Hi Foad Avi! Thank your very much for this content, it will be very useful to improve a project that I am currently working on!! I have two questions for you: 1. Do you have plans to make a video tutorial about OAuth2 that in this scenario asymmetric encryption is perfect? 2. I see that you don’t implement a logout endpoint, in which JWT tokens do not apply. Do you know any best practice of blacklisting these JWT tokens? Amazing content and thanks for sharing, keep it like that because is up to date with the latest versions and believe me that content like this helps a lot to understand how to exactly do it in .net! 💯
Thanks for the comment, 1- Yes, it is on my agenda. 2- I will create a video about logout and how to invalid a token. A common practice is to give the token a validation period of 5 to 10 minutes and not to refresh the token, but it is not going to prevent the user access before that 10 minutes. I also explain it as a part of my Clean Architecture playlist.