I am using Angular+Core v5. I need to provide an API which is called from other program (instead of real person). For caller authentication, I need to provide a static "Authorization Token" which is never expired. I wonder what is the best way to do it in ASPNETZero. Can you give me an example?
Thanks,
4 Answer(s)
-
0
This does not comply with security regulations.
But it can also be achieved. If you use JWT you can manually modify the expires.
If you are using IdentityServer, you can define a special client and modify the token expiration time.
-
0
Thank you for your response!
I am a little concern about "This does not comply with security regulations." As I know, many popular applications have this kind of authentication, such as Slack and Twilio. When my app (as a caller) sends requests to their API endpoint, I need to include my AccountId and AuthToken, which I got when I subscripted on their service and never expired.
Now, I am an API provider (same as Slack and Twilio) , and want to provide same way of authentication/authorization. Dose AspNetZero has (or will have) this feature? If not yet, is it easy to add by myself? Can you provide a code example?
Thanks,
-
0
I mean there is a security problem with "never expire".
ABP ZERO built-in JWT and IdentityServer provide Token-based functionality. You can view related documentation.
-
0
As @maliming says it's not a good practise. And here's Twillio's Token description. [attachment=0:2sz2akrw]twillio_token.jpg[/attachment:2sz2akrw]
