It's a great comment. Web development means two things - ORM and API consumption, but not making counters and creating useless functions like console.log
Can you create a video that shows how to implement RefreshToken and save it in a SQL Server database table ? I know you skimped over it in this video. Thank you for the videos on tokens so far. I am following your videos closely, so I can get this right in the real world.
Cookie with SPA not working in just case... Backend (C#, Node.js, etc) return a access token and refresh token... And after this?? Well, only my opinion... Access token is not saved in database... Why refresh token is saved in database?? The security is in block or not the user in user table, not in create a table to insert the refresh token with user id and check out this...
I'm actually having a hard time wrapping my head around transferring the refresh token (cookie) from the server to an Angular client, then that same client sending the same cookie back to the server during a "refresh token" call, without explicitly sending stringified values through REST, rather leaving them as cookies. I know in Angular's auth.service, a string is returned (the jwt value etc), but is the cookie also there and parseable somewhere? Thanks
Hello Patrick! thanks for the videos. I watched all of ur JWT token videos and i wanna ask question. Jwt token works fine in my application, but i get 'invalid token' error on jwt debugger even i use secret key??
Hi. Sorry if this a stupid question, but from client app when shall I make a request to refresh token endpoint? When I start the client app and notice that the current token is expired? Thanks
refresh tokens and the access token is created together while authenticated by server , behind the scene the refresh token is already kept in a safe place by the server so when access token is about to expire it automatically allows users to continue his use smoothly without re-login so there is no logic to make a request for refresh token while already entering inside the system its already set in the backend to check the expiry of the access token and replace it in the desired , so far user don't feel anything until the refresh token is expired
No, the app would request a refresh token within the 7 days. If this doesn't happen, e.g., the app wasn't used during this period then the user would have to login again
