Token authentication updates #31214
Merged
Token authentication updates #31214
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
halter73
approved these changes
Dec 8, 2023
aspnetcore/blazor/security/webassembly/standalone-with-identity.md
Outdated
Show resolved
Hide resolved
aspnetcore/blazor/security/webassembly/standalone-with-identity.md
Outdated
Show resolved
Hide resolved
JeremyLikness
approved these changes
Dec 8, 2023
aspnetcore/blazor/security/webassembly/standalone-with-identity.md
Outdated
Show resolved
Hide resolved
Co-authored-by: Stephen Halter <halter73@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #31194
Thanks @SandroRiz.
Stephen, Jeremy ... These changes take into account that the dev will need to write custom code. I have a feeling that this is going to generate doc issues from devs asking for a complete implementation. I presume that you want me to tell them that we're not going to support it in our docs and that they should research it on the Net and use public support channels for assistance.
Also, @halter73 ... You didn't mention in your PU issue remarks the piece on
AddBearerToken. I left that in the section, so let me know if it gets the 🔪 chop ... or a change to something else.UPDATE: I see what you and Tom did in the main article. That's better, but it still isn't a complete, fully working implementation. The text over there is below. I'll make cross-link to that article because there's other scenarios there that should be surfaced, too.
If
useCookiesisfalseor omitted, token-based authentication is enabled. The response body includes the following properties:{ "tokenType": "string", "accessToken": "string", "expiresIn": 0, "refreshToken": "string" }For more information about these properties, see xref:Microsoft.AspNetCore.Authentication.BearerToken.AccessTokenResponse.
Put the access token in a header to make authenticated requests, as shown in the following example
Authorization: Bearer {access token}When the access token is about to expire, call the /refresh endpoint.
Use the
POST /refreshendpointFor use only with token-based authentication. Gets a new access token without forcing the user to log in again. Call this endpoint when the access token is about to expire.
The request body contains only the xref:Microsoft.AspNetCore.Identity.Data.RefreshRequest.RefreshToken. Here's a request body example:
{ "refreshToken": "string" }If the call is successful, the response body is a new xref:Microsoft.AspNetCore.Authentication.BearerToken.AccessTokenResponse, as shown in the following example:
{ "tokenType": "string", "accessToken": "string", "expiresIn": 0, "refreshToken": "string" }Internal previews