OAuth 2.0 flow for authentication of multiple APIs using an authentication server

0

When I log in through my front-end layer, a request is sent to my authentication server which, in turn, returns a Bearer Token that can be saved in a cookie, for example. No doubt about it!

My problem is that my front layer requests N other APIs and I need to be authenticated in all of them since I can not release the routes to receive requests without being authenticated.

How do I plan authentication?

    
asked by anonymous 06.03.2018 / 20:51

1 answer

0

You should use the same Machine Key in all APIs

In the API Web.config where you generate the token there is a line saying this:

<system.web>
<machineKey 

validationKey="80F23AB9386C5D204479.............."              decryptionKey="5E26E9609FF8636A584A2C34671E..........." 
validation="SHA1" decryption="AES" />
</system.web>

You use this same "MachineKey" key in the other API's that they will share the same token.

    
16.03.2018 / 19:02