I'm finally done with Chapter 8 of "ASP.NET Core 2 and Angular 5" by Valerio De Sanctis.

There are now less than one hundred pages for me to read in 2020 to be done with this book I am completely sick of. By the time I am done with this thing I will have been nibbling on it for more than two years. I guess this shows off how quickly I read books. I remember that when I was at Headspring that Dustin Wells would opine that he never finished books so I probably shouldn't judge myself too harshly. He's doing just fine. Anyways, here are some of the things I've learned since last writing of this treatise on now dated tech.

1. Some claims in the Microsoft Identity model are spun up on page 391. I don't understand this yet. now is a variable below which has DateTime.UtcNow assigned to it.
   var claims = new[] {
      new Claim(JwtRegisteredClaimNames.Sub, user.Id),
      new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
      new Claim(JwtRegisteredClaimNames.Iat,
         new DateTimeOffset(now).ToUnixTimeSeconds().ToString())
   };
2. The book has us storing tokens in localStorage! I don't know how I feel about that. Anyhow it mentions that roundtripping (making up my own word) to localStorage and back is a synchronous thing and if you need to do it asynchronously to improve performance you should check out angular-async-local-storage an npm package by Cyrille Tuzi namedropped on page 400.
3. ?. the Elvis operator of Angular 5 should not be confused with !. the "non-null assertion operator" of TypeScript which is used in the middle of something in a truthy/falsey check. If the left side is both not null and not undefined and the right side is truthy the two things separated by the operator (the right thing should be a property/variable or a function/method hanging off of the left thing as would make sense if the exclamation point were not there) get graded as truthy. This comes up twice in chapter 8. I don't understand how it works other than as perhaps a convention. If you look at the JavaScript the Typescript makes the exclamation point just comes out so there is no safeguard keeping your code from blowing up when the left side is null or undefined.
4. The book advocates using the Watch window in Visual Studio to look at the Request coming over the wire to the API side and at Request.Headers.HeaderAuthorization you may see the token.
5. The way the ahead of time complication works apparently involves turning a template into a TypeScript class. This is the reason that the component's methods accessed by the template must be public in AOT complication as now a class is trying to talk to a different class in TypeScript compilation. Without AOT, the template may just access private methods in a paradigm that at first blew my mind as it broke with the web forms and web forms code behinds way of doing things. (Angular is the new web forms.)
6. The [Authorize] attribute in ASP.NET Core decorates API endpoints to validate the token used. I don't understand how this thing works yet either.
7. Sliding sessions allow more life to be added to a token, setting back its expiration date, with every use of the token. So if a token is to only live for half an hour and you spend four solid hours working in a web portal, you will not be booted.