create separate API methods for tokens (short-lived) and personal access tokens (long-lived), include global antiforgery filter to mitigate XSRF when using cookie auth (ignored when using Jwt)

2022-04-14 19:41:43 -04:00
parent c616878a64
commit f6b3874668
9 changed files with 120 additions and 6 deletions
--- a/Oqtane.Client/Modules/Admin/Users/Index.razor
+++ b/Oqtane.Client/Modules/Admin/Users/Index.razor
@ -575,7 +575,7 @@ else

 	private async Task CreateToken()
 	{
-		_token = await UserService.GetTokenAsync();
+		_token = await UserService.GetPersonalAccessTokenAsync();
 	}

 	private void ToggleClientSecret()