Refresh JWT with Refresh Tokens in Asp Net Core 5 Rest API Step by Step

Thanks everyone for their feedback and support.

MohamadLawand

Your methodology of explaining the rationale as you code AND THEN summarizing the rationale whenever you complete a complex code is awesome!!

rotr

The content of the tutorial is very useful. Just wanted to thank you while I continue to enjoy the following tutorials.

orlandojoaobita

Please continue this series! I'd love to see user logout and updating a user with a custom model!

ekekw

God's blessing will upon on you sir. Thank you so much.

a.r.kengilish

love the video. i was wondering if you could do a video from the frontend side of this.

tajayeb

Thanks for this great tutorial series!

homosapien

Thanks for this video. It's very helpful.

meysamhadeli

Why are you marking the refresh token as used? Shouldnt it be valid for 6 months, and not just one update? Can someone please answer my question i am very confused

tomislavvinkovic

Buddy how would you implement the functionality "remember me" when it's not checked ? How would you do to delete the refresh token from DB?
I was thing about set the token in session storage so when the user close the browser it's gone. But I can't thing a logic to delete it from DB

legitimoth

when we are using MSAL why do we need this explicitly to call refresh token?

Rajeshsingh-wsth

Hello, can you explain the difference between using on the GenerateJwtToken method vs checking the token's signature algorithm against SecurityAlgorithms.HmacSha256 on the VerifyAndGenerateToken method? Shouldn't we verify against

danielcordeiro

Hello Mohamed, I've a question please in the last part of the tutorial when the token has been used messages appears why token expiration we don't generate a new token? also thanks for this awesome tutorial!

amrhamdi

Hey, thanks for the great video!
are you considering making a video about authenticating/role based auth with mysql (or other database of your choice) rather than the default sql server implementation?

mov

Hi,
Thankyou for this wonderful tutorial you must be the first one to sort this with .net5 . I have a few noob question for you:

1. Why are we storing data in the database rather than HTTP Only cookies
2. If I want to add CRUD specific role how do I do that
3. I am using react for my front end how would you recommend to authenticate the front end with this WEB API

can you please point me to right direction.

sumeshpokhrel

Can I delete the refresh token instead of marking it as used? I don't see any reason to keep used refresh tokens.

Michael-znoq

Hi Mohamad, nice content it would be great if u share video - student form with upload image data to be stored in blob container

twilightcloudcoderz-tcc

Hi Mohammad, thanks for your great tutorial, I need your help, how can I use this API Authentication in a .net microservice proj? can you give me a suggestion or a good source for doing that, thanks again

hamidshah

Thank you for this, I was able to implement this as shown. A few questions though:

I was unable to get the refreshtoken endpoint to give me the 'Token has not expired yet' error within the 30 second window, after some breakpoints I removed the ToLocalTime() from the UnixTimeStampToDateTime function since it looks like it was comparing the UTC current time against my local time (EST) so it was always outside that time window. Do you think that makes sense?

Lastly, after someone is logged in and using an app, should the frontend be checking on each endpoint request whether the token is near expiry and if so, also updating the token from the refreshtoken endpoint?

Thank you!

johnnyutah

why we need update token and refresh token together ??? i think if token expires we update only token and when refresh token expires we must update refresh token and token together

ennice