asp.netoauthowin

Passing Access Tokens from a web site to another


Lets have this explained by example: Can we have a web site (A) dedicated for creating access tokens and handing it to another web site (B) to access its endpoints? Is there anything like that or a practice for having such thing?


Solution

  • There are similar patterns used for this such as api gateways that can be used to monitor and restrict access to endpoint services.

    A common approach could be a micro-service pattern where a website has many endpoints that are mainly designed to support the website functionality (standard behaviour). Another website or other applications eg companion mobile apps may also point to endpoints of the first website for authentication purposes and actual data. Depending on complexity, it may also me useful to split up the endpoints to separate functional components - eg solution that only performs authentication, another providing data for crud, another services another application and etc.

    Essentially there are many patterns but this approach is fairly common when a eco-system of related applications communicate together.