BFF - Standardize usage of inline code formatting for options, methods, and configuration references

Author: maartenba

astro/src/content/docs/bff/extensibility/management/index.mdx

@@ -86,7 +86,7 @@ builder.Services.AddTransient<IDiagnosticsService, DefaultDiagnosticsService>();
 }`}/>
 
       You can customize the behavior of the endpoints either by implementing the appropriate interface or by extending the default implementation of that interface.
-      In many cases, extending the default implementation is preferred, as this allows you to keep most of the default behavior by calling the base *ProcessRequestAsync* from your derived class.
+      In many cases, extending the default implementation is preferred, as this allows you to keep most of the default behavior by calling the base `ProcessRequestAsync` from your derived class.
 
       Several of the default endpoint service implementations also define virtual methods that can be overridden to customize their behavior with more granularity.
   </TabItem>

astro/src/content/docs/bff/extensibility/tokens.md

@@ -21,7 +21,7 @@ The token management library does essentially two things:
 Both aspects can be customized.
 
 ### Token service communication
-The token management library uses a named HTTP client from the HTTP client factory for all token service communication. You can provide a customized HTTP client yourself using the well-known name after calling *AddBff*:
+The token management library uses a named HTTP client from the HTTP client factory for all token service communication. You can provide a customized HTTP client yourself using the well-known name after calling `AddBff`:
 
 ```csharp
 builder.Services.AddHttpClient(
@@ -42,8 +42,8 @@ If you do not use server-side sessions, then the access and refresh token will b
 
 This would involve two steps
 
-* turn off the *SaveTokens* flag on the OpenID Connect handler and handle the relevant events manually to store the tokens in your custom store
-* implement and register the *Duende.AccessTokenManagement.IUserTokenStore* interface
+* turn off the `SaveTokens` flag on the OpenID Connect handler and handle the relevant events manually to store the tokens in your custom store
+* implement and register the `Duende.AccessTokenManagement.IUserTokenStore` interface
 
 The interface is responsible to storing, retrieving and clearing tokens for the automatic token management:
 
@@ -88,7 +88,7 @@ public interface IUserTokenStore
 ```
 
 ### Per-route Customized Token Retrieval
-The token store defines how tokens are retrieved globally. However, you can add custom logic that changes the way that access tokens are retrieved on a per-route basis. For example, you might need to exchange a token to perform delegation or impersonation for some API calls, depending on the remote API. The interface that describes this extension point is the *IAccessTokenRetriever*.
+The token store defines how tokens are retrieved globally. However, you can add custom logic that changes the way that access tokens are retrieved on a per-route basis. For example, you might need to exchange a token to perform delegation or impersonation for some API calls, depending on the remote API. The interface that describes this extension point is the `IAccessTokenRetriever`.
 
 
 ```csharp
@@ -108,15 +108,15 @@ public interface IAccessTokenRetriever
 }
 ```
 
-You can implement this interface yourself or extend the *DefaultAccessTokenRetriever*. 
+You can implement this interface yourself or extend the `DefaultAccessTokenRetriever`. 
 
 :::note
-In Duende BFF v4, *DefaultAccessTokenRetriever* was made `internal`. If you need to customize token retrieval in v4, implement the *IAccessTokenRetriever* interface directly.
+In Duende BFF v4, `DefaultAccessTokenRetriever` was made `internal`. If you need to customize token retrieval in v4, implement the `IAccessTokenRetriever` interface directly.
 :::
 
-The *AccessTokenResult* class represents the result of this operation. It is an abstract class with concrete implementations that represent successfully retrieving a bearer token (*BearerTokenResult*), successfully retrieving a DPoP token (*DPoPTokenResult*), failing to find an optional token (*NoAccessTokenResult*), which is not an error, and failure to retrieve a token (*AccessTokenRetrievalError*). Your implementation of GetAccessTokenAsync should return one of those types.
+The `AccessTokenResult` class represents the result of this operation. It is an abstract class with concrete implementations that represent successfully retrieving a bearer token (`BearerTokenResult`), successfully retrieving a DPoP token (`DPoPTokenResult`), failing to find an optional token (`NoAccessTokenResult`), which is not an error, and failure to retrieve a token (`AccessTokenRetrievalError`). Your implementation of GetAccessTokenAsync should return one of those types.
 
-Implementations of the *IAccessTokenRetriever* can be added to endpoints when they are mapped using the *WithAccessTokenRetriever* extension method:
+Implementations of the `IAccessTokenRetriever` can be added to endpoints when they are mapped using the `WithAccessTokenRetriever` extension method:
 
 ```csharp
 app.MapRemoteBffApiEndpoint(
@@ -126,4 +126,4 @@ app.MapRemoteBffApiEndpoint(
      .WithAccessTokenRetriever<ImpersonationAccessTokenRetriever>();
 ```
 
-The *GetAccessTokenAsync* method will be invoked on every call to APIs that use the access token retriever. If retrieving the token is an expensive operation, you may need to cache it. It is up to your retriever code to perform caching.
+The `GetAccessTokenAsync` method will be invoked on every call to APIs that use the access token retriever. If retrieving the token is an expensive operation, you may need to cache it. It is up to your retriever code to perform caching.

astro/src/content/docs/bff/fundamentals/apis/remote.mdx

@@ -84,7 +84,7 @@ Remote APIs typically require access control and must be protected against threa
 
 To provide access control, you can specify authorization policies on the mapped routes and configure them with access token requirements.
 
-To defend against CSRF attacks, you should use SameSite cookies to authenticate calls from the frontend to the BFF. As an additional layer of defense, APIs mapped with *MapRemoteBffApiEndpoint* are automatically protected with an anti-forgery header. 
+To defend against CSRF attacks, you should use SameSite cookies to authenticate calls from the frontend to the BFF. As an additional layer of defense, APIs mapped with `MapRemoteBffApiEndpoint` are automatically protected with an anti-forgery header. 
 
 #### SameSite cookies
 

astro/src/content/docs/bff/fundamentals/apis/yarp.md

@@ -125,13 +125,13 @@ configuration:
 ```
 
 Similarly to the [simple HTTP forwarder](/bff/fundamentals/apis/remote.mdx#access-token-requirements), the allowed values
-for the token type are *None*, *User*, *Client*, *UserOrClient*, and *UserOrNone*.
+for the token type are `None`, `User`, `Client`, `UserOrClient`, and `UserOrNone`.
 
-Routes that set the *Duende.Bff.Yarp.TokenType* metadata **require** the given type of access token. If it is
-unavailable (for example, if the *User* token type is specified but the request to the BFF is anonymous), then the
+Routes that set the `Duende.Bff.Yarp.TokenType` metadata **require** the given type of access token. If it is
+unavailable (for example, if the `User` token type is specified but the request to the BFF is anonymous), then the
 proxied request will not be sent, and the BFF will return an HTTP 401: Unauthorized response.
 
-If you are using the code config method, call the *WithAccessToken* extension method to achieve the same thing:
+If you are using the code config method, call the `WithAccessToken` extension method to achieve the same thing:
 
 ```csharp
 yarpBuilder.LoadFromMemory(
@@ -152,16 +152,16 @@ yarpBuilder.LoadFromMemory(
 );
 ```
 
-Again, the *WithAccessToken* method causes the route to require the given type of access token. If it is unavailable,
+Again, the `WithAccessToken` method causes the route to require the given type of access token. If it is unavailable,
 the proxied request will not be made and the BFF will return an HTTP 401: Unauthorized response.
 
 ## Optional User Access Tokens
 
-You can attach user access tokens optionally using the *UserOrNone* token type. This causes the user's access token to
+You can attach user access tokens optionally using the `UserOrNone` token type. This causes the user's access token to
 be sent with the proxied request when the user is logged in, but makes the request anonymously when the user is not
 logged in.
 
-In configuration, set the *Duende.Bff.Yarp.TokenType* metadata to *UserOrNone*:
+In configuration, set the `Duende.Bff.Yarp.TokenType` metadata to `UserOrNone`:
 
 ```json
 {
@@ -181,7 +181,7 @@ In configuration, set the *Duende.Bff.Yarp.TokenType* metadata to *UserOrNone*:
 }
 ```
 
-If you are using the code config method, call the *WithAccessToken* extension method with *RequiredTokenType.UserOrNone*:
+If you are using the code config method, call the `WithAccessToken` extension method with `RequiredTokenType.UserOrNone`:
 
 ```csharp
 yarpBuilder.LoadFromMemory(
@@ -217,7 +217,7 @@ The value of the header is not important, but its presence, combined with the co
 preflight request for cross-origin calls. This effectively isolates the caller to the same origin as the backend,
 providing a robust security guarantee.
 
-You can add the anti-forgery protection to all YARP routes by calling the *AsBffApiEndpoint* extension method:
+You can add the anti-forgery protection to all YARP routes by calling the `AsBffApiEndpoint` extension method:
 
 ```csharp
 app.MapReverseProxy()
@@ -228,7 +228,7 @@ app.MapBffReverseProxy();
 ```
 
 If you need more fine-grained control over which routes should enforce the anti-forgery header, you can also annotate
-the route configuration by adding the *Duende.Bff.Yarp.AntiforgeryCheck* metadata to the route config:
+the route configuration by adding the `Duende.Bff.Yarp.AntiforgeryCheck` metadata to the route config:
 
 ```json
 {

astro/src/content/docs/bff/fundamentals/blazor/index.md

@@ -227,25 +227,25 @@ information from the user, but is also enriched with several management claims,
 
 Blazor uses AuthenticationStateProviders to make authentication state available to components. On the server, the
 authentication state is already mostly managed by the authentication framework. However, the BFF will add the Logout url
-to the claims using the **AddServerManagementClaimsTransform**. On the client, there are some other claims that might be
-useful. The **BffClientAuthenticationStateProvider** will poll the server to update the client on the latest
+to the claims using the `AddServerManagementClaimsTransform`. On the client, there are some other claims that might be
+useful. The `BffClientAuthenticationStateProvider` will poll the server to update the client on the latest
 authentication state, such as the user's claims. This also notifies the front-end if the session is terminated on the
 server.
 
 ## Server Side Token Store
 
 Blazor Server applications have the same token management requirements as a regular ASP.NET Core web application.
 Because Blazor Server streams content to the application over a websocket, there often is no HTTP request or response to
-interact with during the execution of a Blazor Server application. You therefore cannot use *HttpContext* in a Blazor
+interact with during the execution of a Blazor Server application. You therefore cannot use `HttpContext` in a Blazor
 Server application as you would in a traditional ASP.NET Core web application.
 
 This means:
 
-* you cannot use *HttpContext* extension methods
+* you cannot use `HttpContext` extension methods
 * you can’t use the ASP.NET authentication session to store tokens
 * the normal mechanism used to automatically attach tokens to Http Clients making API calls won't work
 
-The **ServerSideTokenStore**, together with the Blazor Server functionality in Duende.AccessTokenManagement is
+The `ServerSideTokenStore`, together with the Blazor Server functionality in Duende.AccessTokenManagement is
 automatically registered when you register Blazor Server.
 
 For more information on this, see [Blazor Server](/accesstokenmanagement/blazor-server.md)