Quiz

Question 1

Which is the standard flow to use in a gateway to know what's inside an opaque token

Solution

Introspection

Question 2

The phantom token flow defines a pattern to:

Solution

Hide sensitive data on the Internet but expose it internally

Question 3

There are three methods to use tokens for API to API calls

Solution

Exchange, embed, share

Question 4

What is good practice for the gateway when it comes to authorization

Solution

To validate the token and inspect the scopes to perform a coarse grained authorization decision