locked
Additional authorization data RRS feed

  • Question

  • User344948100 posted

    One of my projects requires additional data to authorization such as organization identity and a couple of other informations passed in the authorization process along the username and password. This project will be consumed by a web client and mobile apps so I would like to use bearer token.

    Should I add this additional values in the token as key pair values at the cost of increase this token? Should I enable session full at server side and store it as in a MVC project? Should I use additional header to store this additional information and leave the bearer token as the default?

    I know all this alternatives has ups and downs but I would like to know if anyone has experience or additional advice about this situation.

    Thursday, July 30, 2015 7:54 AM

Answers