Simple Web Token (SWT) as OAuth 2.0 Bearer Token for ASP.NET Web API

So, you have made the decision to use SWT token as bearer token to access OAuth 2.0 protected ASP.NET Web API. If you are not that specific about SWT and any access token is okay, head out to DotNetOpenAuth. To the best of my knowledge and belief, DNOA does not support SWT tokens but if that is no concern, DNOA is the best path to take – no point in reinventing the wheel. If you are keen on using SWT as bearer token through OAuth 2.0, do stick around. Continue reading

Anatomy of a Simple Web Token (SWT)

Simple Web Token – name says it all. It is a token, it is for web (read HTTP) and it is simple! Then, there is good old SAML token, which is XML based. If there be light, then there is darkness; if cold, heat; if height, depth… If XML, JSON; so, there is a JSON web token (JWT) as well. SAML is more SOAP-ish and SWT and JWT are REST-ish.

Naturally, SWT is a good choice for ASP.NET Web API. Using OAuth 2.0, SWT can be sent in the HTTP authentication header (bearer scheme). That topic is too big for a single blog post. So, let’s focus on just SWT and look at using SWT as a bearer token through OAuth 2.0 hopefully in a future post. There is a great open source library for OAuth 2.0 – DotNetOpenAuth but my understanding, as of the time of writing this blog post is, SWT is not supported by DotNetOpenAuth for OAuth 2.0.

Anyways, let’s get on with dissecting a SWT. Continue reading