Menu
In our Startup class, I have configured the following auth server options:
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions() { AllowInsecureHttp = true, TokenEndpointPath = new PathString("/api/v1/token"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), Provider = new SimpleAuthorizationServerProvider() }; After this, which option are we supposed to use to actually enable bearer authentication? There seem to be two variations on the Internet.
Option 1:
app.UseOAuthAuthorizationServer(OAuthServerOptions); app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()); Option 2:
app.UseOAuthBearerTokens(OAuthServerOptions); I have tested them both and the results are the same.
What are the difference between these options? When are we supposed to use which?
894
Bearer authentication (also called token authentication) is one of the HTTP authentication schemes that grant access to the bearer of this token. Bearer token authentication is done by sending a security token with every HTTP request we make to the server.
OWIN (Open Web Interface for . NET) is a standard for an interface between . NET Web applications and Web servers. It is a community-owned open-source project. The OAuth authorization framework enables a third-party application to obtain limited access to a HTTP service.
The UseOAuthBearerTokens extension method creates both the token server and the middleware to validate tokens for requests in the same application.
Pseudocode from source using reflector:
UseOAuthAuthorizationServer(); // authorization server middleware UseOAuthBearerAuthentication(ApplicationOAuthBearerProvider); // application bearer token middleware UseOAuthBearerAuthentication(ExternalOAuthBearerProvider); // external bearer token middleware If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
