A Lua plugin to receive incoming opaque tokens and forward JWT access tokens to APIs

$ luarocks install lua-resty-phantom-token

The Curity Phantom Token plugin is a Lua library used to forward JWT access tokens to APIs.
It can be used with NGINX based systems with the Lua module enabled, such as OpenResty.
The Identity Server issues opaque tokens to internet clients and stores the JWT access tokens.
This is a privacy preserving pattern to ensure that no sensitive token related information is revealed.
During API requests the plugin introspects the opaque token to get the JWT.
The JWT access token is then forwarded to the API using the HTTP Authorization header.
All of this keeps plumbing out of APIs, so that they are able to use simple authorization code.


2.0.0-1336 days ago141 downloads
1.1.1-11 year ago31 downloads
1.1.0-11 year ago7 downloads


lua >= 5.1
lua-resty-http >= 0.16.1-0
lua-resty-jwt >= 0.2.3-0