How to handle JWT in ASPNET Core MVC
I have an ASPNET Core API handling Identity Framework, but I also have another web application using ASPNET MVC and I wish to handle sessions / identity using the same API I already have managing Identities.
How do I manage JWT in my Controllers that I want to markup with [Authorize] or that require a Role that may be retreived using Claims?
I've tried to find examples related to this but I only get content about the API using a mixup of MVC Core on the same API using Views.
I would like to give my users the refresh token button(handled perhaps an AJAX?) and the span-length of X minutes for example before they require to refresh to get a new token
You have put the authentication on api, so you don't have to consider identity in MVC. I suggest that api only consider authentication and protected resources, MVC only considers interaction with users.
Configure jwt in api, and use [Authorize] to protect authorized resources in api. Save the authenticated token in a cookie or session.
About refresh token, you can extend the expire time with ajax.
