A Lua plugin to receive incoming opaque tokens and forward JWT access tokens to APIs

$ luarocks install kong-phantom-token

The Curity Phantom Token plugin is a Lua library used to forward JWT access tokens to APIs.
It can be used with the Kong API Gateway, including the open source version.
The Identity Server issues opaque tokens to internet clients and stores the JWT access tokens.
This is a privacy preserving pattern to ensure that no sensitive token related information is revealed.
During API requests the plugin introspects the opaque token to get the JWT.
The JWT access token is then forwarded to the API using the HTTP Authorization header.
All of this keeps plumbing out of APIs, so that they are able to use simple authorization code.


2.0.1-141 days ago30 downloads
2.0.0-11 year ago3,094 downloads
1.1.1-12 years ago495 downloads
1.1.0-12 years ago12 downloads


lua >= 5.1
lua-resty-http >= 0.16.1-0
lua-resty-jwt >= 0.2.3-0