stackoom
  简体   繁体   中英

IdentityServer4 api forward token to another api

 原文  2020-01-08 14:52:27       c#/ oauth/ oauth-2.0/ identityserver4/ openid

Question

my users use mobile app, this mobile app interact with api, some api functions need to call to another api's. all my api are require Authorize, should i take the tBearerToken and forward it to the other api's or there is another way to do that?

1 answers

solution1
 0  2020-01-08 15:23:52

You have several options. You need to use a delegation pattern to get a valid token to your backend.

You can forward the token from one Api to another, which makes you reuse a token in both Apis. Or what is the same, both Apis share audience and scopes. Which is not a good practice since you get out of the specification.

Or you can extend your grants by implementing a delegation grant on your Idp where the first Api that has the token exchanges it for another token with a different audience but with all the user information. You can see an example in the IdentityServer4 documentation .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Accessing protected API on IdentityServer4 with Bearer Token Using IdentityServer4 with DataProtection API for token signing Is it possible to relay access_token from one web api to another in IdentityServer4 Unable to Validate JWT or access_token in API with IdentityServer4 Validate IdentityServer4 token in Web API (.Net framework) how to get access token via identityserver4 via method (not api)? Browserless API protection with IdentityServer4 IdentityServer4 - user permissions on the API IdentityServer4 + API on same host Identityserver4 and API in single project
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM