Hi dears, I have a question about ASP.NET Core Web Api + Angular4 template. You are using JWT for authentication. My question is about it. If I change password or something about the user JWT validation have to fail and new JWT token should be needed. (f.e. security reasons, user blocked, password changed). Currently in your template validation fails only when expire date reaches. In our project we have strict rules for such cases. What should we use in order to invalidate current user token if something(f.e. password, username) about user changed ? P.S. When generating JWT token a number of claims is used. For example: username, role, security stamp. Are this claims validated also then JWT token validated ? I think no. Because I changes the username and token still successfully validated or when password is changed new security stamp generated. But token still successfully validated. I think it is a big problem.
