How to generate and create a refresh token in ASP.net core 2.0

Question

There aren't any good article explaining how to generate a refresh token in asp.net core 2.0 and how to generate a access token using the refresh token? Any exports knows how this is handled in .net core 2.0? The closer i got was this article but the getToken method is not explained. http://bestaspnethostingreview.com/refresh-token-using-asp-net-core-2-0-and-json-web-token/

Answer 1

In the real world you won't be writing code to generate tokens - an authorization server will do this token issuing for you.

I would very much recommend using a real authorization server early - it is very educational and obviously better from a security viewpoint as well.

I have found Okta to be very developer friendly - you can go to Okta Developer Sign Up, register for free and start coding against it.

I have recently been starting a new blog at http://authguidance.com that covers getting UI logins working and then calling APIs (though my blog probably has more detail than you want):

I assume you want to write a web app in C#? If so then I would recommend plugging in the standard Microsoft security libraries to do the login processing for you.

Technically, the Microsoft libraries use the Authorization Code Flow, and your application will then issue an encrypted cookie containing an Okta refresh token.

Would it be useful if I write a small C# code sample for you that runs against Okta, with instructions on getting it working?