https://devblogs.microsoft.com/dotnet/improvements-auth-identity-aspnetcore-8/
In .NET 8 preview 6, we've added new APIs to allow exposing endpoints to register, login and refresh bearer tokens. This is a simple API that returns tokens (or sets cookies) that is optimized usage with 1st party applications (no delegated authentication). The tokens are self conatined, and generated using the same technique as cookie authentication. These are NOT JWTs, they are opaque tokens. To make issued tokens work across servers, data protection needs to be configured with shared storage.
There are 2 new concepts being introduced:
- A new bearer token authentication handler. This authentication handler supports token validation and issuing and integrates
with the normal ASP.NET Core authentication system. It can be used standalone without identity.
- ASP.NET Core Identity builds on top of this authentication handler and exposes an AddIdentityBearerToken.
- A set of HTTP endpoints for registering a new user, exchanging credentials for a token/cookie and refreshing tokens using the identity APIs.
These new building blocks make it easier to build authenticated 1st party applications (applications that don't delegate authentication).