Clean, public-ready JWT auth API (ASP.NET Core 8) with refresh tokens, roles, and lockout protection.
- Update
TokenForge/appsettings.jsonwith realJwtSettingsand connection string. - Run:
dotnet restoredotnet run --project TokenForge/TokenForge.csproj
- Swagger:
http://localhost:5000/swagger(dev)
- Rate limiting is enabled for login + refresh endpoints.
- CORS allows origins from
Cors:AllowedOriginsin appsettings. - Behind NGINX, forwarded headers are enabled.