I recently discovered your account. I must say I just absolutely love how calm, factual and to the point your videos are.

Thank you! Explaining how to deal with razor page/ui vs. API was very helpful.

Been reading your blogs\books for decades...grew up on your code...great content as always :)

I took a few of your courses on Pluralsight and I'm happy to see you here too. Great approach on explaining this clearly.

like other users i have taken a few of your courses as well - glad i came across you here on KZbin - subscribed with a thumbs up

Really helpful for me, thanks so much. So appreciate you doing these videos and being so gracious with your time and energy - you're awesome.

Great video from a great It educator. Looking forward for a similar video on AAD B2C in .NET 8.0. And, if it is on Blazor web app would be perfect.

Great video but I wish you had shown on a full API Swagger project and then say a Blazor page doing a check that it's authenticated, if not then make a API call to do a refresh token or no joy, to then take them to a signin page. Plenty of video doing this on .net 7, but yet to see a current update from start to finish doing this with .net 8. Hopefully soon once release.

I just noticed I wasn't subscribed yet; that is now fixed! It is great to see your subscribers increase further over the last weeks. Your videos deserve a large audience.

Great video. Simple and short. True to the channel name. You mentioned possibly doing another video for Identity using Windows. I would welcome that.

Forgive me if I missed it in your library of videos (I'm still looking,) but it would be very cool if you could do a video on oauth 2.0 pkce with .Net and Angular where your API endpoints include /authorize, /oauth/token, etc. Keep up the awesome job you do. I would not be the person I am today without you.

Great video. I've been looking for a simplified way of logging in via the API, to then use the API... I'm certainly going to give this a whirl.

An amazing and pragmatic approach to teach these subjects!

Excellent explanation

Awesome video. Thank you! Unfortunately you cannot use this approach with bearer token, when you want to implement the authorization with as a separate microservice (and JWT), right? If I have e.g. my Products API (microservice) which requires authorization with a token from my AuthApi that won't work because the Products API cannot validate the token. Then I will have to integrate all Endpoints manually (the old way)

i understand all this but how do i add this to my project? i want to run a website that gets data from an Api. unfortunately, this didn't help me

Great video!! Thanks for sharing. What if you don't use Identity?

Nice video! One recommendation I have is maybe when editing set the microphone audio to mono just because when you turn your head it pans the audio into the R channel and back which I find a little distracting. EDIT: Oops looked at some of your more recent videos and noticed you changed to mono, disregard! haha

very insightful, is there a way that the endpoints can be modified for extra data, for example if there's a requirement that a user provides several other details for registration alone

Indeed yes, always great explanations and guidance from you!

congrats on 10k!

Thank you for making these shorts. Short and to the point. I hope you don't mind me asking if there is any solution also for using OIDC providers like keycloak or similar?

Hi Shawn! I'm glad you have made KZbin channel, I always follow and watch your video on Pluralsight but sadly you teach on Angular subject which not my direction. I hope you also make videos about Blazor sir. anyway hats off to you always, may you have a pleasant day ahead.

I love your videos. One Question: How to work with claims and roles?

Thank you for the super clear way that you describe these topics. This is a useful feature that has just saved hours of work. Nice video Sean. I am struggling to use the token that is being created though. I added an api controller and set the Authorize decorator to use the "api" policy name. In postman I am making a GET request with the access_token embedded in the header as bearer. I keep getting 401 though. I tried playing around with sending the token as a JWT but the same thing happens. Can you elaborate how to use the token once it has been created? I would have expected it to be simple enough, perhaps I am just missing something w.r.t implementing the auth in my other controllers? Do you maybe have another video that demonstrates using the JWT? Thank you again, you are an absolute legend, please keep the content coming.

Great walkthrough. Thanks Shawn!

Great intro, but still looking forward to the Entra integration video you said you might do ;)

Really nice video! Thanks a lot! I'm wondering a bit about when you actually get the token from the API in a SPA. Where and how would you store this for future requests, and how to handle and use the refresh token as well? In a browser I guess you could store it in local storage or perhaps a cookie?, but for some remote application like MAUI or a phone app, where would you store it safely? Would be awesome with a follow up video on that topic :)

I subscribed. Cool video helps me a lot in my actual project!

you used a minimal api to RequireAuthorization("api") so if I wanted to make an api controller, would I decorate that controller with the same RequireAuthorization("api")? I'll test this of course but wondering if it needs to be different at all in case it doesn't work

Very nice, I remember i had to do alot of things to wire jwt and identity things, very straightforward, But if I have a customed databas it will not wire correctly i think withoit extra work

Good work. Can you please create a video for custom authentication with cookie/local storage/session storage & without identity

Shawn, everything works fine except for the identity default api endpoints which are protected e.g. manage/info doesn’t work with the bearer token and it works only with the generated cookie. Login endpoint is working fine. But once we are logged in and get the bearer token then all the identity api endpoints should be accessible with that bearer token. But the protected ones aren’t working. Any suggestions how to get it working with that bearer token and not the cookies which are http only tokens

Was following along and ran into an error at the 11:52 mark: *Failed to read parameter "LoginRequest login" from the request body as JSON*. 'Microsoft.AspNetCore.Identity.Data.LoginRequest' was missing required properties, including the following: email. I changed the property from "username" to "email", then it worked as shown in the video.

Can this solution be used for small to medium sized apps in prod?

Thanks for the help!

how do I pass a token between a blazor front end app and a web API back end (separate solutions)? they both have access to the same database (for testing purposes), I am going to swap it out with OAuth2.0 but I want a proof of concept so I can work out what to do.. do you have any videos on something a bit more in depth? this was great by the way, loving .NET 8 :)

Hi Shawn. Thanks for this tutorial. Not sure if changes were made in since this videos. I am running .NEt 8 RC2. I am getting a 400 error calling the login endpoint.

Can you add a video that shows how to do "Refresh Token" while using Identity with Web API 8 ?

Does this support external logins like Google and Facebook? I know the old razor-based auth flow does.

Thanks, great information

How does this work when using ASP.Net.core MVC

How is Launch Profiles opened at 2:56? Some kind of shortcut?

good stuff, thank you

very useful my friend, thank you!

I wasted half a day because I added the wrong library. Be careful when adding libraries!!!

Hi , i like what you are doing , Please i have a question , i have a APi that handle generating authentication with jwt access token , and all my logic is in this API , i want to use blazor as frontend with rendermodeAuto, how to use the JWT in this case? for WASM si I have no probleme , but with Blazor RenderModeAutho i am lost Thank you

I love your videos. Unfortunately, the database update failed for me.

Hi, great video! Unfortunately the link to your example code is broken :(

Thanks for the video,

awesome content! subscribed!

Very helpful, thanks 😊

So in .NET 6.0 Identity didn't know about jwt tokens? What is the equivalent of this presentation in .NET 6.0?

👍👍👍👍👍👍

What is the launch profile window shortcut?

Is it actually JWT? As I know it's not, you can't really decode it using any means from web It's actually just a Bearer token, not JWT

This is not JWT

Does this also work with Keycloak? 🤔

To be honest, I am bothered by the fact that I can't opt out of some endpoints and that I cannot change the registration model and stuff like that.

The major issue is that this is ripped off openidconnect without doing openidconnect correctly. It should have been full openidconnect with well known endpoints and standards compliance. Now we have multiple messes for no reason.

there is not a valid jwt token, Microsoft, as always, did not do what the developers asked. .net swims against the tide with every version

This is too much of a good thing turned bad. Rarely, you will need a barebones authentication. You will always need to extend it and then this is a nice nicety.