Hi all,
We have created ASP.Net Web API2 using Windows Identity library for Jason Web Token. Please note that we did not create OAuth2 (no middle-ware server for authentications).
There are different clients (altogether different platform and devices) who are going to consume these services. On every subsequent request they have to pass JWT within header of requests.
We have two types of token one is short duration token (expires in an hour) and other one is long duration (expires within 3-days). At server side we are validating this token using library itself.
Apart from token we have a static API-Key (generated with some algorithm) and every client is associated with this key - same key can be used by multiple clients.
What would be the best approach to store/apply token and our custom api keys for authenticate any incoming requests?