How to use AddBearerToken
without Identity
#53795
Unanswered
UltraWelfare
asked this question in
Q&A
Replies: 2 comments
-
Also from digging around: That is the code that registers the refresh link if you use it WITH identity. So it will need to be very similar but doing your own thing instead of using signInManager |
Beta Was this translation helpful? Give feedback.
0 replies
-
I don't see any way to validate the tokens. It seems that something is inherently keeping the tokens safe, as requests are validating the accessTokens but there isn't any documentation on the correct way to validate the refresh token. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
However it isn't properly documented anywhere on MS Docs on how to use it without Identity.
After digging around the internet I found out you can use
Results.SignIn(claimsPrincipal)
which gives you the access token and refresh token.I'm not completely sure on how to use the refresh token though. For a website I'd need to send it as an HttpOnly cookie however I'm not sure how I would grab this on the endpoint since the resulting type of
SignIn
isIResult
..?And then how would I create a
/refresh
endpoint to validate that it is correct?Any help appreciated!
Beta Was this translation helpful? Give feedback.
All reactions