JWT Authentication: Details
JWT Authentication Provider
JWT is available as a built-in extension in Evoq: it is not enabled by default. As a host user, visit Host -> Extensions. In Available Extensions, expand the Providers section, then install the DNN JWT Auth Handler. The auth handler needs to be enabled in the site's web.config file.
JWT is compact, which is useful to visitors on slow connections. The smaller size enables JWT to be transmitted via a URL, POST parameter, or inside an HTTP header. In addition, it is self-contained, which means that additional database queries are avoided.
JWT Use Cases
Renewing an Access Token
When an access token expires, the client can request a new one by sending a POST with a JSON object containing the renewalToken. After this request, both the old access token and the old renewal token are invalidated. The new access token is valid for one hour. The renewal token is valid for 14 days.