Discussion on: Refresh JWT with Refresh Tokens in Asp Net Core 5 Rest API Step by Step

View post

Some fixes for the article:

If you need lifetime of token less than 5 mins, add ClockSkew property in Startup.cs:

var tokenValidationParameters = new TokenValidationParameters {
    ValidateIssuerSigningKey = true,
    IssuerSigningKey = new SymmetricSecurityKey(key),
    ValidateIssuer = false,
    ValidateAudience = false,
    ValidateLifetime = true,
    RequireExpirationTime = false,

    // Allow to use seconds for expiration of token
    // Required only when token lifetime less than 5 minutes
    // THIS ONE
    ClockSkew = TimeSpan.Zero
};

Don't forget to use UTC instead of local time. You will need to fix method GenerateJwtToken:

  var refreshToken = new RefreshToken(){
        JwtId = token.Id,
        IsUsed = false,
        UserId = user.Id,
        AddedDate = DateTime.UtcNow,
        // INVALID DATE, USE UTC
        // ExpiryDate = DateTime.Now.AddYears(1),

        // Now it's correct
        ExpiryDate = DateTime.UtcNow.AddYears(1),      
        IsRevoked = false,
        Token = RandomString(25) + Guid.NewGuid()
    };

Mohamad Lawand • Apr 13 '21

Thanks a lot Grand for these fixes, I am planning to add them this week.
If you want you can add a PR on the GitHub repo and I will merge them t