Persisting JWT refresh token

I am using a custom auth repository with credentialauthrepository and jwtauthrepository.

Where in code would be the best place to actually save the refresh token to the database? Right now I am leaning toward global response filter.

I assumed I need to save it manually because when testing with the ORMLiteAuthRepository the userauthdetails were not being saved to the DB.

Why are you trying to save the refreshToken? Is this for the client or server? RefreshTokens are signed, encapsulated and stateless, the benefit of them is that the server doesn’t need to persist them as it’s able to read them and verify them per Request.

Because of this snippet in the doc:

One limitation for Refresh Tokens support is that it must be configured to use a User Auth Repository which is the persisted data source used to rehydrate the User Session that’s embedded in the JWT Token.

But what you are saying is true about the token having what is needed to build a new bearer token.

Ok, I won’t try to persist it.

Thank you for the clarity.

Yeah that documentation refers to needing to either use an Auth Repository or implement IUserSessionSource in order to be able to generate new JWT Bearer Tokens without needing to re-authenticate (as typically JWT’s are created at Authentication). But as each are signed and stateless, the server never needs to persist JWT Bearer or Refresh Tokens.