security/authentication/social/index#multiple-authentication-providers>.
 
 [!INCLUDE[Forward request information when behind a proxy or load balancer section](includes/forwarded-headers-middleware.md)]

aspnetcore/security/authentication/social/index/Program.cs

@@ -72,11 +72,8 @@ Add the Authentication service to the `Startup.ConfigureServices`:
 
 :::moniker-end
 
-
 [!INCLUDE [default settings configuration](includes/default-settings.md)]
 
-[!INCLUDE[](includes/chain-auth-providers.md)]
-
 For more information on configuration options supported by Twitter authentication, see the <xref:Microsoft.AspNetCore.Builder.TwitterOptions> API reference. This can be used to request different information about the user.
 
 ## Sign in with Twitter
@@ -109,3 +106,7 @@ Rather in the twitter setup, you can provide an External sign-in homepage. The e
 * Once you publish your web site to Azure web app, you should reset the `ConsumerSecret` in the Twitter developer portal.
 
 * Set the `Authentication:Twitter:ConsumerKey` and `Authentication:Twitter:ConsumerSecret` as application settings in the Azure portal. The configuration system is set up to read keys from environment variables.
+
+## Additional resources
+
+[Multiple authentication providers](xref:security/authentication/social/index#multiple-authentication-providers)