Configuring JSON Web Tokens (JWT)
Some JSON Web Token (JWT) parameters need to be configured in appsettings.json
or your deployment host. It will work out of the box as configured, but it’s critical that the Key
value be changed for at least production environments.
Jwt.Key
: The secret key used for JWT token generation. This can be any 32+ character string, such as a randomly generated GUID. It should be different across different environments (development vs. production and so on).Jwt.Issuer
: The issuer of the JWT token. For typical scenarios this can be the site URL, such ashttps://www.yourdomain.com
.Jwt.Audience
: The audience of the JWT token. For typical scenarios this can be the site URL, such ashttps://www.yourdomain.com
.Jwt.ExpirationMinutes
: The expiration time of the JWT token in minutes. By default this is120
minutes.