1

I'm making use of Identity for my Web API. I am successfully able to retrieve an access token by providing the username and password, but I'm not entirely sure what to do with it afterwards. I am thinking about storing it in a cookie, but I'm not sure whether or not this is bad practice. If it is, what would be better alternatives to this solution.

I don't want to let a user login every time he visits the website, so because of that I'm looking for ways of storing the access token. I have been searching the web (and SO) for solutions to this problem, but did not find a suitable answer. I found the following question that's similar, but did not get an answer: Where to store OAUTH2 access token in mvc5 web app.

Thanks in advance for your suggestions!

Community
  • 1
  • 1
user1796440
  • 366
  • 3
  • 11
  • You might find more success finding an answer if you expand your search so it's less MVC-centric: "OAuth2 storing access tokens". There's some info [here](http://stackoverflow.com/questions/18280827/using-oauth2-in-html5-web-app) and [on another S.E. site](http://security.stackexchange.com/questions/72475/should-we-store-accesstoken-in-our-database-for-oauth2). Also, you may need to specify 1) which [grant type](https://tools.ietf.org/html/rfc6749#section-4) you're using 2) who's auth server and where it exists 3) lifetime of access and refresh tokens – Jasen Oct 14 '15 at 17:46
  • Thanks for the links, those are useful! – user1796440 Oct 16 '15 at 15:24

0 Answers0