Subject Token

As described in security architecture, Light uses two tokens to secure service to service calls. One token is the original token from the login user that has original caller information and possible additional info for fine-grained authorization. This token is called Subject Token.

The Subject Token represents a person and it has user_id and potential additional user info.

There are two way to get this token.

  • Authorization Grant Flow for OAuth 2.0 provider

  • OpenID Connect

This token is passed in request header “Authorization” in most of the cases and if the token contains scope info to access the immediate API/service, then no Access Token is needed. This is the situation webserver as a client calling APIs.

“Subject Token” was last updated: July 5, 2021: fixes #275 checked and corrected grammar/spelling for majority of pages (#276) (b3bbb7b)
Improve this page