All geek questions in one place

Where to store access tokens and updates

I am making an OAuth2 call from my ASP.NET MVC web application into my web API via JavaScript to authenticate my user and get a token. The web API accesses the SQL Server database, where the user login is stored using Identity and typical AspNetUsers tables. My API call returns an access token of 20 minutes and an update token of 2 weeks. APIs and consumer applications are the products that we develop with which our customers will register. In other words, all the code is on our side.

I know that I must update the access token before it expires by passing the API token to the update. My question is: where can I store access tokens and updates on the client for use in my JavaScript for later API calls or for updating the token? People on the Internet say that storing something on the client side is bad, cookies are unsafe, etc., and without any solutions. Local storage? But, of course, these are the Ajax calls in JavaScript that we make for the API, so tokens must exist somewhere on the client side! It drives me crazy trying to figure it out. I know that I need to at least use HTTPS.

+4
source share
2 answers

.

ID, access_token, Refresh_Token, LastUpdated_Time

, API , , LastUpdated_Time, , , , . 55 toke, .

if (dateTimeDiff > 55) {
    var request = (HttpWebRequest) WebRequest.Create("https://www.googleapis.com/oauth2/v3/token");
    var postData = "refresh_token=your refresh token";
    postData += "&client_id=your client id";
    postData += "&client_secret=your client secret";
    postData += "&grant_type=refresh_token";

    var data = Encoding.ASCII.GetBytes(postData);
    request.Method = "POST";
    request.ContentType = "application/x-www-form-urlencoded";
    request.ContentLength = data.Length;
    request.UseDefaultCredentials = true;

    using(var stream = request.GetRequestStream()) {
        stream.Write(data, 0, data.Length);
    }
    var response = (HttpWebResponse) request.GetResponse();
    string responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();

}

, LastUpdated_Time .

+1

- , , . , , . , cookie, .

0

Source: https://habr.com/ru/post/1607823/

More articles:


All Articles