[Authentication] Add Information if/how we should implement Refresh Token Handler in ASP.NET Core

[DevTKSS]

Description

first of all, appreciate the improved docs for this topic and want to thank the team/eventual contributors that enabled this👍

The only point I am now missing and was unable to find this in the other auth related docs for asp net core too, is the Refresh Tokens.
What I found:

• https://learn.microsoft.com/en-us/aspnet/core/fundamentals/minimal-apis/security?view=aspnetcore-9.0
  • Does not tell anything about cookie/oAuth then only JWT 🤔 my client is a native application so I guess that would not work/not be recommended.
• https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-9.0#create-an-authentication-cookie
  • We have IsPersistant Explained here, which would be wrong for this in my opinion
  • SlidingExpiration 🤔 I would assume this is relyable for providing the expires_at/ExpiresUtc
  • context.ShouldRenew() -> I don't know if this is what could do this already automatically? I only found one single mention without future explaination of it at the end of react to backend changes chapter 🤔
• https://learn.microsoft.com/en-us/answers/questions/2262907/how-to-get-access-token-and-refresh-token-from-in
  • this makes me assume, that this may not apply for general usage if I dont use Entra or MS Identity for example then want to implement cookie auth via external provider.

Google search told me, that Asp Net Core does not provide a build in way for refreshing tokens, which is okay (while not the simplest way I as user would like ;) ) but in this case it would be awesome if you could consider:

• adding a short Note giving us a clear statement and by this making us aware of that we need to implement it ourselfs
• if you would be really nice, you would provide a sample for how the Refresh Token Handler could look as minimalistic approach 👍

Page URL

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/social-without-identity?view=aspnetcore-6.0

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/authentication/social/social-without-identity.md

Document ID

e64816f4-3391-5aab-31c2-ab4f915bc7f6

Platform Id

01676421-707c-f0a9-639c-a29a785cbe93

Article author

@serpent5

Metadata

• ID: 6f9d7ad5-47d6-80bf-88fe-fac3a74151a3
• PlatformId: 01676421-707c-f0a9-639c-a29a785cbe93
• Service: aspnet-core
• Sub-service: security