JSON Web Token vs Bearer Token in Web Api

I'm using Asp.Net Web Api

I'm confused. I already use JSON web token. I understood that. Knowns classic JSON web token. Header, payload, signature, Self-contained. The client can see claims data.

But Bearer Token is what? Bearer Token is self-contained too. We can be accessing token's data through Bearer Token. The client can not see claims data.

Then why don't we use Bearer Token? Is not Bearer Token a standard? Is there something like JWT Bearer Token?

And, How to can I generate custom Bearer Token in ASP.NET MVC Web API?


JWT is a format which contains the user information in an encrypted JSON format.

But Bearer Token is what?

Bearer token means that when a party presents a bearer token, it is then allowed access to the resource. We don't validate the requesting party. Having the bearer token is enough.

Is there something like JWT Bearer Token?

JWT Tokens can also server as bearer tokens. Ex In Azure AD authentication using oAuth protocol.

Then why don't we use Bearer Token?

You don't use bearer token when you don't want to blindly trust the party where bearer tokens are coming. In that case you want to verify the requesting party as well. In that case you might want to use the SAML tokens.

How to can I generate custom Bearer Token in ASP.NET MVC Web API?

Generation of a token is the work of an Identity provider. Where i work, the flow is like - Azure AD generates a bearer token in JWT format. The token is then sent to the Azure ad protected resource which then allows access.

I hope i have answered your doubts. Kindly let me know if you have any more doubts or issues. I would be more than happy if someone can point out any mistakes (if any) in the answer.

链接地址: http://www.djcxy.com/p/22416.html

上一篇: 带有OWIN OAuth载体令牌的Web Api 2

下一篇: JSON Web Token与Web Api中的承载令牌