There seems to be no template for authentication on the SPA templates.

I've been looking up various blog post and third party articles on how to add Jwt Authentication but they are scattered and most are for dotnet core 1.1. It would be nice if there was a template that showed the "correct" way to do this in dotnet core 2.0.

Consider IdentityServer for issuing tokens, and oidc-client for your SPA to obtain tokens.

https://github.com/IdentityServer/IdentityServer4/
https://github.com/IdentityModel/oidc-client-js/

@brockallen Nice plug ;-) but all the documentation on IdentityServer4 still references version 1.1 and the examples don't seem to work anymore in v2.0.

I also notice this : IdentityServer/IdentityServer4/issues/1055 which is still open so IDS4 for the moment is a no go.

It's closer than the Microsoft one :)

@brockallen I've used (or more accurately used, misused and abused) Identity Server with Durandal. That I liked it does not change the fact that it requires a level of understanding on the part of the developer that isn't widespread. This stuff needs to be baked into the template (a) to make it ubiquitous (b) to make implementation consistent (c) to prevent incompetent implementation which is worse than no security at all.

Security requires a level of understanding on part of the developer. Sorry.

And FWIW, IdentityServer4 has been released for ASP.NET Core 2.

This issue was moved to aspnet/templating#81