Tech Seeker

In this article, we will learn the generation and usage of the refresh token in .NET6 Web API application. Click here to understand the implementation of the JWT token in .NET6 Web API. Refresh Token: When the JWT access token expires to renew it without user credentials we will use the Refresh Token. Let's understand the flow of  Refresh Token. The user sends valid 'User Name' and 'Password' to the server, then the server will generate JWT Access Token and Refresh Token sent as a response The JWT Access Token is a short live token(eg 20 minutes) and Refresh Token is a long live token(eg: 7 days) Now client application sends a JWT access token in the request header that makes the user authenticated. If the JWT token expires then the server returns 401 unauthorized responses. Then the client sends the refresh token to the server to regenerate the JWT Access token. The server validates the refresh token and returns a new JWT Access Token and a new Refresh Token as a r

In this article, we are going to generate JWT Access Token to authenticate users against .NET6 Web API application. JWT Token(Or Access Token): JWT Token(JSON Web Token) is a digitally signed and secured token for user validation. JWT Token building components are like: Header Payload Signature JWT Access Token Flow: User request API with user credentials API validates the user credentials and generates the JWT token returns it as a response to the client application. The client application on receiving the JWT token makes the user authenticated and sends the JWT token as a header to every subsequent API request. API reads the JWT token from the request header, then API validates the token if it is a valid token then API allows the request to consume its authorized resources. Create A .NET6 API Project: Let's create a .Net6 Web API sample application to accomplish our demo. We can use either Visual Studio 2022 or Visual Studio Code(using .NET CLI commands) to create any.Net

In Par-1 we had implemented a basic angular authentication using the HTTP only cookie. Now we are going to enhance some features like 'Authentication Guard', 'HTTP Interceptor To  Refresh The JWT Token Inside The HTTP Only Cookie', 'User Logout'. Angular Route Guard For Authentication: Problem 1:- After successful authentication, we reload our angular application, or the user closes the browser and then opens again, we can see our user information will be lost. Problem 2:- Currently with our sample application, we can access any page means, if the user is not logged in also can access the 'dashboard' page, similarly if the user logged in can also access the login form page. Solution:- Implementing Angular  Route Guard for authentication. In 'AuthService' let's add logic to load the authenticated user information either from the 'AuthService.userProfile' variable or from the browser local storage. Because if the application is rel

In this article, we are going to implement a sample angular application authentication using HTTP only cookie that contains a JWT token. HTTP Only JWT Cookie: In a SPA(Single Page Application) Authentication JWT token either can be stored in browser 'LocalStorage' or in 'Cookie'. Storing JWT token inside of the cookie then the cookie should be HTTP Only. The HTTP-Only cookie nature is that it will be only accessible by the server application. Client apps like javascript-based apps can't access the HTTP-Only cookie. So if we use authentication with HTTP only JWT cookie then we no need to implement custom logic like adding authorization header or storing token data, etc at our client application. Because once the user authenticated cookie will be automatically sent to the server by the browser on every API call. Authentication API: To implement JWT cookie authentication we need to set up an API. For that, I had created a mock authentication API(Using the NestJS Se