Hello,
I am sending the jwt token that has been expired. If I keep calling the 'api/users/secrets' endpoint, I get the secret message back. Isn't the .net authentication service supposed to check if the token has expired? If I refresh the page then a token is issued as it works as expected.
Here are the steps to reproduce this:
1.) Login using the button the login page
2.) Click "Secret Area" and get the secret message
3.) Click "Home" link
4.) Wait 1 hour for the token to expire.
4.) Click "Secret Area". ( I checked the request header and it is sending the expired token but I still get the secret message back)
Hello,
I am sending the jwt token that has been expired. If I keep calling the 'api/users/secrets' endpoint, I get the secret message back. Isn't the .net authentication service supposed to check if the token has expired? If I refresh the page then a token is issued as it works as expected.
Here are the steps to reproduce this:
1.) Login using the button the login page
2.) Click "Secret Area" and get the secret message
3.) Click "Home" link
4.) Wait 1 hour for the token to expire.
4.) Click "Secret Area". ( I checked the request header and it is sending the expired token but I still get the secret message back)