Session 5: Design tokens for your APIs
Using tokens for access to an API is just the beginning. The token itself can be shaped to contain all the details the API needs in order to properly authorize the request. This means that the token itself is an API for the APIs. Using claims, tokens can be shaped to create a valuable resource in your API infrastructure.
- The difference between Scope and Claims
- How to design a token
- Using Scope
- Adding Claims
- Thinking API first: Define a contract with the API
- Thinking API first: Authorization in the API using scope and Claims
Related resources
- Centralizing Identity Data
- Scopes, Claims and the Client
- Introduction to Scopes
- Introduction to Claims
- Using Claims in APIs
Course Outline
1
Session 1: Introduction to OAuth
2
Session 2: OAuth vs OpenID Connect
3
Session 3: Tokens and APIs
4
Session 4: Server to Server Communication with OAuth
5
Session 5: Design tokens for your APIs
6
Session 6: Dynamic Clients and Metadata
7
Session 7: OAuth for Mobile Applications
8
Session 8: OAuth for Single Page Applications
Next steps
Ready to modernize IAM?
Start Today - Build security and improve ease of use to stay ahead of the competition.
