Stack Overflow
Stack Overflow

Questions tagged [bearer-token]

Tokens are issued to clients by an authorization server with the approval of the resource owner. The client uses the access token to access the protected resources hosted by the resource server.

1416 questions
16
votes
3 answers

Manually decode OAuth bearer token in c#

In my Web Api 2.2 OWIN based application I have a situation where I manually need to decode the bearer token but I don't know how to do this. This is my startup.cs public class Startup { public static OAuthAuthorizationServerOptions…
Marcus Höglund
  • 16,172
  • 11
  • 47
  • 69
15
votes
4 answers

Accessing protected API on IdentityServer4 with Bearer Token

I have attempted to search for a solution to this problem, but have not found the right search text. My question is, how can I configure my IdentityServer so that it will also accept/authorize Api Requests with BearerTokens? I have an…
mTrilby
  • 153
  • 1
  • 1
  • 4
15
votes
2 answers

Asp.net core 2 - 401 error with bearer token

I'm not able to access protected method with Authorized with a token generated by Asp.net Core. The configuration : services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(cfg => { …
OrcusZ
  • 3,555
  • 2
  • 31
  • 48
15
votes
1 answer

Set up JWT Bearer Token Authorization/Authentication in Hangfire

How can you configure Bearer Token Authorization/Authentication in Hangfire? I have a custom authentication filter that read the Authentication Token on the initial request but all other requests (Hangfire calls) it return 401. How can I attach…
Valter
  • 2,859
  • 5
  • 30
  • 51
15
votes
3 answers

Why should you base64 encode the Authorization header?

Twitter's API requires sending an Authorization header that is a base64 encoding of an API key concatenated with an API secret key. In Node, I use: var base64 = new Buffer(apiKey + ':' + apiSecret).toString('base64'); The header sent…
Animal Rights
  • 9,107
  • 6
  • 28
  • 40
15
votes
3 answers

ASP.NET Web API Authorization tokens expiring early

I have implemented security for my web api (individual accounts) as discussed here. I have hosted the website on godaddy (shared hosting) and its working fine. When I ask for token by using url "domain.com/token", I get the token with expiration…
Vaibhav J.
  • 352
  • 2
  • 15
14
votes
3 answers

How to test Keycloak authentication in Spring Boot application?

In a Spring Boot project we enabled Spring Security and applied Keycloak authentication with bearer token like described in the following…
radistao
  • 14,889
  • 11
  • 66
  • 92
14
votes
3 answers

InvalidOperationException: The AuthorizationPolicy named: 'Bearer' was not found

I am currently trying to learn how to build a secure api using bearer token, I keep getting this error (InvalidOperationException: The AuthorizationPolicy named: 'Bearer' was not found.) and I am not sure why. I am using asp.net-core 2.0 and trying…
Conor Shannon
  • 439
  • 2
  • 6
  • 17
14
votes
1 answer

OWIN Bearer Token Authentication

I have some questions related to Bearer Token. In Owin you can protect a ticket Protect(ticket) like this: ClaimsIdentity identity = new ClaimsIdentity(Startup.OAuthServerOptions.AuthenticationType); identity.AddClaim(new Claim(ClaimTypes.Name,…
David Dury
  • 5,537
  • 12
  • 56
  • 94
13
votes
2 answers

Security of storing Bearer token in cookies

My SPA uses React as front end and laravel API as backend. When the user logs in (via axios and api), the api returns an access (Bearer token) as response. I use the react-cookie framework to store the access token as cookie in the Browser. This…
user172902
  • 3,541
  • 9
  • 32
  • 75
13
votes
1 answer

Where should one store the authentication token in ASP.Net Core

My application has an API part and a website-part. On the website, the user can log in and gets a JWT bearer token from the API. My question now is: Where should I store that token? Some say, store it in Cookie (while others say "don't, because…
Matthias Burger
  • 5,549
  • 7
  • 49
  • 94
13
votes
3 answers

Using a bearer token for authentication(≠ authorization)

A request using the Authorization: bearer [token] can be used for authentication? or Should we use another method to authenticate a client and issue a token then use the token as a bearer token like OAuth2 does? Why popular web services(e.g. Github,…
sndyuk
  • 2,720
  • 2
  • 24
  • 32
13
votes
2 answers

How to store bearer tokens when MVC and Web API are in different projects

Situation: I have a Web API 2 project which acts as an Authorization server (/token endpoint) and a resource server. I am using the template that comes out of box with ASP.Net Web API minus any MVC reference. The Start.Auth is configured as…
Amanvir Mundra
  • 420
  • 1
  • 6
  • 20
13
votes
1 answer

How do you generate a Bearer token to call a remote Web API

I have two sites, a site that users login to and manage their account and site that has no UI and is nothing more than a API to store and retrieve content. Both of these sites use the same Owin ASP.Net Identity 2.0 setup. The UI site uses cookies…
John C
  • 1,761
  • 2
  • 20
  • 30
12
votes
3 answers

How to get "exp" from jwt token and compare with it current time to check if token is expired

I am using System.IdentityModel.Tokens.Jwt package and the below code decoding the jwt token, but it won't give exp value? var handler = new JwtSecurityTokenHandler(); var decodedValue = handler.ReadJwtToken("token"); How to get exp and compare…
user584018
  • 10,186
  • 15
  • 74
  • 160
1 2
3
94 95