API Authentication

Home API Penetration Testing Course Malware Analysis API Authentication SSDLC IS Auditing, Controls and Assurance Cyber Incident Response Security of the Pipeline Security in the Pipeline Container Security Infrastructure as Code

Introduction
API Authentication - a (very) brief introduction
OAuth Actors
OAuth 2.0 Interaction patterns
Tokens
Scopes and Claims
APIs and Gateways
Final Assessment

Powered by GitBook

On this page

Claims

PreviousExample NextHow to identity data to put in the token

Last updated 3 months ago

Key value items
Inside the token
Asserted by the issuer
Claim truth about the subject
Can be used for fine grained access control
Example
- subject=jacob
  - age=42
  - profession=geek
  - workplace=Google
  - subscription_level=gold

The Access token claims

Can be the API for your API

Single source of truth for identity data

Avoid external calls from the APi

Design a common Identity API for your APIs

Can be different depending on the scopes in the token