This is example code for A secure implementation of JSON Web Tokens (JWT) in C#.
Warning: This is very basic and doesn't do things like hashing passwords! Only to test JSON Web Tokens.
To test this, you need to have Dotnet Core 3 and MongoDB installed. Settings are in appsettings.json.
This uses the following packages:
After restoring the packages and starting it, do the following to test the JWT:
- POST https://localhost:5001/users with the following body:
{
"username": "yourusername",
"password": "yourpassword"
}- POST https://localhost:5001/tokens/accesstoken with the same body. You get the following response:
{
"accessToken": "*jwt*",
"refreshToken": "*jwt*"
}-
To test the access token do a GET request to https://localhost:5001/users. In the Authorization header of the request should be "Bearer " and then the access token you got in step 2. It will give you a response with the user you created in step 1.
-
To test the refresh token do a PUT request to https://localhost:5001/tokens/accesstoken. In the Authorization header of the request should be "Bearer " and then the refresh token you got in step 2. It should respond with a new access token and a new refresh token. Try again to test if the refresh token is deleted, which it should.