Overview#Phantom Token Flow is an implementation for securing APIs and microservices that combines the security of opaque tokens with the convenience of JSON Web Token (JWT).
The Internal APIs and microservices call the Token Service Provider for resolving the Opaque token for every request the pattern takes advantage of an API-Gateway, Reverse Proxy or any other middleware that is usually placed between the client and the Services or Resources. In that way the APIs and microservices can benefit from the JWT without exposing any data or Private data to the client as the client will only retrieve an opaque token.
Phantom Token Flow enables consistent security across Services. Each Service expects an Access Token in JSON Web Token (JWT) Format. On the Internet opaque tokens are exchanged for for JWTs in the Phantom Token Flow.