Blazor Web App with Web API as backend

[MarvinKlein1508]

I want to use an ASP.NET Core Web Api as my backend for a Blazor Server app. My Blazor app requires authentification.

When I create a new Blazor Web App from scratch with individual accounts selected I get the authentification based on ASP.NET Core Identity which I really like but how would logic in my ASP.NET Core Web Api?

Should my Web API create JWTs instead which should be utilized by the Blazor App? If so, how should I save and consume those tokens in my Blazor app? How would I handle expired tokens? And how would I check in my Api, if the roles of my user have been changed for example?

Could someone guide me here into the right direction?

[tossnet]

as feedback, I have a Blazor Web App (server) and a Web API. So that's what returns the JWT. Note that the downside of a JWT is that it can't be renewed, and you can't force it to expire. So if the user's role changes, you need to create a routine (App/API) to regenerate the token.

As far as token storage is concerned, I opted for Local Storage. In any case, a token is open data... and what's more, I also stored my JWT in a StateContainer. Why did I do this? Because it's quicker to retrieve it from Local Storage (IJSRuntime...) The problem is that if my user does a Refresh (F5), my StateContainer resets! If I don't see it there, I read it again in its LocalStorage. Failing that, I forbid it and take it out.

The duration of my token is 4h (set arbitrarily) but at the end... my user is banned and must reconnect. I don't like this. I still need to work on this part. I could imagine a counter that, a few minutes before the end, asks the user if he wants to renew and I'll code a service that asks the API for a new token... something to think about.