C
C#2y ago
𝕭ourn

❔ JWT Refresh tokens

I've got a RefreshToken endpoint on my UserController class. I'm currently able to regenerate these tokens, but i don't really know what strategy to use for making sure these tokens aren't used more than once. Any suggestions?
3 Replies
M B V R K
M B V R K2y ago
RefreshTokens in most cases should be saved on a storage like Database, with some properties, so you can do this approach and use some properties to determine if a refreshtoken is Expired, Invoked, Used or ... You can take a look on this topic here : https://mbarkt3sto.hashnode.dev/storing-jwt-refresh-tokens-in-a-database-using-identity-and-ef-core-in-aspnet-core
M B A R K's Blog
Storing JWT Refresh Tokens in a Database using Identity and EF Core...
One important aspect of JWT usage is the handling of refresh tokens, which are used to obtain new access tokens after the original one expires. In this article, we will discuss how to store JWT refresh tokens in a database using Identity and EF Core ...
𝕭ourn
𝕭ournOP2y ago
Thanks you for the answer, your article looks great! i know that it might sound offtopic, but i've never worked with Identity before. Do you also have an article about adding Identity to a ASP.NET Web API? To give more context, i'm using React for the frontend, instead of the typical Razor pages MSDN showcases when talking about Identity. Thanks in advance!
Accord
Accord2y ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server