I have an ASP.NET Core v8.0.5 application with OpenIdConnect enabled. There are minimal API endpoints which are secured using a custom AuthorizationHandler to check the logged in user has appropriate permissions to execute the API request.