Improve .NET 7 JWT Bearer appsettings configuration doco

aspnetcore/fundamentals/minimal-apis/security.md

@@ -76,6 +76,14 @@ The ASP.NET Core framework expects to find these options under the `Authenticati
 }
 ```
 
+For JWT Bearer authentication in a production app, you may need to specify the `Authentication:Schemes:{SchemeName}:Authority` property, which matches the address of the token-issuing authentication server. The `{SchemeName}` placeholder in the preceding property is the scheme name.
+
+In case you don't have access to the token-issuing server, the `Authority` property should **not be set**. Instead, specify the signing key as a base64-encoded string under the `Bearer` scheme `SigningKeys:{SigningKeyName}:Value` with the `SigningKeys:{SigningKeyName}:Issuer` matching the `ValidIssuer` specified in the authentication scheme configuration. The `{SigningKeyName}` placeholder in the preceding examples is the signing key name.
+
+For a full list of JWT bearer authentication configuration options, see the [`JwtBearerConfigureOptions` class (reference source)](https://github.com/dotnet/aspnetcore/blob/main/src/Security/Authentication/JwtBearer/src/JwtBearerConfigureOptions.cs).
+
+[!INCLUDE[](~/includes/aspnetcore-repo-ref-source-links.md)]
+
 In `Program.cs`, two JWT bearer-based authentication strategies are registered, with the:
 
 * "Bearer" scheme name.