Is there any ways to see the generated Password Reset Tokens in ASP.NET Identity 2 ?
My assumption is there should be a dictionary in TokenProviderwhich holds those tokens in memory.
Update:
Here is a similar question ResetPassword Token How and where is it stored?
"Tokens are generated using the SecurityStamp and validating against the SecurityStamp and not storing anywhere in database or local file storage."
But still the question is how does the framework know when a token is expired without storing it?
Token is not stored in Memory instead it is generated on the fly from the given SecurityStamp. Token is basically an Unicode encoded string.
You can see UserManager.cs's CreateSecurityTokenAsync method.
internal async Task<byte[]> CreateSecurityTokenAsync(TUser user)
{
return Encoding.Unicode.GetBytes(await GetSecurityStampAsync(user));
}