Possible to disable Identity cookies when using JWT tokens?
See original GitHub issueIs it currently possible with .net core 2.1 to disable cookies completely?
I have JWT setup but noticed the calls to /connect/token and subsequent controllers all still return Identity cookies named .AspNetCore.Identity.Application
. I’d love to be able to turn these off completely, haven’t come across a way to do it yet.
Issue Analytics
- State:
- Created 5 years ago
- Comments:31 (14 by maintainers)
Top Results From Across the Web
[.NET Core] Why does Identity always creates cookies even ...
This is what my problem is. I want to make it so that cookies won't be created and .NET Core will use JWT...
Read more >Asp.Net WebApi Core 2.0 Identity With JWTBearer Without ...
My problem is that when I call signInManager.PasswordSignInAsync it include cookie with authentication token to response. But i Would like only ...
Read more >JWT authentication: Best practices and when to use it
A guide for using JWT authentication to prevent basic security issues. ... JWT token; How to securely store JWTs in a cookie; Using...
Read more >Stop using JSON Web Tokens. Use Cookies & Server ...
It is true that jwt has a few drawbacks, but the recommendation to utilize an HTTP session cookie and to keep the session...
Read more >JWT in Cookies — flask-jwt-extended 3.25.1 documentation
This token is saved in a cookie with httponly set to True, so it cannot be accessed via javascript. We will then create...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
So you’ve added an overload to support a scenario you don’t recommend and that only works by accident? Okay…
Thanks for the info.
There’s no doubt that people keep trying to do this, which is why we added the AddIdentityCore overload, but SignInManager is still designed to work with cookies in general, only some of the methods work (and by accident as opposed by intent). Hence there won’t be official documentation support for identity + JWT in general since only some thing work right now…