A Lua plugin to receive incoming opaque tokens and forward JWT access tokens to APIs

$ luarocks install lua-resty-phantom-token

The Curity Phantom Token plugin is a Lua library used to forward JWT access tokens to APIs.
It can be used with NGINX based systems with the Lua module enabled, such as OpenResty.
The Identity Server issues opaque tokens to internet clients and stores the JWT access tokens.
This is a privacy preserving pattern to ensure that no sensitive token related information is revealed.
During API requests the plugin introspects the opaque token to get the JWT.
The JWT access token is then forwarded to the API using the HTTP Authorization header.
All of this keeps plumbing out of APIs, so that they are able to use simple authorization code.


2.0.1-142 days ago4 downloads
2.0.0-11 year ago531 downloads
1.1.1-12 years ago35 downloads
1.1.0-12 years ago11 downloads


lua >= 5.1
lua-resty-http >= 0.16.1-0
lua-resty-jwt >= 0.2.3-0