Mid ASP.NET Core

Refresh tokens?

Used with JWT to renew access tokens after expiration without logging in again.

  • Issue refresh token along with access token.
  • Store securely (DB or secure HTTP-only cookie).
  • On access token expiration, send refresh token to get a new one.

You must manually implement refresh token logic (not built-in to Identity).

More from ASP.NET Core Tutorial

All questions for this course