Refresh Tokens with a .NET 6 Web API

the best channel for .Net Developers :)

okay, I have a question here, why in the refresh token endpoint u're generating a new refreshtoken What is the point, I mean why?
isn't it supposed that refresh tooken generate a new access token, and that's it?
Thank you for ur video and also medium articles really helpful

Nice 😊

How call Refresh Toker method

Just wanna say thank you! Love your content. You're a great teacher. Even purchased your course. <3

hi Patrick ! how do i revoke a token?

Please use white background.

When requesting new Token, you are re-generating refresh token with new expiration date doesn't that mean it will never expires as long as client asking for new token? is this intended behavior?

Great video and thanks a lot Patrick. Just wanted to know how to implement a logout api and destroy the jwt and refresh tokens.

Hello!Thanks for the video!Could you also show how Logout method can be provided?

Thak you!!

Sencacional obrigado pelo vídeo meu amigo, me ajudou muito, tenho muitas dúvidas na implementação desses recursos.

how JWT logout !!

Thanks for sharing Patrick!

May i ask, wouldn't it be better to send the refresh token as a json response, thinking that the receiver might not handle cookies?

These four JWT videos were pretty quick tutorial, thank you Patrick. now, time to deep dive and implement best practices :3

Hi @Patrick God - I am getting error at line Request.Cookie["refreshToken"]. Error Message: "IFeatures Collection has been disposed, object Name : Collection"

The first time you authenticate you provide a username an password (or clientid and secret). And if the information provided by the user is valid, then a response contains a short-lived access token along with a long-lived refresh token gets generated.

The refresh token is not an access token it is just an identifier for the access token. Now once the access token is expired, the user can use the refresh token to obtain another short-lived access token and so on. So you don't need to provide username and password when the short-lived access token expires (e.g. after 30 minutes) each time. Only if the refresh token expires (e.g. after 24 hours) you need to provide a username and password to authenticate and get a new short-lived access token and refresh toiken.

nice video. One thing Should the refresh token expiration date be the same as the JWT token expiration date?

Genial muchas gracias.

This series was absolutely amazing man, thank you. I appreciated the fact that you kept things simple and not wasting time with things we already know.

Hi @patrik God please make a video that how we connect this all register login and refresh token with the database

If I secretly intercept the refreshToken, can I keep generating the token secretly? What is the meaning of the token?

Hi Patrick, can you do a video of the integration in the frontend whit this Login?

Hi Patric,
can you please share links to the first videos in this series ?
thanks

does your skillshare video contains how to make the frontend part?

Another great session, thanks Patrick!

I have a slight challenge (okey a bit more than a "slight challenge") about how the refresh token is triggered.
I understand that when the authorization token is expired you can use the refresh token to authenticate to get a new valid (unexpired) authentication token.

But from a web client how would that look?
Ie. what happens when the web client opens a page - the authentication token fail due to expired token... what then? (I don't see any "automagic" that call the RefreshToken endpoint)

Any hints on how it work is greatly appreciated.

Do you have any books? I like your style but im more into reading than watching videos.

what if you have multiple roles, how would you do it in claims ?

Hello Patrick, thank you for all the videos, I also bought your course on identity, just want to ask if you could create an example on reporting, any way you want, how do I create or use report tools on blazor, thank you 🙏🏼

Hi Patrick, will you Update the course in Udimy also I'm already enrolled there, you know we have complete e-commerce project there

It is better to write refresh token in local storage and send it to the refresh-token action every time is needed. Also we should create a table for user tokens and add user tokens in it because a user can have multi tokens and user tokens table primary key is refresh token GUID.

Thanks for the JWT videos, This is the best explanation I have seen

Patrick, if i use authorize role how to i add or custume error message n?

Great stuff, thanks 👍

Thanks, and for disable or invalidate token before expire ?

Sir , Please give me answer , Why do we use refresh token ? What are the advantages?

What are the links to the first 2 parts ? There are a few videos on this topic. Thanks.

Why do we use refresh token what's the purpose of it