Can I make a suggestion? Please, use some kind of editing software that zoom in where you click with the mouse. It's very hard to follow your coding on mobile phones.
Thanks Milan, excellent tutorial as always! Works as a charm out of box. How about next video of token expriration scenario as well as basic roles support? Coffee tips will be provided ;)
great video as always, do you have any tips on implementing role based access control using jwt ? or i shouldnt implement it inside jwt in the first place ?
You can use a similar approach to here. Just store the refresh token in the DB, and give it a longer lifetime. Then expose an endpoint to send the refresh token in exchange for a new access token.
@@MilanJovanovicTech sorry i was not clear, i meant if i have an api application that will get jwt from other application and use it for further api calls what if i need to validate that jwt 1st in case it was encrypted Thank you ,, your amazing
Do the same thing bit set the refresh token lifespan to longer then send them both. when the jwt expires resubmit them both to reissue. Still validate the jwt but make sure the only part invalid is the expires. Validate the refresh token. If valid and not expired, reissue new jwt.
@@MilanJovanovicTech That's a great video! I believe you mentioned it is possible to somehow use the refresh token generated by AddIdentityApiEndpoints Service login endpoint to refresh JWTs?
do you have any videos explaining tools like open telemetry, application insights, grafana etc with dotnet. i have been going through different tools to implement in-app profiler for potential memory leaks handling and its very confusing on what to choose to identify & record basic memory/cpu usage for leaks and exceptions etc. As application insight is Azure specific, and other tools are not so easy to add by top attribute. any suggestions which doesn't rely on cloud deployments?
Do you want to simplify your development process? Grab my free Clean Architecture template here: bit.ly/3Andaly
Can I make a suggestion? Please, use some kind of editing software that zoom in where you click with the mouse. It's very hard to follow your coding on mobile phones.
JWT is a nice topic, and I can not wait for the continuation of Keycloak.
It's scheduled for next Friday :)
Thanks!
Much appreciated!
You sound calm now. It’s great content, Keep it up.
It varies based on how many coffees I had prior ☕☕
I was just about to implement it. Perfect timing thank you.
Perfect! 😁
Pure gold content! Thanks for that!
Glad it was helpful!
Awesome, your tutorials are the best !
Thanks a lot!
Thanks Milan, excellent tutorial as always! Works as a charm out of box. How about next video of token expriration scenario as well as basic roles support? Coffee tips will be provided ;)
I'm releasing a video about refresh tokens very soon! And then extending this with some baked in AuthZ support won't be too difficult.
Awesome video !
next video should be about Refresh Token
Good idea, actually!
@@MilanJovanovicTech Hey ! Awesome work !
Is it still only an idea ? Did you made the video ?
@pierrickmassin7099 Yes, watch here: ruclips.net/video/kR_9gRBeRMQ/видео.html
please Milan make a video about implementing refresh token :)
All right, all right
I really wish you would have showed the concept of refresh tokens here as well
Have a video coming up on that!
2 added bonus material?
1) token refresh
2) in conjunction with EntraID
Good suggestions for future videos
great video as always, do you have any tips on implementing role based access control using jwt ? or i shouldnt implement it inside jwt in the first place ?
You can add the roles as claims on the JWT, it's pretty simple. You then use these claims to implement an authorization policy.
Great tutorial, when it comes to consume the API, what would be the best practices to do on the consumer(front-end)
As in where to store the JWT?
@@MilanJovanovicTech yes
Would love to see a video on how to protect this system additionally from CSRF attacks
Good suggestion
Great video, how to create a refresh token, so the user don't have to login again and again.
You can use a similar approach to here. Just store the refresh token in the DB, and give it a longer lifetime. Then expose an endpoint to send the refresh token in exchange for a new access token.
Thanks@@MilanJovanovicTech
gracias saludos desde CHILE
Many thanks!
this is brilliant. can you show us how to implement something like this with microsoft identity and roles
Will do
Awesome 👍
Thank you! Cheers!
thank you
can you show us how to consume the JWT token with validating
What do you mean by this?
When you use Auth required in some route its automatically validated. Library does it for you
@@MilanJovanovicTech maybe caducation or refreshing
@@MilanJovanovicTech sorry i was not clear, i meant if i have an api application that will get jwt from other application and use it for further api calls what if i need to validate that jwt 1st in case it was encrypted
Thank you ,, your amazing
can you teach how to make hmac authentication?
Sure
Is the Manger user secrets more secure than the appsettings?
I didn't quite understand you there
@@MilanJovanovicTech is that you use the "Manager user secrets" to save the jwt key
Continue Keycloak series plz
Next week (schedueld for Friday)
@@MilanJovanovicTech 😍
How can we implement refresh token?
Do the same thing bit set the refresh token lifespan to longer then send them both. when the jwt expires resubmit them both to reissue. Still validate the jwt but make sure the only part invalid is the expires. Validate the refresh token. If valid and not expired, reissue new jwt.
There you go 😁
@@MilanJovanovicTech That's a great video! I believe you mentioned it is possible to somehow use the refresh token generated by AddIdentityApiEndpoints Service login endpoint to refresh JWTs?
@@istovall2624 got it thanks
do you have any videos explaining tools like open telemetry, application insights, grafana etc with dotnet. i have been going through different tools to implement in-app profiler for potential memory leaks handling and its very confusing on what to choose to identify & record basic memory/cpu usage for leaks and exceptions etc. As application insight is Azure specific, and other tools are not so easy to add by top attribute. any suggestions which doesn't rely on cloud deployments?
Check out the OpenTelemetry video here: ruclips.net/video/HrRrJ5wTtdk/видео.html
You should be able to use the metrics in Aspire to gain some insights
Now you don't even need to pass in the user ID on the get user endpoint as you can get it from the JWT subject
Yes!
how do you validate the jwt token on the client side, if blazor wasm ?
I believe you'd need the key to verify the hash, which isn't ideal. But if you just want to parse the content, that's not as hard.
@@MilanJovanovicTech what if the server side use ‘asymmetric’ then the client side only need the public key not the private key
Do something about external signin, like facebook, google, etc.
Good suggestions
Hi Milan, how to integrate this JWT token with SignInManager in Identitiy Core
Use SignInManager to verify password, and then generate a JWT and return it
Milan please we want a video about Refresh Token
Recorded, releasing soon
@@MilanJovanovicTech
Thank you very much
Where can i download this code?
This code on www.patreon.com/milanjovanovic
But also try this :) www.milanjovanovic.tech/templates/clean-architecture
how if it got stolen?
You change the signing secret
@@MilanJovanovicTech with that solution, so if one user got stolen, all user signed outed. which not expected by other user. right?
Good tutorial. But it seems to write all the codes into memory. It seems unrealistic and insincere to me.
Which part?
This doesn't' work that well as a standalone tutorial. imo For anyone familiar with project solution its probably a 10/10.
That may be the case