如何在第三方ASP.NET Web API客户端中使用Oauth生成的令牌?
[英]How to use an Oauth Generated Token in a 3rd party asp.net web API client?
问题描述
I am new to asp.net web API. 
我是ASP.NET Web API的新手。
I am planning to use Token based authentication for a simple web API I am creating in C#. 我打算将基于令牌的身份验证用于在C#中创建的简单Web API。
I have created the API and used the following code to create the token 我已经创建了API,并使用以下代码创建了令牌
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new SimpleAuthorizationServerProvider(),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
// In production mode set AllowInsecureHttp = false
AllowInsecureHttp = true
};
I used postman tool to test the api by copying the token generated by the above code and by prefixing the keyword Bearer to it. 我使用邮递员工具通过复制上述代码生成的令牌并在其前面加上关键字Bearer来测试api。
Everything works fine. 一切正常。
However, I have the following questions, for which I couldn't find a proper answer. 但是,我有以下问题,无法找到正确的答案。
- How a third party client will know about the generated token? 第三方客户如何知道生成的令牌?
- Since the token expires in 14 days, how the client will know about the updated token? 由于令牌在14天后到期,因此客户将如何知道更新的令牌?
1 个解决方案
解决方案1
0 2018-12-19 05:51:29
You pass them back the token from the login and they use it as the bearer token. 您将它们从登录名传递回令牌,他们将其用作承载令牌。
You can also give them a refresh token that acts like a username/password, client checks of they get an auth failure and then they'll use the refresh token to get a new bearer token. 您还可以给他们一个刷新令牌,其作用类似于用户名/密码,客户端检查它们是否获得身份验证失败,然后他们将使用刷新令牌来获得新的承载令牌。
Really depends on your app. 真的取决于您的应用程序。 If it's a mobile app, you might just set it to never expire to make things easier (if there is no risk). 如果是移动应用程序,则可以将其设置为永不过期,以使事情变得更容易(如果没有风险)。 Websites you can ask them to log in again after 14 days, or use a refresh token. 您可以要求他们在14天后再次登录的网站,或使用刷新令牌。 Lots of options 很多选择
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.