Just some clarification on AuthorizationServerAccessToken RSA

97 views
Skip to first unread message

Brad Laney

unread,
Jul 24, 2012, 8:04:23 PM7/24/12
to dotnet...@googlegroups.com

AuthorizationServerAccessToken.AccessTokenSigningKey 
This is used for encrypting and decrypting the refresh token

AuthorizationServerAccessToken.ResourceServerEncryptionKey
This is used for encrypting the resource access token

Are these true statements?

Andrew Arnott

unread,
Jul 24, 2012, 8:15:30 PM7/24/12
to dotnet...@googlegroups.com
On Tue, Jul 24, 2012 at 5:04 PM, Brad Laney <brad.j...@gmail.com> wrote:

AuthorizationServerAccessToken.AccessTokenSigningKey 
This is used for encrypting and decrypting the refresh token

No.  This is used for signing the access token.
The refresh token is encrypted/decrypted using rotating symmetric keys managed by the ICryptoKeyStore interface.
 

AuthorizationServerAccessToken.ResourceServerEncryptionKey
This is used for encrypting the resource access token

Yes.
Reply all
Reply to author
Forward
0 new messages