bearer-token | 易学教程

Return more info to the client using OAuth Bearer Tokens Generation and Owin in WebApi

阅读更多关于 Return more info to the client using OAuth Bearer Tokens Generation and Owin in WebApi

I have created a WebApi and a Cordova application. I am using HTTP requests to communicate between the Cordova application and the WebAPI. In the WebAPI, I've implemented OAuth Bearer Token Generation. public void ConfigureOAuth(IAppBuilder app) { var oAuthServerOptions = new OAuthAuthorizationServerOptions { AllowInsecureHttp = true, TokenEndpointPath = new PathString("/token"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), Provider = new SimpleAuthorizationServerProvider(new UserService(new Repository<User>(new RabbitApiObjectContext()), new EncryptionService())) }; // Token Generation

ASP.NET Web API Authorization tokens expiring early

阅读更多关于 ASP.NET Web API Authorization tokens expiring early

I have implemented security for my web api (individual accounts) as discussed here . I have hosted the website on godaddy (shared hosting) and its working fine. When I ask for token by using url "domain.com/token", I get the token with expiration date of within 15 days. I have set this in "StartupAuth.cs" using AccessTokenExpireTimeSpan = TimeSpan.FromDays(15) e.g.: { "access_token":"qwertyuiop.....", "token_type":"bearer", "expires_in":1209599, "userName":"user@example.com", ".issued":"Wed, 11 Feb 2015 01:00:00 GMT", ".expires":"Thu, 26 Feb 2015 01:00:00 GMT" } (I put values in above code,

How to get error message returned by DotNetOpenAuth.OAuth2 on client side?

阅读更多关于 How to get error message returned by DotNetOpenAuth.OAuth2 on client side?

问题 I'm using ExchangeUserCredentialForToken function to get the token from the Authorization server. It's working fine when my user exists in my databas, but when the credentials are incorect I would like to send back a message to the client. I'm using the following 2 lines of code to set the error message: context.SetError("Autorization Error", "The username or password is incorrect!"); context.Rejected(); But on the client side I'm getting only protocol error (error 400). Can you help me how

Combine the use of authentication both for MVC pages and for Web API pages?

阅读更多关于 Combine the use of authentication both for MVC pages and for Web API pages?

问题 I have an MVC 5 web application and can login with a Login.cshtml page and get a cookie and the login works fine. But, I would like to do a login with the Web API and then (maybe) set a cookie so that I am logged in for my MVC pages... (or login with the MVC login and then access the Web API) however the web api returns a bearer token and not a cookie token... so this doesn't work. Is there a way to combine the use of authentication both for my MVC pages and for my Web API pages? UPDATE: This

What is the OAuth 2.0 Bearer Token exactly?

阅读更多关于 What is the OAuth 2.0 Bearer Token exactly?

According to RFC6750 -The OAuth 2.0 Authorization Framework: Bearer Token Usage, the bearer token is: A security token with the property that any party in possession of the token (a "bearer") can use the token in any way that any other party in possession of it can. To me this definition is vague and I can't find any specification. Suppose I am implementing an authorization provider, can I supply any kind of string for the bearer token? Can it be a random string? Does it have to be a base64 encoding of some attributes? Should it be hashed? And does the service provider need to query the

ASP.NET Core 2.0 JWT Validation fails with `Authorization failed for user: (null)` error

阅读更多关于 ASP.NET Core 2.0 JWT Validation fails with `Authorization failed for user: (null)` error

问题 I'm using ASP.NET Core 2.0 application (Web API) as a JWT issuer to generate a token consumable by a mobile app. Unfortunately, this token couldn't be validated by one controller while can be validated by another (using the same validation setting within the same asp.net core 2.0 app). So I have a token which is valid and could be decoded, has all the required claims and timestamps. But one endpoint accepts it, while another gives me 401 error and debug output: Microsoft.AspNetCore

How to properly use Bearer tokens?

阅读更多关于 How to properly use Bearer tokens?

问题 I'm making an authorization system in PHP , and I came across this Bearer scheme of passing JWT tokens, I read RFC 6750. I've got the following doubts: How is this improving the security? The server responses the client with a JWT token in its body after a successful authorization and login, and now when the client makes another request, I am not clear how to actually do that, I want to send token from client in Authorization header in the request, so now should I just prefix "Bearer" to the

Return more info to the client using OAuth Bearer Tokens Generation and Owin in WebApi

阅读更多关于 Return more info to the client using OAuth Bearer Tokens Generation and Owin in WebApi

问题 I have created a WebApi and a Cordova application. I am using HTTP requests to communicate between the Cordova application and the WebAPI. In the WebAPI, I've implemented OAuth Bearer Token Generation. public void ConfigureOAuth(IAppBuilder app) { var oAuthServerOptions = new OAuthAuthorizationServerOptions { AllowInsecureHttp = true, TokenEndpointPath = new PathString("/token"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), Provider = new SimpleAuthorizationServerProvider(new UserService

What is the OAuth 2.0 Bearer Token exactly?

阅读更多关于 What is the OAuth 2.0 Bearer Token exactly?

问题 According to RFC6750-The OAuth 2.0 Authorization Framework: Bearer Token Usage, the bearer token is: A security token with the property that any party in possession of the token (a \"bearer\") can use the token in any way that any other party in possession of it can. To me this definition is vague and I can\'t find any specification. Suppose I am implementing an authorization provider, can I supply any kind of string for the bearer token? Can it be a random string? Does it have to be a base64