From the course: Microservices: Security
Join today to access over 24,700 courses taught by industry experts.
Token maintenance and protection
From the course: Microservices: Security
Token maintenance and protection
- [Instructor] After a token has been issued, a few maintenance activities may take place before the token reaches its end of life. To help manage these activities, the identity and access management platform may add some token management features that are optional or not completely defined for authorization servers in the OAuth specification. In the best case scenario, a token is used for appropriate access by a client until it reaches its expiration date. At this point, it no longer can be used for access to a microservice. This is typically achieved by setting an expires in claim on the access token or storing information regarding its expiration date. In general, it is best to keep the access token short-lived, so that if it were to be compromised, it doesn't provide access for a long period of time. In some scenarios, clients may be provided with a refresh token that allows them to obtain a new access token without…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Tokens4m 41s
-
(Locked)
OAuth 2 primer4m 58s
-
(Locked)
OAuth in Microsoft Entra6m 31s
-
Register client applications4m 26s
-
(Locked)
Issuing tokens5m 28s
-
(Locked)
Work with OAuth 2.0 endpoints7m 26s
-
(Locked)
Issuing identity tokens with OIDC6m 40s
-
(Locked)
Token validation6m 47s
-
(Locked)
Token maintenance and protection3m 58s
-
(Locked)
-
-
-