Securing APIs Using OAuth and Phantom Tokens with NGINX

September 11, 2019 1:45 pm — September 11, 2019 2:20 pm 

OAuth is the established method for securing APIs. To ensure a good balance between security, privacy, and developer experience, OAuth tokens need to be managed in the proper way. The Phantom Token flow describes a good practice for sending opaque tokens on the Internet and trading them for JWTs internally by leveraging a capable API gateway. In this session, Travis introduces Phantom Tokens and describes how to apply them to the normal OAuth and OpenID Connect flows using NGINX Controller.

Topics include:

  • How to provide secure and privacy‑aware APIs
  • OAuth and OpenID Connect
  • When and how to use opaque tokens and JWTs
  • Combining NGINX Controller with an external OAuth server