UseOAuthBearerTokens vs UseOAuthBearerAuthentication
21,167
The UseOAuthBearerTokens
extension method creates both the token server and the middleware to validate tokens for requests in the same application.
Pseudocode from source using reflector:
UseOAuthAuthorizationServer(); // authorization server middleware
UseOAuthBearerAuthentication(ApplicationOAuthBearerProvider); // application bearer token middleware
UseOAuthBearerAuthentication(ExternalOAuthBearerProvider); // external bearer token middleware
Author by
Dave New
Updated on January 21, 2020Comments
-
Dave New over 4 years
In our
Startup
class, I have configured the following auth server options:OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions() { AllowInsecureHttp = true, TokenEndpointPath = new PathString("/api/v1/token"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), Provider = new SimpleAuthorizationServerProvider() };
After this, which option are we supposed to use to actually enable bearer authentication? There seem to be two variations on the Internet.
Option 1:
app.UseOAuthAuthorizationServer(OAuthServerOptions); app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
Option 2:
app.UseOAuthBearerTokens(OAuthServerOptions);
I have tested them both and the results are the same.
What are the difference between these options? When are we supposed to use which?