This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Phantom Token Flow
Phantom Token Flow

Version management

Difference between version and

At line 1 added 138 lines
!!! Overview
[{$pagename}] is an implementation for securing [APIs] and [microservices] that combines the security of [opaque tokens] with the convenience of [JSON Web Token] ([JWT]).
[{$pagename}] concept is to have a pair of a [by-reference] (or [Opaque token]) and a [by-value] [tokens]. The [client] (often a [OAuth Client]) is not aware of the [JWT] and only encounters the [Opaque token]
When a [client] asks for a token the [Token Service Provider] the [Opaque token].
The Internal [APIs] and [microservices] call the [Token Service Provider] for resolving the [Opaque token] for every [request] the pattern takes advantage of an [API-Gateway], [Reverse Proxy] or any other [middleware] that is usually placed between the [client] and the [Services] or [Resources]. In that way the [APIs] and [microservices] can benefit from the [JWT] without exposing any [data] or [Private data] to the [client] as the client will only retrieve an [opaque token].
[{$pagename}] enables consistent security across [Services]. Each [Service] expects an [Access Token] in [JSON Web Token] ([JWT]) Format. On the [Internet] [opaque tokens|Opaque token] are exchanged for for [JWTs] in the [{$pagename}].
Which allows exposure of [Opaque token] externally and ensuring proper [Access Control] internally.
[{$pagename}] may make use of the [Token Introspection Endpoint] for resolution or exchange of the [Opaque token]
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Introspection and Phantom Tokens|https://curity.io/resources/tutorials/howtos/integration/introspect-with-phantom-token/|target='_blank'] - based on information obtained 2020-10-06
* [#2] - [The Phantom Token Approach|https://curity.io/resources/architect/api-security/phantom-token-pattern/|target='_blank'] - based on information obtained 2020-10-06
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop