UseOAuthBearerTokens vs UseOAuthBearerAuthentication
asp.net Identityasp.net Web-Api2Owinasp.net Identity-2Katanaasp.net Identity Problem Overview
In our Startup
class, I have configured the following auth server options:
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/api/v1/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new SimpleAuthorizationServerProvider()
};
After this, which option are we supposed to use to actually enable bearer authentication? There seem to be two variations on the Internet.
Option 1:
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
Option 2:
app.UseOAuthBearerTokens(OAuthServerOptions);
I have tested them both and the results are the same.
What are the difference between these options? When are we supposed to use which?
asp.net Identity Solutions
Solution 1 - asp.net Identity
The UseOAuthBearerTokens
extension method creates both the token server and the middleware to validate tokens for requests in the same application.
Pseudocode from source using reflector:
UseOAuthAuthorizationServer(); // authorization server middleware
UseOAuthBearerAuthentication(ApplicationOAuthBearerProvider); // application bearer token middleware
UseOAuthBearerAuthentication(ExternalOAuthBearerProvider); // external bearer token middleware