Skip to content

Instantly share code, notes, and snippets.

@flozano

flozano/notes

Last active November 21, 2021 11:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save flozano/a5e9f6fe2a3e8fcb1ad36e7d4c9d7c88 to your computer and use it in GitHub Desktop.
Save flozano/a5e9f6fe2a3e8fcb1ad36e7d4c9d7c88 to your computer and use it in GitHub Desktop.
Download ZIP
[OpenID Connect notes]
Raw
notes
https://auth0.com/blog/id-token-access-token-what-is-the-difference/
"One of the most common mistakes developers make with an ID token is using it to call an API."
But in ASP.NET:
https://docs.microsoft.com/es-es/dotnet/api/microsoft.extensions.dependencyinjection.jwtbearerextensions.addjwtbearer?view=aspnetcore-6.0
Enables JWT-bearer authentication using the default scheme AuthenticationScheme.
"JWT bearer authentication performs authentication by extracting and validating a JWT token from the Authorization request header."
https://curity.io/resources/learn/jwt-best-practices/#1-jwts-used-as-access-tokens
Not disregarded but "careful"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment