Does not authenticate sign-in token?

[joelrb]

I am trying to use Clerk's sign-in token to access the .Net minimal api. Using the regular user token {await getToken()} is fine. But generating token via https://api.clerk.com/v1/sign_in_tokens is not accepted (401 error) when accesing the .Net api.

I hope you'd consider support for sign-in token as I can set a longer expiry (like 30 days) of the token.

https://clerk.com/docs/reference/backend-api/tag/Sign-in-Tokens

[Hawxy]

Per the API doco you linked: A sign-in token can be used at most once and they can be consumed from the Frontend API using the ticket strategy.

Sign-in tokens are designed to be consumed by the front-end only to initiate a session. They are not a replacement for the JWT generated from getToken, as they do not contain any of the required metadata that the API would use to validate it.

Clerk uses low expiry on the JWTs intentionally as it protects against the token being accidentally leaked and reused.

[joelrb]

Thanks for the clarification.