When you create a new Web API using VS 2017 and select to use "Work or School Accounts" for authentication, you will get code which is using a JwtBearerAuthentication library. It is also possible to hand code the Web API to use an OpenIdConnectAuthentication library. What will be the major differences between using these? Would one need to code the client specifically / different depending on what library used on the API (server) side, or could a client be compatible with both ways of protecting the API?
Asked
Active
Viewed 867 times
3
abatishchev
- 98,240
- 88
- 296
- 433
OlavT
- 2,496
- 4
- 31
- 56
-
See also http://stackoverflow.com/questions/1087031/whats-the-difference-between-openid-and-oauth and https://security.stackexchange.com/questions/37818/why-use-openid-connect-instead-of-plain-oauth – abatishchev Apr 26 '17 at 17:41
1 Answers
0
I tried to generate an ASP.NET Core Web Application using "Work or School Accounts" and the generated code contains UseOpenIdConnectAuthentication. I have then implemented some code in the web apoplication to call the Web API with a bearer token and everything works fine.
OlavT
- 2,496
- 4
- 31
- 56
-
What code did you implement to get the WebApi working with the token? – Castrohenge May 12 '17 at 11:42
-
1I used the standard ASP.NET MVC web templates from VS 2017 and selected Change Authentication to "Work or School Accounts". – OlavT May 12 '17 at 15:21