I'm working with ASP.NET Core Web API application. I'm trying to implement Jwt Token Based Authentication on top of ASP.NET Identity( built in with database tables).
I have implemented all scenarios like register user, login etc but now trying to implement refresh token flow( where access token get expired, client need to get replaced access token using refresh token) . I have seen people are creating new table (refreshToken) to store refresh token so it can be validated with access token and new access and refresh tokens will be generated
https://www.blinkingcaret.com/2018/05/30/refresh-tokens-in-asp-net-core-web-api/
I have created new table(refreshToken) to store refresh token and verify it to generate access token, It works fine but I wanted to see if i can use existing AspNetUserTokens table to handle same scenario. I understand that AspNetUserTokens table is used to confirmation email, forgot password etc.
My question is: if someone has used AspNetUserTokens to store refreshtoken, Please share idea as usermanager class does not expose direct token model(AspNetUserTokens) and not sure if i use IdentityDbContext, what are the pron and cons ? I have implemented IdentityDbContext but i dont see built in class in Microsoft.AspNetCore.Identity to store token in AspNetUserTokens
Would be very grateful for some guidance.
Thank you