Home > Software design >  How WebApi valides token in Implicit (or Authorization) grant flow (OpenId)?
How WebApi valides token in Implicit (or Authorization) grant flow (OpenId)?

Time:10-26

I have read some documentation on using ADFS. I understand it returns a token which is later passed by the client. In the diagrams, I can see that WebApi is validating the token, but I don't understand how. Maybe the api has access to the public key with which it verifies the token? If the api, after receiving the token, asked eg ADFS to confirm that the token is correct, I would understand, but it seems that it is not needed.

enter image description here

enter image description here

Images from: docs.microsoft

CodePudding user response:

It is up to the application to validate the token.

Yes, it has access to the public key.

Page link:https//www.codepudding.com/Softwaredesign/166320.html

Prev:Restric GCP API Key To A Subset Of Endpoints For A Given API
Next:Use of incomplete types in templates
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding