From the course: Microservices: Security

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Token validation

Token validation

From the course: Microservices: Security

Start my 1-month free trial

Token validation

- [Instructor] Tokens are sensitive pieces of information that must be validated because they grant access to the microservices that sit behind an API. In a token-based security scheme, the token is held by the client between requests and it is passed to the resource server with each request. The resource server cannot blindly trust every token it receives because an attacker may have stolen and tampered with it. In order to make an access control decision, a microservice must validate the authenticity of the token. The measures used to verify a token depend upon the type of the token. If the token is a reference token, it needs to be introspected at the authorization server. Meaning we send it back to the authorization server to learn more about the state of the token or in simple terms, we learn if it's valid. The OAuth 2.0 token Introspection Standard is an extension of OAuth that governs this process. If using…

Contents