Securing APIs Using OAuth and Phantom Tokens with NGINX

In this API Management track session, Travis Spencer (CEO, Curity) goes over how OAuth is the established method for securing APIs. To ensure a good balance between security, privacy, and developer experience, OAuth tokens need to be managed in the proper way. The Phantom Token flow describes a good practice for sending opaque tokens on the Internet and trading them for JWTs internally by leveraging a capable API gateway. In this session, Travis introduces Phantom Tokens and describes how to apply them to the normal OAuth and OpenID Connect flows using NGINX Controller.

Attendees to the session will:

Learn how to provide secure and privacy‑aware APIs
Have a deeper understanding of OAuth and OpenID Connect
Learn when and how to use opaque tokens and JWTs
Understand how to combine NGINX Controller with an external OAuth server

To learn more, go to www.nginx.com.

• Category

  How-to & Style