JWT Refresh Token with Asp.net Web API 8 and C#

แชร์
ฝัง
  • เผยแพร่เมื่อ 24 พ.ย. 2024

ความคิดเห็น • 30

  • @marceloleoncaceres6826
    @marceloleoncaceres6826 9 หลายเดือนก่อน +1

    Thanks for the tutorial. I'm one of those expecting the video about requesting another token based on the initial token and the refresh token. Thanks in advance.

  • @orjisamuelobinna9764
    @orjisamuelobinna9764 2 หลายเดือนก่อน

    Clean architecture of a refresh token 🎉.
    Thank you boss

  • @hesamkalhor3263
    @hesamkalhor3263 9 หลายเดือนก่อน

    Great video! 👌 The details and explanations provided were excellent 🤓. Thank you for sharing it, and I am looking forward to the next one. 😊

    • @Foad_Alavi
      @Foad_Alavi  9 หลายเดือนก่อน

      Glad you enjoyed it!

  • @Drikus19
    @Drikus19 8 หลายเดือนก่อน

    Great video, thanks. You explained everything very well and made it easy to understand.

    • @Foad_Alavi
      @Foad_Alavi  8 หลายเดือนก่อน

      I am glad it was helpful!

  • @osmanaymaz6350
    @osmanaymaz6350 28 วันที่ผ่านมา

    Thanks. It helped me a lot.

  • @augustorobles9931
    @augustorobles9931 6 หลายเดือนก่อน

    Great video! It helps me a lot to understand this topic!

  • @navidkhanjari-v8y
    @navidkhanjari-v8y 19 วันที่ผ่านมา

    mersi ostad

  • @jayw2712
    @jayw2712 9 หลายเดือนก่อน

    Great video! Helped me out greatly!

    • @Foad_Alavi
      @Foad_Alavi  9 หลายเดือนก่อน

      Glad to hear it!

  • @Tamer_Ali
    @Tamer_Ali 9 หลายเดือนก่อน

    Thanks a lot for that awesome video. you discussed the topics I was looking for like
    Using Refresh Token with Jwt Token
    What if the user disabled from backend or database and he already authenticated in the frontend app
    You awesome.Keep going

    • @Foad_Alavi
      @Foad_Alavi  9 หลายเดือนก่อน

      It really depends on the way of authorization.
      As long as the token is valid, the user is authenticated. If you check the user access on each request by going to the database, you can realize if the user is disabled but if you are checking the permissions, based on the claims inside the token, you need to wait until the token is expired
      And it is another reason to expire the token as fast as possible, as an example after half an hour, and force the user to use the refresh token. When you call the refresh can check the database again, and if the user is disabled or deleted from the database, it returns on authorized response.
      I’m uploading some other videos about how to use RSA and public key and private key for JT authentication next week. Do not miss them.

    • @Tamer_Ali
      @Tamer_Ali 9 หลายเดือนก่อน

      @@Foad_Alavi any plan for a video for end to end encryption as whatsApp do?

    • @Foad_Alavi
      @Foad_Alavi  9 หลายเดือนก่อน

      This week I will upload three videos about encryption using public and private key.
      The concept for end to end encryption is the same. Watch those videos and after that if you had any questions just write a comment and I will try to answer it.

  • @askarmoslehipoor171
    @askarmoslehipoor171 9 หลายเดือนก่อน

    Damet garm dadash

    • @Foad_Alavi
      @Foad_Alavi  9 หลายเดือนก่อน

      MerC🙏
      Glad you liked dadash.❤️
      The reason I am answering you in English is that TH-cam blocks some comments and I don’t know what is the algorithm but based on my experience if it is not in English and understandable, sometimes it gets blocked.
      I prefer for more videos about security of JT and how to share it using public key and private key which we uploaded next week. Do not miss them.

  •  5 หลายเดือนก่อน

    Thanks a lot!
    How to refresh token automatically?

  • @pt_trainer9244
    @pt_trainer9244 5 หลายเดือนก่อน

    Thank you,

  • @sauravbhatta5303
    @sauravbhatta5303 9 หลายเดือนก่อน

    Long time dude

  • @davood7497
    @davood7497 9 หลายเดือนก่อน

    Good job !!!

    • @Foad_Alavi
      @Foad_Alavi  9 หลายเดือนก่อน

      Thanks!!

  • @zedshockblade7157
    @zedshockblade7157 9 หลายเดือนก่อน

    Can I request access and refresh tokens with JWT using cookies instead of JWT bearer? Instead of reading the bearer token on every authorized controller, you read the JWT inside the access token cookies. If it expires, you check the refresh token and generate a new access token. I know how to do this with Node but don't know how in .NET Core.

    • @Foad_Alavi
      @Foad_Alavi  9 หลายเดือนก่อน

      It is possible, but I don't suggest it. You need to create your own middleware for it. Asp.net has an standard approach for using Cookie based Authentication. You don't need to store store JWT in the cookie, Asp validate the security by itself.
      Check my video about Cookie based Authentication. th-cam.com/video/3B5gfrJpMN8/w-d-xo.html

    • @zedshockblade7157
      @zedshockblade7157 9 หลายเดือนก่อน

      ​@@Foad_Alavi Thanks gonna check it out now.
      Another question, With JWT bearer-type authentication, if you send the JWT to the client as a response, where do you suggest the client store it Aside from local storage? like where should it be persisted, so that it can be attached as a bearer token on every backend request that requires authentication?

    • @Foad_Alavi
      @Foad_Alavi  9 หลายเดือนก่อน

      I use Angular for my front end, and I have a kind of Repository Pattern that all my controllers send the requests through. When my design sends all requests from just one method, I can add a header or cookie to all requests I send to the server.
      Regarding where to persist the token on the client browser, I use Angular DI. You can use local storage as well.

  • @jayakumar2927
    @jayakumar2927 9 หลายเดือนก่อน

    how to consume Angular

    • @Foad_Alavi
      @Foad_Alavi  9 หลายเดือนก่อน +1

      It depends.
      If you don’t annotate your refresh token endpoint with an authorized attribute, it means clients after the expiration of the token can refresh their tokens, but if you use the [Authorize], it means clients should refresh the token before the expiration.
      For the first one, you can use the repository pattern in angular, and for receiving an authorized response, send a request to refresh the token.
      And for the latter, you need to have a timer in your repository and send a request for refreshing the token before the token's expiration
      If more people have this request, I will create a video about how to do that using angular.

  • @siddharthprabhakar9353
    @siddharthprabhakar9353 4 หลายเดือนก่อน

  • @Victor-wy1wj
    @Victor-wy1wj 3 หลายเดือนก่อน

    Thank you a lot man.