Reputation: 177
passing token at every request with web api
First of all, I think identity over HTTP has become a nightmare to understand, even worse to implement and just to make it clear, I think there are too many options.
I sound like someone who didn't get it, I know...
Anyways...
I have implemented a token provider and it gives me tokens when I hit an endpoint (/token). This is my access token and now I need to understand how I should store this for subsequent requests to the actual API.
Could I store in a session ?
And next, do I need to pass on my access token to the API for every request ?
I am fairly (totally) new to token based authentication but have patience, I will get there.
Upvotes: 1
Views: 3297
Answers (1)
Reputation: 9043
Yes you need to send your token with each request in the Authorization Header using Bearer scheme, regarding storing the token, OAuth 2.0 gives you the full responsibility on how to store the token, so if you are building SPA or Server Web APP you can store it in local storage or cookie and read the value from there and send it with each request.
I recommend you to read my blog post which should clarify all the ambiguity Token based Authentication
Upvotes: 1
Related Questions
- Using Permanent Token in API HTTP Call
- How to pass authorization token in every request
- Asp.net Web Api Identity send bearer token in all request
- Passing token through Angular
- How to Call ASP.NET Web API base on Ajax with GET/POST and Token key
- Asp.net Web Api Token Authentication
- Sending Token and Value in browser to Web api
- Retrieve token value from the request within web api action
- Token based authentication in web api
- Token Based Authorization Web API