Owin WebApi 2 - Decrypting OAuth Key on a Standalone Platform
We have a WebAPI 2 project that uses an OAuth2 provider in OWIN / Katana.
Is it possible to provide a token that is generated on a different platform that does not run the same API so that they can decrypt the token and retrieve the claim? Obviously, machine keys must be synchronized; but does anyone have any experience?
I'm not selling 100% on this yet, as I am firmly convinced that I have one authorization server, however, feedback is welcome and is it really a bug or not.
source to share