Securing APIs Using OAuth and Phantom Tokens with NGINX
OAuth is the established method for securing APIs. To ensure a good balance between security, privacy, and developer experience, OAuth tokens need to be managed in the proper way. The Phantom Token flow describes a good practice for sending opaque tokens on the Internet and trading them for JWTs internally by leveraging a capable API gateway. In this session, Travis introduces Phantom Tokens and describes how to apply them to the normal OAuth and OpenID Connect flows using NGINX Controller.
Topics include:
- How to provide secure and privacy‑aware APIs
- OAuth and OpenID Connect
- When and how to use opaque tokens and JWTs
- Combining NGINX Controller with an external OAuth server