Last post May 03, 2014 10:35 AM by BrockAllen
May 03, 2014 10:30 AM|spdev101|LINK
I am developing a MVC 5 site that is dependant on Google for authentication. I understand that the bearer token approach is used by ASP.NET for this purpose. My question is
How (what mechanism) does the framework (ASP.NET) use to validate that the bearer token is valid and not just some randomly generated characters?
May 03, 2014 10:35 AM|BrockAllen|LINK
The token is signed by the issuer (authorization server) and the resource server trusts the issuer (by using either a shard key or the public key).