I've setup an oauth autorization using Ktor Oauth like in the example https://github.com/ktorio/ktor-samples/blob/1.3.0/feature/auth/src/io/ktor/samples/auth/OAuthLoginApplication.kt
I'v got oauth token, but how to refresh it after expiration time?
Related
I have two projects, one is the API, the other one is the Client to consume the API. Both are .net core 3.1. The API project has been developed inspired by this post:
https://jasonwatmore.com/post/2021/06/15/net-5-api-jwt-authentication-with-refresh-tokens#users-controller-cs
and it has JWT Authentication with refresh token and some methods with Authorize attribute.
My problems starts in the Client project. The API projects emits access token and the client should use it accessing the protected API.
I can authenticated in the API, but when the client receives token (access token and refresh token), it store it in authentication cookie and in the refresh token cookie.
My doubts are:
Is this approach correct?
how can i manage that the access token expires and use the refresh token to get a new one? Do cookies need to be regenerated?
In future development i will add Facebook auth and client auth.
If is needed more details or some implementation let me know.
Thanks in advance.
JWT Token is generated in our application and using the same token within the expiration time I can call my API from postman also. I need to restrict that , so how can we identify if the API call with JWT token is coming from Postman or from browser and how to authenticate it in .net core ?
I have created a small .NET 5.0 Web API where a users can register/login to create/add/delete notes. The API is working fine, after the login I receive the JWT token in the response back.
Now I want to create a Blazor Webassembly website which will communicate with the API.
The problem I have is that I don't know where to start and what do I need to get the web page take the Token from the response and how to work with it to be authorized when doing API calls.
In the API i have used the IHttppAccesor to get access to the user data from the JWT token, is it similar to work with the token for the authorization.
Any suggestions what to use or where to start would be greatly appreciated!
I updated my mobile app to request an Azure AD B2C token using the ROPC policy. When I send the token as a Bearer token, same as I did with the Sign Up Sign In policy, I get an unauthorized error.
One thing I had to do was request the token via HttpClient because the new Microsoft.Identity.Client package does not have the AcquireTokenByUsernamePasswordAsync() function.
In the Web Api, I updated the TokenValidationParameters to have the new ROPC policy as the new AuthenticationType but that does not work either.
What updates do I need to make so that I can use the access token I receive back to authorize on my api?
What I did to solve this is set the API ClientId to be the same as the mobile app ClientId which solved the issue for me.
This seems like it is not the correct way to solve this issue, but I could not find another solution at this time.
I'm new to asp.net core.
I'm trying to create a simple WEB API with asp.net which uses Jwt Token and Google OAuth.
About JWT, I've followed this tutorial and succeeded : https://stormpath.com/blog/token-authentication-asp-net-core
But I don't know how to do my authentication with Google OAuth in my WEB API system. What I think about is :
Because WEB API doesn't have view, a client app (Desktop App, iOS App) will get authentication code and exchange that code for access_token.
Web API receives access_token comes from client, send request to Google to verify the token and do authentication.
My question is :
Is my implementation correct?
How to implement it by code ?
Thank you,