For Refresh API, "do we need to pass anything in Header". For me evetime refresh API giving 401. Not able to get what is Wrong. As in Body already passing RefreshCred(jwt token & refreshToken).

It really helped me a lot to understand the JWT concepts and to implement the same... Hats off to you to make such a valuable video for better understanding...

Hi, why does this code not refresh the expired JWT token.?

Is this sliding token concept?

Again, 2 fantastic , helpful and well explained videos (in spite of the fact that I got lost a little bit between the different objects :-) as this is very new to me ). Just to validate my understanding, so once we call the refresh api, to reauthenticate, 1 hour later, we should use the RefreshToken for reauthentificiation, am I correct or it is the original Jwtoken that will be extended by another hour?

im just kinda confused. why does a jwt token expire that quickly when i could regenerate a new one with the refreshkey anyways? if someone steals my cookies im fucked anyways

I think without refresh key also we can regenerate token right

Why should I use refresh token instead of increasing the timeout of my original JWT token ?

After the expiry of the access token, a new access token is not generated even with the Refresh Token. public AuthResponse Refresh(RefreshCredential refreshCredential) { SecurityToken validatedToken; var tokenHandler = new JwtSecurityTokenHandler(); var principal = tokenHandler.ValidateToken(refreshCredential.AccessToken, new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(key), ValidateIssuer = false, ValidateAudience = false }, out validatedToken);

Excellent tutorial boss. Please make a discussion on how to optimize dbcontext and configure connection pooling for entityframework core.

after receiving the refresh token after jwt expires. Which one should be use in the Authorization?

Awesome . Cleared my doubts. Thank you bro 🙏

Do you have Git repo for this? it was a nice video thanks!

System.InvalidOperationException: 'Action 'Auth.Demo.Controllers.NameController.Authenticate (Auth.Demo)' has more than one parameter that was specified or inferred as bound from request body. Only one parameter per action may be bound from body. Inspect the following

In a realistic world, Will user be sending us both JWTToken and Refresh token and on API we need to first check if JWTToken is valid(not expired too) if expired then to use RefreshToken to validate?

Can you tell how can we generate JWT token using azure active directory (using client, tenant id etc) ?

please shear the link of other videos you have mention at the start of this video

Is there a GitHub for this code? Would be helpful.

Please share the repo in description.

Hello sir!! How do we add external login providers like facebook, google, linkedin etc in .net core web api.. for example: How do i add extra login providera like google facebook in this project that you have taught us?

hello sir do you have git repo please send the project git repo link we need to undestand

I need to destroy jwt token when user logout...can u please let me sir

Could you please share the source code for this

Great job 👍 again)) but I think the expired of refresh token needs to be more than 1 hour this exactly the duty of refresh token but you copy paste the same time if jwt token

Can you please give us the link of the source code

If you please post a tutorial video on integration testing using key token, when token is generated in different api would be very helpful. Thanks.

Hey, really good video, but do you have any source code ? like on github pls ?

Plz explain .net core project structure and easy to code tips

Thank you Brother....!

link to the repository github.com/choudhurynirjhar/auth-demo

Very nice video. Thanks 🙏 Can you please try to do a video about Open ID connect using identity server 4?

i followed your tutorial, but the token expiry is not working.. i created the token for 2 minutes, but my token is working more than 2 minutes. Then i go through some other videos. x.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secreteKey)), ValidateLifetime = true, ValidateIssuer = false, ValidateAudience=false, ClockSkew= TimeSpan.Zero };, in that they used ClockSkew property for token expiry. after i put ClockSkew , my token is not working more than two minutes.