These APIs will be used from Mobile app (android/ios). Since I am developing the APIs I am using postman. My question is that when the bearer token is expired how can I use the refresh token to get the fresh valid token for my services using postman.
Appreciate your guidance in the right direction and yes I am able to achieve what I was trying to do.
Now, as a best practice looking for your advise and guidance that, shall I store the refresh token in the database in Refresh_Token column the user_auth_details table after the user successfully authenticated. To store the refresh token I guess I have to use OnAuthenticated method of the AppUserAuthEvents class.
Otherwise kindly share some thoughts upon how I should save the recover token and use it later when the user is required to acquire a new token.
What is the purpose of Recover_Token column in app_user table
Is there any documentation about these auth tables to go through as I am trying to look into the docs to figure out the exact column’s purpose or what is the suitable value we can store in it.
I apologize if I am asking too basic question.Trying to go through the documentation as well.
The best practice is to not to store the RefreshToken, i.e. they’re generated when the User Authenticates and by default is configured in secure HTTP only cookies which is attached to every subsequent requests from the Authenticated HTTP Client.
If it’s stored anywhere it would be on the client in Mobile or Desktop Apps to support persistent authentication, browsers should only leave it stored in the Browser cookies to prevent XSS attacks.
The UserAuth tables just store common information about a user starting from the standard claim names, which are populated at sign ups via OAuth providers or from User Registration.