JWT Refresh Token in ASP.Net Core (a deep dive)

It really helped me a lot to understand the JWT concepts and to implement the same... Hats off to you to make such a valuable video for better understanding...

ksdvishnukumar

For Refresh API, "do we need to pass anything in Header". For me evetime refresh API giving 401. Not able to get what is Wrong. As in Body already passing RefreshCred(jwt token & refreshToken).

DevKumar-nhvk

Excellent tutorial boss. Please make a discussion on how to optimize dbcontext and configure connection pooling for entityframework core.

rpiisenh

Again, 2 fantastic, helpful and well explained videos (in spite of the fact that I got lost a little bit between the different objects :-) as this is very new to me ). Just to validate my understanding, so once we call the refresh api, to reauthenticate, 1 hour later, we should use the RefreshToken for reauthentificiation, am I correct or it is the original Jwtoken that will be extended by another hour?

eliassal

Awesome . Cleared my doubts. Thank you bro 🙏

birendrasahu

Hi, why does this code not refresh the expired JWT token.?

anshulasati

Great job 👍 again)) but I think the expired of refresh token needs to be more than 1 hour this exactly the duty of refresh token but you copy paste the same time if jwt token

alihaydar

After the expiry of the access token, a new access token is not generated even with the Refresh Token. public AuthResponse Refresh(RefreshCredential refreshCredential)
{
SecurityToken validatedToken;
var tokenHandler = new JwtSecurityTokenHandler();
var principal = tokenHandler.ValidateToken(refreshCredential.AccessToken, new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
}, out validatedToken);

manasmalik

im just kinda confused.
why does a jwt token expire that quickly when i could regenerate a new one with the refreshkey anyways?
if someone steals my cookies im fucked anyways

Stuntman

'Action (Auth.Demo)' has more than one parameter that was specified or inferred as bound from request body. Only one parameter per action may be bound from body. Inspect the following

koushikdas

Why should I use refresh token instead of increasing the timeout of my original JWT token ?

MarvLthe

Do you have Git repo for this? it was a nice video thanks!

boredo

In a realistic world, Will user be sending us both JWTToken and Refresh token and on API we need to first check if JWTToken is valid(not expired too) if expired then to use RefreshToken to validate?

carecovered

Can you tell how can we generate JWT token using azure active directory (using client, tenant id etc) ?

anushreedesai

I think without refresh key also we can regenerate token right

ashokkumarnaralasetti

Hello sir!! How do we add external login providers like facebook, google, linkedin etc in .net core web api.. for example: How do i add extra login providera like google facebook in this project that you have taught us?

nirajdahal

If you please post a tutorial video on integration testing using key token, when token is generated in different api would be very helpful. Thanks.

ayan-qnor

please shear the link of other videos you have mention at the start of this video

arslansaleem

after receiving the refresh token after jwt expires. Which one should be use in the Authorization?

AzZaph

Very nice video. Thanks 🙏
Can you please try to do a video about Open ID connect using identity server 4?

shuhaib