i have work flow works this:
- user on mobile device uses login google work flow , gets token back.
- user passes id_token webapi endpoint.
- webapi validates token via google endpoint, saves user data database, , generates refresh , access tokens.
- when user needs use api, provide access token via bearer authentication header.
- if access token has expired or going expired, app provides refresh token , receives new access token.
this pretty standard workflow believe. stuck how generate secure refresh token. i'm using asp.net mvc 5 , love little direction in how generate refresh token. i'm having hard time finding refresh token format well. can generate access token using jwtsecuritytoken, jwtsecuritytokenhandler , securitytokendescriptor classes.
could simple using symmetrical encryption algorithm on json string , sending on wire?
Comments
Post a Comment