Integrating Simple Web Tokens (SWT) with WCF REST Services using WIF

The Simple Web Token (SWT) is a new & simple token format that was created by Microsoft, Google and others. See here for specs. The Azure platform App Fabric Access Control service e.g. uses this token type.

Why yet another token type? Well – the advantages of SWT are that it is simple to construct (form encoded key value pairs), that only simple crypto is needed (SHA256 HMACs) and that it is compact on the wire which allows easy embedding in HTTP headers or query strings.

The downsides are – it is not a widely adopted token format (current spec version is and the lack of asymmetric signatures (e.g. X.509 based).

Since I had to do some ACS work recently, I crafted up a simple SWT integration for WCF based REST services (works in ASP.NET as well). The plumbing looks for a SWT token either on the Authorization or X-Authorization header as well as on the query string. Using the power of WIF, it is simple to transform the SWT token into an IClaimsPrincipal.

From that point on, you have all the unified identity representation benefits of WIF.

Download here.

This entry was posted in IdentityModel. Bookmark the permalink.

2 Responses to Integrating Simple Web Tokens (SWT) with WCF REST Services using WIF

  1. Alexey says:

    The Download is not available… :(

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s