Update the link to the JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens specification

configuration/token-formats.md

@@ -18,7 +18,7 @@ developed and maintained by Microsoft to generate signed and encrypted tokens us
 To protect against token substitution and confused deputy attacks, **OpenIddict 3.0 uses the standard `typ` JWT header to convey the actual token type**.
 This mechanism replaces the private `token_usage` claim used for the same purpose in previous versions of OpenIddict.
 
-As required by the [JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens draft](https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-04#section-2.1),
+As required by the [JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens specification](https://datatracker.ietf.org/doc/html/rfc9068),
 **access tokens produced by OpenIddict 3.0 are always issued with a `"typ": "at+jwt"` header** while identity tokens still use `"typ": "JWT"` for backward compatibility.
 Other types of tokens – only accepted by OpenIddict's own endpoints – use private token types prefixed by `oi_`.
 

guide/migration/20-to-30.md

@@ -76,9 +76,9 @@ services.AddOpenIddict()
     .AddServer(options =>
     {
         options.UseAspNetCore()
-              .EnableAuthorizationEndpointPassthrough()
-              .EnableLogoutEndpointPassthrough()
-              .EnableTokenEndpointPassthrough();
+               .EnableAuthorizationEndpointPassthrough()
+               .EnableLogoutEndpointPassthrough()
+               .EnableTokenEndpointPassthrough();
     });
 ```
 
@@ -108,8 +108,8 @@ services.AddOpenIddict()
     .AddServer(options =>
     {
         options.UseAspNetCore()
-              .EnableAuthorizationRequestCaching()
-              .EnableLogoutRequestCaching();
+               .EnableAuthorizationRequestCaching()
+               .EnableLogoutRequestCaching();
     });
 ```
 
@@ -117,7 +117,7 @@ services.AddOpenIddict()
 
 If you use JSON.NET to serialize or deserialize `OpenIdConnectMessage`, `OpenIdConnectRequest` or `OpenIdConnectResponse` instances,
 consider moving to `System.Text.Json` when migrating to OpenIddict 3.0, as 3.0 no longer includes a built-in JSON.NET `JsonConverter` for their
-equivalent in 3.0: `OpenIddictMessage`, `OpenIddictRequest` or `OpenIddictResponse`.
+equivalent in 3.0 (i.e `OpenIddictMessage`, `OpenIddictRequest` and `OpenIddictResponse`).
 
 In most cases, this should be as simple as replacing `JsonConvert.SerializeObject()`/`JsonConvert.DeserializeObject()`
 by their `System.Text.Json` equivalent: `JsonSerializer.Serialize()`/`JsonSerializer.Deserialize()`.
@@ -140,12 +140,12 @@ In 3.0, the constants used as the ASP.NET Core authentication schemes have chang
 > [!NOTE]
 > In 3.0, the OpenIddict server ASP.NET Core handler supports authenticating userinfo requests. As such, if you use the pass-through mode
 > to handle userinfo requests in your own userinfo MVC action, consider using `OpenIddictServerAspNetCoreDefaults.AuthenticationScheme`
-> instead of `OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme` for your userinfo endpoint to avoid duplicate access token validation.
+> instead of `OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme` for your userinfo endpoint to avoid validating access tokens twice.
 
 ## Update your application to work with the new `scope` format
 
-In OpenIddict 3.0, the format of the `scope` claim used in JWT tokens has changed from a JSON array to a single space-separated claim to match
-[the JWT access token specification](https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-12). To ensure your authorization policies
+In OpenIddict 3.0, the format of the `scope` claim used in JWT tokens has changed from a JSON array to a single space-separated claim
+to match [the JWT access token specification](https://datatracker.ietf.org/doc/html/rfc9068). To ensure your authorization policies
 still work after migrating, consider using the `principal.HasScope()` extension to determine whether a scope has been granted:
 
 ```csharp