Do OAuth access tokens contain roles like JWT tokens

2018-06-16 23:40:14

I have been going through several samples/tutorials on using OAuth 2.0, OWIN, and JWT (JSON Web Token) tokens to authenticate and authorize access to an ASP.NET Web API v2. One of the things I like about JWT tokens in that the roles that the user belongs to are contained right in the token itself. Based upon the roles assigned to the user that bears the token I can allow/deny access to an API method as such ..

public class TestsController : ApiController
{
    [Authorize(Roles = "Admin")]
    [HttpGet]
    [Route("getdatetime")]
    public IHttpActionResult GetDateTime()
    {
        return Ok(String.Format("The current Date/Time is {0}", DateTime.Now));
    }
}

The reason I am looking at OAuth tokens is I have not been able to find an example that shows how to implement JWT Refresh tokens. I have a few examples of how to implement OAuth Refresh tokens however and may have to go that route. That being the case I was wondering if OAuth tokens can also contain role information such as JWT tokens do.

I Assume you meant access token as Oauth token, so OAuth2.0 Spec by itself doesn't enforce any format for the access tokens, so you can use any format you like, either be it random unique string or json string.

So you can very well use JWT Token as OAuth Access Token, and set necessary claims (roles) when you issue them.

Hope that helps!

链接地址: http://www.djcxy.com/p/48034.html

上一篇: eloqua Oauth 2.0提交表单

下一篇: OAuth访问令牌是否包含JWT令牌等角色