I am currently creating a system basically consisting of mainly three parts. There is one authorization server and one resource server. Furthermore, I have one pubsub api based on Node.js (Javascript) next to it. The authorization server and resource server are built using the DotNetOpenAuth libraries. The resources can be accessed by means of the token received from the authorization server.
Now, what would be the preferred way of working when I also would like to have the pubsub api authorized by means of the same token? In the DotNetOpenAuth library, I have this VerifyAccess method available which does this for me but I don’t have this in my Javascript. Would it be proper to have a separate web service doing the verification which i then call from my javascript?
Thank you in advance…
Having your Node.js call via web request to .NET to call VerifyAccess would certainly be the simplest. Alternatively if Node.js has the ability to perform asymmetric signature verification, and both asymmetric and symmetric decryption, then theoretically Node.js could validate the token directly. But that would be left as an exercise for the reader. 🙂
If you do accomplish it, please publish your result for others though.