When I call the OWIN /token
endpoint I get the bearer token in the response and a set-cookie header that has a token. Are these tokens the same? If not how do I make them the same?
No they are not the same, the token you receive is the access token needed to access your protected API (APIs attribute with [Authorize]
) and contains all the claims you want to encode inside it.
I've not seen token inside cookie returned when you call /token end point. Anyhow you usually depend on tokens or cookies for security not both.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.