Sharing OAuth Tokens Across Two Web API projects

Question

I have created a Web API application with OAuth token authentication. This worked without issue when the token server was running on the same application as the service. How

Answer 1

Just stumbled across this Q whilst researching this myself. The TL;DR answer is that Tokens are generated using the machineKey properties in the machine.config file: if you want to host on multiple servers you need to override this.

The MachineKey can be overridden in web.config :

Machine Keys should be generated locally - using an online service is not secure. KB Article for generating keys

Orginal ref for all this here http://bitoftech.net/2014/09/24/decouple-owin-authorization-server-resource-server-oauth-2-0-web-api