API Authentication

Claims

  • Key value items

  • Inside the token

  • Asserted by the issuer

  • Claim truth about the subject

  • Can be used for fine grained access control

  • Example

    • subject=jacob

      • age=42

      • profession=geek

      • workplace=Google

      • subscription_level=gold

The Access token claims

Can be the API for your API

Single source of truth for identity data

Avoid external calls from the APi

Design a common Identity API for your APIs

Can be different depending on the scopes in the token

PreviousExampleNextHow to identity data to put in the token

Last updated