In this post we will talk about bearer token authentication and how we should manage this token when our application is running on more than one server - when we are using OWIN, Katana and AngularJS. Token Characteristics First of all let’s see what are the characteristics of bearer token: Generate by server Contains user claims (what kind of operations a user can do/roles) All information that a token contains are encrypted Token information can be decrypted only by the machine that created the token Expiration date is encrypted in the token itself No token information are stored on the server side Encryption is safe enough to be used worldwide (Facebook, Google and Twitter are using it) A token can be used by external system only when decryption key is shared Easy and cheap to generate tokens Why? All this sounds good, but what is happening if we want to go in production. In this case we should be able to scale our backend from one node to 3 or 10 nodes. D...
DREAMER, CRAFTER, TECHNOLOGY ENTHUSIAST, SPEAKER, TRAINER, AZURE MVP, SOLVING HARD BUSINESS PROBLEMS WITH CUTTING-EDGE TECHNOLOGY