Add warnings against exposing auth tokens in web apps

Author: kjac

13/umbraco-cms/reference/content-delivery-api/protected-content-in-the-delivery-api.md

@@ -16,6 +16,12 @@ Member authorization in the Delivery API was introduced in version 12.3.
 If you are not familiar with members in Umbraco, please read the [Members](https://docs.umbraco.com/umbraco-cms/fundamentals/data/members) article.
 {% endhint %}
 
+{% hint style="warning" %}
+It is no longer recommended to use public OpenID Connect (OAuth) clients for web applications. If you want to use protected content from the Delivery API in a web application, please consider adding additional layers of security.
+
+You'll find more details in [this article](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-oidc-web-authentication) from Microsoft.
+{% endhint %}
+
 ## Member authorization
 
 Member authentication and authorization in the Delivery API is performed using the OpenId Connect flow _Authorization Code Flow + Proof Key of Code Exchange (PKCE)_. This is a complex authorization flow, and it is beyond the scope of this article to explain it. Many articles can be found online that explain the flow in detail.

15/umbraco-cms/reference/content-delivery-api/protected-content-in-the-delivery-api/README.md

@@ -18,6 +18,12 @@ This article describes how to access protected content in a client-to-server con
 If you are looking to achieve server-to-server access to protected content, please refer to [server-to-server access article](server-to-server-access.md) instead.
 {% endhint %}
 
+{% hint style="warning" %}
+It is no longer recommended to use public OpenID Connect (OAuth) clients for web applications. If you want to use protected content from the Delivery API in a web application, please consider adding additional layers of security.
+
+You'll find more details in [this article](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-oidc-web-authentication) from Microsoft.
+{% endhint %}
+
 ## Member authorization
 
 Member authentication and authorization in the Delivery API is performed using the OpenId Connect flow _Authorization Code Flow + Proof Key of Code Exchange (PKCE)_. This is a complex authorization flow, and it is beyond the scope of this article to explain it. Many articles can be found online that explain the flow in detail.\

16/umbraco-cms/reference/content-delivery-api/protected-content-in-the-delivery-api/README.md

@@ -18,6 +18,12 @@ This article describes how to access protected content in a client-to-server con
 If you are looking to achieve server-to-server access to protected content, please refer to [server-to-server access article](server-to-server-access.md) instead.
 {% endhint %}
 
+{% hint style="warning" %}
+It is no longer recommended to use public OpenID Connect (OAuth) clients for web applications. If you want to use protected content from the Delivery API in a web application, please consider adding additional layers of security.
+
+You'll find more details in [this article](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-oidc-web-authentication) from Microsoft.
+{% endhint %}
+
 ## Member authorization
 
 Member authentication and authorization in the Delivery API is performed using the OpenId Connect flow _Authorization Code Flow + Proof Key of Code Exchange (PKCE)_. This is a complex authorization flow, and it is beyond the scope of this article to explain it. Many articles can be found online that explain the flow in detail.\

17/umbraco-cms/reference/content-delivery-api/protected-content-in-the-delivery-api/README.md

@@ -23,6 +23,12 @@ If you are looking to achieve server-to-server access to protected content, plea
 Member authentication and authorization in the Delivery API is performed using the OpenId Connect flow _Authorization Code Flow + Proof Key of Code Exchange (PKCE)_. This is a complex authorization flow, and it is beyond the scope of this article to explain it. Many articles can be found online that explain the flow in detail.\
 Most programming languages have OpenId Connect client libraries to handle the complexity for us. [`AppAuth`](https://appauth.io/) is a great example of such a library. In ASP.NET Core, OpenId Connect support is built into the framework.
 
+{% hint style="warning" %}
+It is no longer recommended to use public OpenID Connect (OAuth) clients for web applications. If you want to use protected content from the Delivery API in a web application, please consider adding additional layers of security.
+
+You'll find more details in [this article](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-oidc-web-authentication) from Microsoft.
+{% endhint %}
+
 ### Enabling member authorization
 
 Member authorization is an opt-in feature of the Delivery API. To enable it, configure `MemberAuthorization:AuthorizationCodeFlow` in the `DeliveryApi` section of `appsettings.json`: