Thank you very much I have a question: What I we user JWT for refresh tokens as well? so the client can check the expiration date and logout the user automatically.
Apologies for being pedantic, but that first check on your jwt expiry, if we know that the frontend has gone for a refresh of tokens, it is already knows the jwt has expired, why check it again? If anything, if there is a call to refresh tokens, and the jwt expiry is greater than the UtcNow, possibly return it with "Refresh not required"
hey mohammad, plz, could u write a tokenvalidateparams when we use it in validate token? isnt work if validateliftime is true and clockskrew is zero thanks ❤
It is revoked can be used when a user deletes the account or logs our. Also as you can see we save new refresh tokens each time. You should set is revoked to true on the old refresh token. Usually the revoked tokens are saved for 2 days after that you can delete them from the DB
thanks for your time and effort, i have one question, at time 1:17:30, the comparison should be reversed, expiryDate its expected to be bigger than now time, it means that we are still under the maximum time allowed , like in the 2nd expiry date comparison.
Awesome content man.. just a request tho.. please edit your videos.. there are mistakes of fixing stuff that can be removed and it makes the video a lot less shorter..
Thx for the instructive video which explains a lot. The part i did not understand is when are we checking the refresh token that is created on login on requests? is it going to be handled by frontend? Also is there gona be a video about roles?
Thank you very much for this video. You made things that I find extremely difficult a lot more clear. One thing that I feel is missing from this video is what to do with the tokens in the database. The database will fill up quickly with tokens and there must be a process that cleans up expired tokens from the database. How would you implement this efficiently?
hello @dennisvandermeer8238, i figured out the same "problem". I think the best solution currently is to write a script which is executed every "X" time which clean up all datas that have the flag "IsUsed" = true OR "IsRevoked" = true . Because its useless to have a lot of data stored in db that contains expired tokens. Imo this is a nice solution instead of deleting everytime the record with EF, because you make the double of calls, instead with script you delete in bulk all datas.
33:51 you use options pattern in line 21 but in the next line you access secret value directly using configure.configuration.section, then you're not using JwtConfig at all, that makes no sense, and you do the same thing in the controller, why you declare options pattern if you are not using jwtconfig class. if you use ValidateToken method, you don't have to check whether token is expire or not, validatetoken throw a securetokenexpiredexception, you are reinventing the wheel. You have a bug, you are not using resfreshtoken login well, because you check if token have expired and return response inmediatly, you don return a new token taking refreshtoken in consideration
hey bro, just wanna say i passed my semester like around a year ago because of your youtube videos lmaooo. you're the man!
Thanks Mohammad, exactly what I just asked for in the comments of your video where you setup the access_token logic.
Thank you for putting videos out like this. Much appreciated.
Appreciate the effort here, refresh token fully functioning in my solution. Many thanks
Tutorial on oatuh2 and how to add roles would be great!
Спасибо!✌
Thank you very much
I have a question: What I we user JWT for refresh tokens as well? so the client can check the expiration date and logout the user automatically.
Thank you very much for this video.
Apologies for being pedantic, but that first check on your jwt expiry, if we know that the frontend has gone for a refresh of tokens, it is already knows the jwt has expired, why check it again? If anything, if there is a call to refresh tokens, and the jwt expiry is greater than the UtcNow, possibly return it with "Refresh not required"
hey mohammad,
plz, could u write a tokenvalidateparams
when we use it in validate token?
isnt work if validateliftime is true
and clockskrew is zero
thanks ❤
Thanks, When I have to revoke to token?
What are the use cases?
It is revoked can be used when a user deletes the account or logs our. Also as you can see we save new refresh tokens each time. You should set is revoked to true on the old refresh token. Usually the revoked tokens are saved for 2 days after that you can delete them from the DB
Can you please tell me where to call RefreshToken Method in the client-side-code.
It seems that no answer!
thanks for your time and effort, i have one question, at time 1:17:30, the comparison should be reversed, expiryDate its expected to be bigger than now time, it means that we are still under the maximum time allowed , like in the 2nd expiry date comparison.
I was thinking that this part is incorrect too.
Yeah, I also think it should be DateTime.UtcNow
Awesome content man..
just a request tho.. please edit your videos.. there are mistakes of fixing stuff that can be removed and it makes the video a lot less shorter..
Thx for the instructive video which explains a lot.
The part i did not understand is when are we checking the refresh token that is created on login on requests? is it going to be handled by frontend?
Also is there gona be a video about roles?
감사합니다.
Jesus Christ, I feel italian watching this.
Thank you for a very well rounded tutorial. Could you provide me with a link to the github repo, having trouble finding it
Thank you very much for this video. You made things that I find extremely difficult a lot more clear. One thing that I feel is missing from this video is what to do with the tokens in the database. The database will fill up quickly with tokens and there must be a process that cleans up expired tokens from the database. How would you implement this efficiently?
hello @dennisvandermeer8238, i figured out the same "problem". I think the best solution currently is to write a script which is executed every "X" time which clean up all datas that have the flag "IsUsed" = true OR "IsRevoked" = true . Because its useless to have a lot of data stored in db that contains expired tokens.
Imo this is a nice solution instead of deleting everytime the record with EF, because you make the double of calls, instead with script you delete in bulk all datas.
can't view ng source code for this tutorial please help
Continue posting PlayList Health Track Management
Yeah . I hope Mohammed does the UI in Angular. I have been waiting for over 3-4 months now..
1:24:36
ruclips.net/video/cDESqPBaNCY/видео.html
What is OAUTH 2.0 Explained in detail - Session 2 - || Interview related discussions.
Github url
Page Not found
33:51 you use options pattern in line 21 but in the next line you access secret value directly using configure.configuration.section, then you're not using JwtConfig at all, that makes no sense, and you do the same thing in the controller, why you declare options pattern if you are not using jwtconfig class. if you use ValidateToken
method, you don't have to check whether token is expire or not, validatetoken throw a securetokenexpiredexception, you are reinventing the wheel. You have a bug, you are not using resfreshtoken login well, because you check if token have expired and return response inmediatly, you don return a new token taking refreshtoken in consideration