Refreshing JWTs with Refresh Tokens | ASP.NET Core 5 REST API Tutorial 13

preview_player
Показать описание


Hello everybody I'm Nick and today I will show you how you can implement JWT token refreshing using Refresh tokens in ASP.NET Core.

Don't forget to comment, like and subscribe :)

Social media:

#tutorial #rest #api
  1. Nick Chapsas
  2. Elfocrash
  3. elfo
  4. coding
  5. asp.net
  6. .netcore
Рекомендации по теме
Refreshing JWTs with 0:22:54

Refreshing JWTs with Refresh Tokens | ASP.NET Core 5 REST API Tutorial 13

Authentication in React 0:23:45

Authentication in React with JWTs, Access & Refresh Tokens (Complete Tutorial)

What are Refresh 0:19:29

What are Refresh Tokens?! and...How to Use Them Securely

Auth Refresh Tokens 0:15:45

Auth Refresh Tokens - React Tutorial 48

JWT Refresh tokens 0:04:06

JWT Refresh tokens explained

Stay Fresh: .NET 0:18:25

Stay Fresh: .NET 7 Web API Refresh Tokens 🌊

How to Store 0:08:28

How to Store JWT for Authentication

Why Refresh Token? 0:02:15

Why Refresh Token? - 2 min. OAuth #4

What are JWT 0:09:18

What are JWT Access token & Refresh token and why we need them? | Understanding JWT Tokens...

ASP.NET and JWT 0:30:43

ASP.NET and JWT Refresh Tokens

How Refresh Tokens 0:18:15

How Refresh Tokens MAXIMIZE Your JWTs Security! | Using Refresh Tokens & JWTs With A .NET API

JWT Refresh token 0:03:29

JWT Refresh token

JWT Authentication Masterclass: 1:04:45

JWT Authentication Masterclass: Access & Refresh Tokens | Secure Your MERN Stack App

What are Refresh 0:01:00

What are Refresh Tokens?! 🆔⌛

Refresh Tokens with 0:25:41

Refresh Tokens with a .NET 6 Web API 🚀

Access token and 0:30:08

Access token and refresh token in Backend

Spring Boot Security 0:33:27

Spring Boot Security - JWT Refresh Token Explained In Details | JavaTechie

Blazor and JWT 0:16:07

Blazor and JWT Refresh Tokens

Stop using JSON 0:23:33

Stop using JSON Web Tokens. Use Cookies & Server Sessions instead

Refresh Token & 0:12:30

Refresh Token & Jwt Token

Next.js App Router 0:11:31

Next.js App Router Authentication (Sessions, Cookies, JWTs)

ID Tokens VS 0:08:38

ID Tokens VS Access Tokens: What's the Difference?

Authentication Implementation using 0:24:27

Authentication Implementation using Access & Refresh Tokens in React

🔥 What is 0:11:33

🔥 What is Refresh Token in Hindi

Комментарии
Автор

Your presentation style is excellent. It must be very difficult to code accurately and explain your design strategy so clearly at the same time. Great result!

TimCoulter
Автор

Hi Nick. Great video series! I found an issue with this, in that it only appears to work as in tests, the refresh tokens are being issued within the first 5 in mins of access token expiry. This is because the clockskew is set to 5 mins by default and if set to 0, they will be invalid each time. To solve this, I changed getprincipal to not validate the lifetime on the (expired) access token if the request was to refresh.

tyomidi
Автор

Thanks for the excellent work Nick. I have no idea of how much time it would have taken for me to build a proper REST API if I hadn't come across your videos.

divyangutube
Автор

Excellent tutorial series and very appreciated. Have you considered adding Roles to your API?

karlwhitehead
Автор

Great vid, well explained for a complicated topic. One minor question/quibble. At 14:30 instead of var expiryDateTimeUtc = new DateTime(1970, 1, 1, ... could you not instead do var expiryDateTimeUtc = ?

HoleyMoleyAlex
Автор

Hi @nickchapsas, great video, thanks. Just have a question @22:19 you are saving RefreshToken on line 201 but haven't assigned the any value in RefreshToken.Token which is KEY field. How do we expect this to be populated?

msrahman
Автор

Great series! Thanks, Nick! Keep up the good work.

Автор

Thank you for tutorial . I have an error on registration process after implementing these changes .
The problem is in here :

var refreshtoken = new RefreshToken
{
JwtId = token.Id,
UserId = user.Id,
CreationDate = DateTime.UtcNow,
Invalidated = false,

ExpiryDate = DateTime.UtcNow.AddMonths(6)
};

await // error
Because refreshtoken . Token can not be null . Thant is why it does't work

KavkkAZEcc
Автор

Excellent but kindly put this project somewhere so that we could explore it anytime otherwise if we miss something we would have to go through the videos again and again.

grmOmi
Автор

Hey Nick! I am new to this concept and your series has helped me well! Thanks ya! But from where does the Refreshtoken class -> Token get its value from? For me, it is coming as null!

meghamanoj
Автор

Nick, is my understanding correct?
If someone steals my refresh&access tokens from the localstorage of my broswer he/she can easily refresh it and thus access my data until I logout by deleting all refresh token which belong to my as a user?

Dude-izdw
Автор

Why do you set the expiry date 6 months for a refresh token if anyway you create a new one every 45 seconds ?

gagikohanyan
Автор

Nick I was following your guide but instead of using entity framework I used my own database, based on repository pattern. I do not understand how you retrieve refresh token from entity framework with => x.Token == refreshToken); Your RefreshToken doesn't have such field...

EdvardasAlaburda
Автор

There is a bug in the code. You need to set to zero if you want the lifespan of the token to be exact to what you set.

TokenValidationParameters tokenValidationParameters = new()
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtOptions.Secret)),
ValidateIssuer = false,
ValidateAudience = false,
RequireExpirationTime = false,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};

in the GetClaimsPrincipalFromToken method, you don't want to use the TokenValidationParameters with ValidateLifetime equal to true. because if ValidateLifetime equals true then method will throw an error for expired tokens. So want to create a different TokenValidationParameters.

var tokenValidationParameters =
= false;
var principle = tokenHandler.ValidateToken(token, tokenValidationParameters, out var validatedToken);


please correct me if I'm wrong. I'm a learner too

zhh
Автор

Thanks for a very helpful series, Nick. Minor quibble, though: at 12:20, shouldn't the variable be called something like *claimsPrincipal* instead of *validatedToken* ? After all, you're calling *Get **_Principal_** FromToken()* ...

richardalbury
Автор

It doesn't makes sense to use the same TokenValidationParameters from the Startup. I had to set ValidateLifetime = false in order to successfully validate an expired token and get the Principal. That makes sense, since an expired token should not validate. I don't understand how it would work for you.

Kulith
Автор

Thank you for a great tutorial on refresh tokens

hicklc
Автор

will we have to clean up the refreshTokens as it will grow big quickly ?

trungvang
Автор

Unable to track an entity of type 'RefreshToken' because primary key property 'Token' is null..
when i run this it is showing this problem..what should i do?

reactvscode
Автор

Nick, thanks much to infuse this knowledge. May I request a doubt-clarification. When a new user is authenticated with Uid/Pwd we generate the AccessToken&RefToken and persist the RefToinken in DB as in 20:15. Now what can we do at client side if the user comes the other day & pass credentials...if we again generate token there will be second entry of RefToken for the same user in the database...which we can't afford...Not very sure if the answer in hidden in your implementation. Thx

saurovk