Nginx Phantom Token Module

Nginx Phantom Token Module

Code Examples / api-integration

An NGINX module that introspects access tokens according to RFC 7662, producing a “phantom token” that can be forwarded to back-end APIs and Web services.

This module, when enabled, filters incoming requests, denying access to those which do not have a valid OAuth access token presented in an Authorization header. From this header, the access_token is extracted and introspected using the configured endpoint. The JWT obtained from the introspection endpoint replaces the access token in the header of the request that is forwarded by NGINX to the back-end. If the token is not valid or absent, no request to the back-end is made and the caller is given a 401, unauthorized, error.

View Plugin on Github

Let’s Stay in Touch!

Get the latest on identity management, API Security and authentication straight to your inbox.

Keep up with our latest articles and how-tos using RSS feeds