I'm studing IdentityServer4 and I got question. I know that exist jwt token which need for checking token. It checks that token was gotten from trust server. There is access_token which need to authorize in app. How does it work? I get two tokens or jwt contains a access_token as well?
0
votes
Please note that a JWT is not IdentityServer4 specific. IdentityServer4 implements a number of OpenID Connect and OAuth2.0 specifications. In order to understand IdentityServer4 it helps to understand the specifications.
- user4864425
In case of IdentityServer the token can contain an Access Token, an Identity Token and a Refresh Token. But this depends on the configuration and the used flow. An alternative of the JWT token is the reference token.
- user4864425
I did it, thank you
- Snuppi
1 Answers
2
votes
From an Auth Server(The server which issues the JWT token), you will received a JWT Token aka Access_Token. This Auth Server will contains the Secret-Key that can issues an Access-Token.
From a client(Mobile/Web/Console App), you will need to pass this Access_Token in your Request Header to your Resource Server(The server where your resources stored, normally this is your backend server) to request for Resources/Data.
(e.g : Authorization : Bearer <Access_Token>)
Upon receives a request from client,in your Resource Server, you will need to have a Validate JWT function that will validate the JWT Token based on a public-key (Security Algorithm : RSA256, HS256).
