!!! Overview
[{$pagename}] is an implementation for securing [APIs] and [microservices] that combines the security of [opaque tokens] with the convenience of [JSON Web Token] ([JWT]). 


[{$pagename}] concept is to have a pair of a [by-reference] (or [Opaque token]) and a [by-value] [tokens]. The [client] (often a [OAuth Client]) is not aware of the [JWT] and only encounters the [Opaque token]

When a [client] asks for a token the [Token Service Provider] the [Opaque token]. 

The Internal [APIs] and [microservices] call the [Token Service Provider] for resolving the [Opaque token] for every [request] the pattern takes advantage of an [API-Gateway], [Reverse Proxy] or any other [middleware] that is usually placed between the [client] and the [Services] or [Resources]. In that way the [APIs] and [microservices] can benefit from the [JWT] without exposing any [data] or [Private data] to the [client] as the client will only retrieve an [opaque token].


[{$pagename}] enables consistent security across [Services]. Each [Service] expects an [Access Token] in [JSON Web Token] ([JWT]) Format. On the [Internet] [opaque tokens|Opaque token] are exchanged for for [JWTs] in the [{$pagename}].

Which allows exposure of [Opaque token] externally and ensuring proper [Access Control] internally.

[{$pagename}] may make use of the [Token Introspection Endpoint] for resolution or exchange of the [Opaque token]

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Introspection and Phantom Tokens|https://curity.io/resources/tutorials/howtos/integration/introspect-with-phantom-token/|target='_blank'] - based on information obtained 2020-10-06 
* [#2] - [The Phantom Token Approach|https://curity.io/resources/architect/api-security/phantom-token-pattern/|target='_blank'] - based on information obtained 2020-10-06