sleath
Reputation: 871
What's the point of using JWTs with ASPNet.Identity?
I've implemented ASPNET.Identity with a custom JWTProvider. However is there a point of using JWT with ASPNET.Identity instead of the baked in regular token bearer in Identity already? Does this increase security? Does it just add more complexity to the application?
UPDATE In terms of using the Oauth token provider vs custom JWTProvider. Does this get you any added security?
Upvotes: 4
Views: 230
Answers (1)
Vikas Sardana
Reputation: 1643
Both are very much different in terms of XSRF/CSRF.
In case of OAuth XSRF token is always send to client in every response header of server. It does not matter, CSRF token is sent in JWT token or not. Because CSRF token is secured with itself. Therefore sending CSRF token in JWT is unnecessary.
Upvotes: 2
Related Questions
- Why should I define JwtBearerDefaults.AuthenticationScheme for my Authorize attribute always?
- What is the purpose of JwtBearerOptions.SaveToken property in ASP.NET Core 2.0+?
- ASP.NET Identity Bearer Token vs JWT Pros and Cons
- Using IdentityServer vs creating custom JWT based authentication
- What is the use of asp.net identity .GenerateUserToken()
- What is actor token in Microsoft.IdentityModel.Tokens?
- Why sign-in a new user when using ASP.NET Core Identity and token-based auth?
- ASP .NET Core Identity default authentication vs JWT authentication
- asp.net core identity - 2 types of jwt tokens
- Asp.net core Identity and Token Based Authetication