Online Courses
API Authentication
Online Courses
API Authentication
  • Introduction
  • API Authentication - a (very) brief introduction
    • The variants of API Authentication
    • Basic Authentication
    • API Keys
    • TLS Authentication
    • Token Based Authentication
    • Token Based Authentication and Authorization
    • OpenID Connect vs OAuth
    • History
    • Summary
    • Quiz
  • OAuth Actors
    • OAuth Actors
    • OAuth 2.0 Autors
    • Authorization vs Delegation
    • Quiz
  • OAuth 2.0 Interaction patterns
    • OAuth Code Flow
    • Client Credentials
    • Summary
    • Quiz
  • Tokens
    • Tokens
    • Formats
      • Bearer
      • PoP Tokens
    • Using an Access Token
    • Using a DPoP Access Token
    • JSON Web Token
    • Summary
    • Quiz
  • Scopes and Claims
    • What are scopes?
    • User Consent
    • Example
    • Claims
    • How to identity data to put in the token
    • Scopes and claim hierarcy
    • Putting it together
    • Summary
    • Quiz
  • APIs and Gateways
    • Why Gateways
    • Adding OAuth
    • Remember formats?
    • All APIs should depend on JWTs
    • Introspection
    • API to API call
    • API Authorization
    • Summary
    • Quiz
  • Final Assessment
Powered by GitBook
On this page
  1. Scopes and Claims

Claims

PreviousExampleNextHow to identity data to put in the token

Last updated 9 months ago

  • Key value items

  • Inside the token

  • Asserted by the issuer

  • Claim truth about the subject

  • Can be used for fine grained access control

  • Example

    • subject=jacob

      • age=42

      • profession=geek

      • workplace=Google

      • subscription_level=gold

The Access token claims

Can be the API for your API

Single source of truth for identity data

Avoid external calls from the APi

Design a common Identity API for your APIs

Can be different depending on the scopes in the token