I know this video is 2 years old, but it is OUTSTANDING, Thank you very much for this tutorial.

I was trying to implement the same functionality by own so I found your video to find and get a different approach, and i got very surprised about how clean and scalable your implementation was. Thanks for this useful resource Mohamad! I hope you can make new series about Dotnet!

Great, right now I am struggling to learn this topic, your tutorial comes at the right time! Thank you!

Thank you so much Mohamad Lawand i am so much happy to learn from you

Just found you on youtube as I'm building a boilerplate API for Xamarin/MAUI and refreshing my knowledge - great resources man.

You’re the man Mohamad. Thanks for making these videos

Great tutorial! Finally, I was able to understand this topic. Thank you, Mohammed! ❤

Mohamed you are such a hero, I'm a top fan of you and your work, keep it up man ❤

Thank you so much Mohamad for your time and effort, it is really appreciated Wish you all the best.

Ma'Shaa'Allah. Keep up the good work.❤

Nice video Mohamad! Great work!

Great video. Thank you for the detailed explanation.

Thank you so much.. your videos are clear and understandable... this is the right place I have to learn more things...

thanks my brother very well done so organized and pro written program thank u soo much this work inspired me ! god bless u

Good explination!!!. You have a typo in your slides Authorisation => Authorization

awsome tutorial man...had lots of problem implementing jwt but after watching this..i was able without struggling..Thanks a lot for this tutorial

Very good tutorial, you explained it clearly! I would appreciate a deeper dive into policies if its possible. Thanks in advance!

Good explanation, thanks a lot 💪

Very nice. Thank you very much for the videos :)

Great Mohammed, thank u

You don’t talk about authentication schemes and challenges… This is really critical aspect many people get confused with

Jazak Allah Khairan

keep it up ur the best😁

Great video Brother

thank you so much!

Great job bro, keep it up. I was wondering if you could share the source code with us.

Yes, could you please make more policy like the one in the slides at the beginning of this EP. For example there is a product and assign permissions like view edit create delete the normal CRUD and assign these permissions to the role, That will be highly appreciated. Thank you very much.

Awesome video.

جزاك الله خير شرح جميل

Great video !!!

Thank you so much, great content! One question: can one use the same approach (e.g. `[Authorize]` attribute) on GRPC endpoints instead of REST endpoints?

Hi there, thanks for the video, it was an amazing explanation, but it seems the project is no longer in your repo. Where can I find it?

Right: grants access to a feature e.g. edit invoice; Role: defined group of rights, a user can be assigne to 0..N roles. Rights resolve from role membership, e.g. roles are Administrator, Normal User, Backup Operator, note: very similar to user groups, roles are typically manually assigned by an Administrator / claims: defined properties like First Name, Department, Country, rights are derived by user depending on values of claim, e.g. user with cost center = 4711 are allowed to accept bills for that cost center. if the users claim changes the access right change automatically. If you do a step by step vidoe you can't leave out the stepp of adding authorization. there are also several errors in logging.

Sir please make video on claims in detail and also add functionality of add rang claims

Brilliant!

Salam Muhammad, Thanks much for the videos about Authentication using JWTs and Refresh Token mechanism. Videos are very explatory, it helps a lot. I am trying to see your repo for this project in github but I cannot see it, did you delete it? or make it private?, Is there any way I can fork it?

The claims sounds like models I am confused with that but I am at 11:49 I will keep watching this video lol

thanks very much

Thank you so much

thanks that was helpful

There is one thing that does not work for me. You set 30 seconds for the jwt token. If I use the GET request, the token does not expires after 30 seconds, I tried to wait f.e. 2 minutes and I could still use the same jwt token for the GET request. Only after 5 minutes the request got denied. Did I understood something wrong or why is the jwt token havior different?

One thing - in GenerateJwtToken you already have logic for RefreshTokens which come in Episode 4 of your tutorial? This may confuse some ppl as in Episode 2 it returns string, and here it's Task and the method is async. Because the method is not async in Episode 2, my IDE returned error when I wanted to await GetAllValidClaims, as the parent method is not yet async as per episode 2.

Can you please check the starting of the starting project. Currently it's not available.

thanks to your great course ,how should we store jwt token in secure way ? i undrestand that local storage and cookies are unsafe to store tokens? so what is the best way?

Please can you provide us the source code?

I didn't get how to set the policy. I did all as author showed on a video and authorization scheme by role works for me , but when I add policy authorization , then I added claims for user and an attempt to call a method witch protected by policy it returns 403 error forbidden. Also I checked my JWT token and it had necessary roles and policy. Has anyone had the same problem and how to solve it?

If someone got my token and edit expireday then the back end will validate and know it is invalid token right? Another case is what if someone copy my token and use it?

@ Mohamad Lawand :Awesome. Can we have more indepth on policies, also can the identity manager be provisioned using SCIM?

Hi Mohammad I can't seem to find the link to the tutorial for the starting project. I would like to see how you implemented the user management + db migrations etc. Thanks

You mentioned a link to an initial starting project that would be in the video and comments, but I cannot find it in either.

The github no longer contains the code examples?

hi i can't find the v8 repository in your git hub

What happens if the user edits the jwt token and adds a claim he needs for malicious activity ?

very good

i don't find the github repo you mentioned

the git repo is not available!?

Hi moha, nice work and great explained as usual, yet i have a question: How we could make a dynamic policy? i meant if the app super admin needs to create dynamic policies Thanks man

Thank You for your effort , in my mvc app alwayes give me Unauthorized 401 after Applying the roles and claims can anyone help me

Where have you been all this time 😞

Hello, Github link is not found :(

I do not find this repository in your GitHub account

Dear Mohamad, could you upload github the same this project also with sql server when you have time? Thank you..

Souce Code is not aviable in github(

The code is no longer available in your Git

Impossible see the video in cell phone

The final version of the code lacks the disabling of checking whether the token has expired when it is refreshed. If anyone has a problem with this, just change the line "var tokenInVerification = jwtTokenHandler.ValidateToken(tokenRequest.Token, _tokenValidationParams, out var validatedToken)" | | V at | | V "_tokenValidationParams.ValidateLifetime = false; var tokenInVerification = jwtTokenHandler.ValidateToken(tokenRequest.Token, _tokenValidationParams, out var validatedToken). _tokenValidationParams.ValidateLifetime = true; "

جزاك الله خيرا