Click here to Skip to main content
15,881,588 members
Search within:


Oauth confusion about token generation
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
OAuth
WebAPI2
Greetings,

I am working on developing a library to generate a token to be used by application to access a service resource. Here is the scenario the library will accept user name and password then it should create a Jason formatted token, I was trying to use Jwt.

Json token, from my point of view, will include beside issuer, expires, and an audience the roles of the user. For now everything goes fine, however, my manager wants the authorization filters to be more flexible. He do not want me to go and check for the Roles within the principal within the current request context, the default behavior, as that will not make the authorization process flexible as every time I add a new role I need to go and modify the API services to add the new role to the authorize attribute list as required.

For example, lets say I am having a "Role 1" role and I used it to decorate some of the API services if I added a new role "Role 2" and I want principal that has that role to access my services I will be forced to go and add/edit the authorize attributes to include the newly created role etc.

What my manager was thinks of is that instead of setting the Role within the token it would be better if I set the service URI, for example, https://www.example.com/api/get, and the authorization mechanism checks whether any token's URIs matched the the requested service URI if a match found the service get fetched and executed, which will make the authorization more flexible as I do not need to add/edit my service with each newly created role.

I hope my point of view is clear. My question
Is such mechanism is reachable or not?
The Jwt I tried so far only contains specific set of info like and the claims types are limited to a certain set and I cannot add a new user defined property to it to hold the URIs which is easy when creating a Json object. How can I create my Json that can be used as a OAuth valid token format? 

{
"username": "user_name",
"issuer": "issuer_name",
"expires": "time_placeholder"
"role": [ "role 1", "role 2", "role 3", etc.],
"URI": [ "URI 1", "URI 2", "URI 3", etc. ]
}


What I have tried:

I am trying to search on internet and some apress books
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How to generate oauth 2.0 access token of azure API in jquery AJAX method
how to generate access token for OAuth
Automate Facebook oauth to generate access tokens
Generate one token per user in oauth bearer-token
Regarding oAuth Token used in web api
How to capture the generated Access token before it is sent in the response Using Oauth in Web api
How can I get my oauth token to generate using dictionary in restsharp
Logical issue with oauth 2.0 implementation in react app - redirect after successful login not working
Trying to do linkedin authorization code flow (3-legged oauth) but I keep getting this error 'unable to retrieve access token
Restrict the uses of oauth security token generated with ASP.NET WEB API 2.0 to one user device only

Advertise
Privacy
Cookies
Terms of Use
Last Updated 10 Dec 2017
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900