'OpenIdDict - WebApi endpoint protection

I am trying to implement WebApi protected by access_token issued by an OpenIdDict auth server. Some APIs don't require authentication, while others do. The former (the public ones) it is sufficient to provide a client_token, while for the latter an access_token. The .NET core Client that will use these APIs will then have to insert the client_token or the access_token in the header.

How do I implement a ROPC that initially requires a client_token (possibly putting it in a cookie) which will then replace with an access_token at the moment when it authenticates?

Thank you

authentication.net-coreasp.net-web-apiaccess-tokenopeniddict


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions