ChrisChen/ROLAC
1
0
Fork 0
Code Issues 66 Pull Requests Actions Packages Projects Releases Wiki Activity

[P0] JWT + Refresh Token + ASP.NET Identity authentication #5

New Issue
Open
opened 2026-05-26 01:32:38 +00:00 by ChrisChen · 0 comments
ChrisChen commented 2026-05-26 01:32:38 +00:00
Owner
Copy Link
Copy Source

Overview

Stateless JWT authentication with refresh token rotation, built on ASP.NET Core Identity.

Tasks

  • Configure ASP.NET Core Identity with PostgreSQL
  • JWT generation on login (access token: 15 min, refresh token: 7 days)
  • Refresh token rotation endpoint (POST /api/auth/refresh)
  • Logout: revoke refresh token server-side
  • Password reset flow (email link with time-limited token)
  • UserDevice table for push notification token storage

Reference

PLANNING.md Section 6 - Core Architecture, Section 7 Phase 0

## Overview Stateless JWT authentication with refresh token rotation, built on ASP.NET Core Identity. ## Tasks - [ ] Configure ASP.NET Core Identity with PostgreSQL - [ ] JWT generation on login (access token: 15 min, refresh token: 7 days) - [ ] Refresh token rotation endpoint (POST /api/auth/refresh) - [ ] Logout: revoke refresh token server-side - [ ] Password reset flow (email link with time-limited token) - [ ] UserDevice table for push notification token storage ## Reference PLANNING.md Section 6 - Core Architecture, Section 7 Phase 0
ChrisChen added this to the Phase 0 - Tech Foundation and DevOps milestone 2026-05-26 01:32:38 +00:00
ChrisChen added the module: auth label 2026-05-26 01:32:38 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
module: ai
AI integration (Claude API, Phase 5)
 module: attendance
Sunday attendance tracking
 module: audit-log
Immutable audit log
 module: auth
Authentication, JWT, ASP.NET Identity
 module: cell-groups
Cell groups, meetings, attendance
 module: cms
Public website CMS (rolac.org, bilingual)
 module: devops
Infrastructure, Docker, CI/CD, Jenkins
 module: expense
Expense tracking and reimbursements
 module: giving
Donations, tithing, annual receipts
 module: members
Member CRUD, family units, search
 module: prayer
Prayer requests and visibility scopes
 module: rbac
Roles, permissions, Ministry Scope
 module: reports
Reports and analytics
 module: roster
Service roster and scheduling
No Label module: auth
Milestone
No items
No Milestone Phase 0 - Tech Foundation and DevOps
Projects
Clear projects
No project
Assignees
Clear assignees
ChrisChen
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: ChrisChen/ROLAC#5
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?