I use jwt token in my asp.net core app and I have two issues. First, I wan to check each time the token is validated and see if the user is still active in database. I know there is OnMessageReceived event in JwtBearerEvents, but I do not know if I have to do the token validation manually or not and then extract the user id from it and validate it by calling the database.
At the moment when I generate jwt token, I add user id to claims and I know that I can extract it as below :
var token = httpRequest.Headers["Authorization"].FirstOrDefault().Split(' ')[1];
var jwtToken = handler.ReadToken(token) as JwtSecurityToken;
SecurityToken validatedToken;
var principal = handler.ValidateToken(token, jwtTokenValidator.GetValidationParameters(), out validatedToken);
if (validatedToken.ValidTo >= DateTime.Now)
{
if (principal.Claims.Any(c => c.Type == "id"))
{
return Guid.Parse(principal.Claims.First(c => c.Type == "id").Value.ToString());
}
}By the way, I do not know how can I use "OnMessageReceived " to check the user status in the database each time the token is being validated.