stackoom
  简体   繁体   中英

Under the covers, how are RefreshTokens kept track of? (ASP.NET Owin/OAuth2)

 原文  2019-11-28 11:25:22       asp.net/ security/ oauth-2.0/ authorization/ owin

Question

Even if we stop the API, or shut down the whole machine, resuming it still keeps track of the refresh tokens that have been issued to the clients. How is this achieved?

1 answers

solution1
 0  2019-11-29 08:06:50

A refresh token is typically stored in a database by the authorization server.

It is also common for mobile UI clients to store them in OS secure storage.

It is also common for server side web apps to include the refresh token in an auth cookie so that it remains available across requests.

Your API should only ever receive access tokens - and should not know anything about refresh tokens.

I'd need to know more about your specific scenario to be able to advise further.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to modify token endpoint response body with Owin OAuth2 in Asp.Net Web API 2 ASP.NET Identity OWIN Middleware Google OAuth2 AuthenticationManager SignIn not working oauth2 in asp.net web forms asp.net mvc 5 and oauth2 login Incremental Google OAuth with Asp.Net Owin Oauth Can i use asp.net membership with owin and oauth provider? ASP.net OWIN OAuth middleware with bearer token and changing roles How to implement OWIN Ilogger in ASP.NET? How OWIN hooks on ASP.NET startup How to use OWIN in asp.net 5 application
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM