0Pricing
C# Academy · Lesson

Issuing Tokens

Generate signed tokens on login.

Issuing Versus Validating

So far you validated tokens. Now you will issue them: after a user logs in successfully, your API mints a signed JWT and returns it.

The core type for this is JwtSecurityTokenHandler from System.IdentityModel.Tokens.Jwt.

dotnet add package System.IdentityModel.Tokens.Jwt

The Signing Key

To sign a token you need a key. For HS256 you reuse the same symmetric secret the validator uses.

Keep this secret out of source control - load it from configuration or a secret store.

var key = new SymmetricSecurityKey(
    Encoding.UTF8.GetBytes(configuration["Jwt:Key"]!));

All lessons in this course

  1. JWT Structure and Claims
  2. Configuring JWT Bearer Authentication
  3. Issuing Tokens
  4. Refresh Tokens and Expiry
← Back to C# Academy