kong-phantom-token

A Lua plugin to receive incoming opaque tokens and forward JWT access tokens to APIs

Uploader

curity.io

License

Apache 2.0

Homepage

curity.io/product/token-servic...

Downloads

2,594
$ luarocks install kong-phantom-token

The Curity Phantom Token plugin is a Lua library used to forward JWT access tokens to APIs.
It can be used with the Kong API Gateway, including the open source version.
The Identity Server issues opaque tokens to internet clients and stores the JWT access tokens.
This is a privacy preserving pattern to ensure that no sensitive token related information is revealed.
During API requests the plugin introspects the opaque token to get the JWT.
The JWT access token is then forwarded to the API using the HTTP Authorization header.
All of this keeps plumbing out of APIs, so that they are able to use simple authorization code.

Versions

2.0.0-11 year ago2,041 downloads
1.1.1-11 year ago495 downloads
1.1.0-11 year ago12 downloads

Dependencies

lua >= 5.1
lua-resty-http >= 0.16.1-0
lua-resty-jwt >= 0.2.3-0

Manifests

root
Home · Search · Root Manifest · Manifests · Modules · Changes · About
@luarocksorg · a45b250 · Source · Issues