How to validate oauth token at resource server

Question

my authorization server and resource servers are different , i have third party token issuer is below. https://XXXXXXXXXXX/v2/token

i am able to get access token from authorization server, but i am unable to get success to call my resource server API.

my resource server configuration

public void Configuration(IAppBuilder app) { // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=316888

        var issuer = "https://XXXXXXXXXX/v2/token";
        var audience = "05XXXXXXX29";
        var secret = TextEncodings.Base64Url.Decode("43558e250ab87XXXXXXXXXXXXXf57549c58fca1");

        app.UseJwtBearerAuthentication(
            new JwtBearerAuthenticationOptions
            {
                AuthenticationMode = AuthenticationMode.Active,
                AllowedAudiences = new[] { audience },
                IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
                {
                    new SymmetricKeyIssuerSecurityTokenProvider(issuer, secret)
                }
            });

}

Chunlong Chunlong · Accepted Answer · 2020-05-07T14:15:12

The access_token is a JWT token, which is self-contained and verifiable. You resource server should just verify it. There are many 3rd party JWT library for JWT verification, see https://openid.net/developers/jwt/

How to validate oauth token at resource server

1 Answers