```cs private string GenerateToken() { var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JwtSettings:Key"]!)); var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var claims = new[] { new Claim("admin", "true") }; var token = new JwtSecurityToken ( _configuration["JwtSettings:Issuer"], _configuration["JwtSettings:Audience"], claims, expires: DateTime.UtcNow.AddSeconds(15), signingCredentials: credentials ); return new JwtSecurityTokenHandler().WriteToken(token); } ``` ```cs builder.Services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, ValidateIssuerSigningKey = true, ValidIssuer = config["JwtSettings:Issuer"], ValidAudience = config["JwtSettings:Audience"], IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config["JwtSettings:Key"]!)) }; }); ``` This is the endpoint that requires the JWT ```cs [Authorize] [HttpGet("List")] public async Task<IActionResult> List() { var result = _gameService.GetAllGameStateRecords(); return result.IsDefined(out var gameStateRecords) ? Ok(gameStateRecords) : StatusCode(500, result); } ``` After 15 seconds, as long as I keep the Authorization header with the JWT, the endpoint doesn't 401 me