bearer-token

I'd like to enable authentication in SignalR while the server was hosted in ASP.NET WebAPI which I'm using OAuth Bearer authrntication and the client is AngularJS. On client side I originally pass the Bearer token through HTTP header and it works well with the WebAPI. But since SignalR JavsScript doesn't support adding HTTP headers in connection (it's because WebSocket doesn't support specifying HTTP headers) I need to pass the Bearer token through query string by using the code like self.connection.qs = { Bearer: 'xxxxxx' }; The problem is on the WebAPI side my SignalR always returned 401

Twitter's API requires sending an Authorization header that is a base64 encoding of an API key concatenated with an API secret key. In Node, I use: var base64 = new Buffer(apiKey + ':' + apiSecret).toString('base64'); The header sent becomes: Authorization: 'Basic ' + base64 What is the point of base64 encoding the string "apiKeyHere:apiSecretHere"? Why not just accept an Authorization header containing the raw api credentials? This question is similar to What is the purpose of base 64 encoding and why it used in HTTP Basic Authentication? but the voted answer doesn't fully answer my question.

Let's suppose that we're using OAuth Bearer tokens to secure our API. There is NuGet package with OWIN middleware that will do it for us: https://www.nuget.org/packages/Microsoft.Owin.Security.OAuth . Everethig looks great, until raises question about access token expiration - we don't want to force use to re-login over and over again. As far as I understand there are three basic ways: Make Access Token expiration time very big (1 month for instance) Use OAuth Refresh Tokens that adds much difficulties to both Authentication Server and the user application code (described in following article

I have some questions related to Bearer Token. In Owin you can protect a ticket Protect(ticket) like this: ClaimsIdentity identity = new ClaimsIdentity(Startup.OAuthServerOptions.AuthenticationType); identity.AddClaim(new Claim(ClaimTypes.Name, user.UserName)); Dictionary<string, string> properties = new Dictionary<string, string>(); properties.Add("UserId", user.Id); properties.Add("UserName", user.UserName); properties.Add("Role", "user"); AuthenticationProperties properties = new AuthenticationProperties(properties); AuthenticationTicket ticket = new AuthenticationTicket(identity,

I am confused about how to create a good header for a simple Get request in Angular 5. This is what I need to do in Angular: This is what I have so far: getUserList(): Observable<UserList[]> { const headers = new Headers(); let tokenParse = JSON.parse(this.token) headers.append('Authorization', `Bearer ${tokenParse}`); const opts = new RequestOptions({ headers: headers }); console.log(JSON.stringify(opts)); const users = this.http.get<UserList[]>(this.mainUrl, opts) return users .catch(this.handleError.handleError); } This is the response in my console.log: {"method":null,"headers":{

I am attempting to implement OWIN bearer token authorization, and based on this article . However, there's one additional piece of information I need in bearer token that I don't know how to implement. In my application, I need to deduce from the bearer token user information (say userid). This is important because I don't want an authorized user from being able to act as another user. Is this doable? Is it even the correct approach? If the userid is a guid, then this would be simple. It's an integer in this case. An authorized user can potentially impersonate another just by guessing / brute

I'm trying to do a POST request using an access_token, and it works fine using POSTMAN, but when I try to do the same request on Delphi, I can't find a way to add the "Authorization=Bearer eyxxxxxx..." to the Request header, as POSTMAN does. POSTMAN Request (working well): POST /somepath HTTP/1.1 Host: someurl.com.br Authorization: Bearer eyJhbGciOiJSUzI1NiJ9..... Content-Type: application/json (body content ommited) Indy Request generated by Delphi, captured by HTTP Analyzer (always returning 401 Forbidden error, because the absence of "Authorization=Bearer" part): POST /somepath HTTP/1.1