Last active
November 21, 2021 11:57
-
-
Save flozano/a5e9f6fe2a3e8fcb1ad36e7d4c9d7c88 to your computer and use it in GitHub Desktop.
[OpenID Connect notes]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://auth0.com/blog/id-token-access-token-what-is-the-difference/ | |
| "One of the most common mistakes developers make with an ID token is using it to call an API." | |
| But in ASP.NET: | |
| https://docs.microsoft.com/es-es/dotnet/api/microsoft.extensions.dependencyinjection.jwtbearerextensions.addjwtbearer?view=aspnetcore-6.0 | |
| Enables JWT-bearer authentication using the default scheme AuthenticationScheme. | |
| "JWT bearer authentication performs authentication by extracting and validating a JWT token from the Authorization request header." | |
| https://curity.io/resources/learn/jwt-best-practices/#1-jwts-used-as-access-tokens | |
| Not disregarded but "careful" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment