search cancel

Opaque Token support - OTK 4.4

book

Article ID: 243382

calendar_today

Updated On:

Products

CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7)

Issue/Introduction

Need support for "Layer 7 API gateway version 10" for some reason 

Whether Api gate v10 (OTK 4.4) support Opaque token?

Opaque token requirement:

The opaque token is a random unique string of characters issued by the authorization server. It is one of the possible formats that access tokens or refresh tokens can take. The opaque token does not pass any identifiable information on the user so it’s impossible for the resource server to make any authorization decisions based on the opaque token itself. The opaque contains an identifier to information stored on the authorization server. To validate the token and retrieve the information on the token and the user, the resource server calls the authorization server and requests the token introspection.

Environment

Release : 3.4

Component : Integration with APM

Resolution

https://docs.authorization.cloudentity.com/features/oauth/tokens/jwt/#jwt-example

The token is Opaque tokens are UUIDs they are random unique string of characters issued by the authorization server.

It can be encrypted, but OAUTH tokens do not require encryption in the OTK database because they are random UUID's generated as opaque tokens and not related to any identifiable client info.

 

"Is that any service\end point (like introspection url) available to exchange opaque access token with JWT access token?"

It is either Opaque or JWT.  And there is NO endpoint/service for exchanging the Opaque for JWT. 

Note you can look into customizes end point:  Either add a separate endpoint for this exchange (Opaque to JWT and vice versa) and leverage that appropriately before calling any OTK endpoints (token, introspect/validate, etc.,)  or they have to customize their OTK solution for this exchange.