LIGHT

  • News
  • Docs
  • Community
  • Reddit
  • GitHub
Star

Subject Token

As described in security architecture, light platform uses two tokens to secure service to service calls. One token is the original token from the login user and it has original caller information and possible additional info for fine-grained authorization. This token is called Subject Token.

The Subject Token represents a person and it has user_id and potential additional user info.

There are two way to get this token.

  • Authorization Grant Flow for OAuth 2.0 provider

  • OpenID Connect

This token is passed in request header “Authorization” in most of the cases and if the token contains scope info to access the immediate API/service, then no Access Token is needed. This is the situation webserver as a client calling APIs.

  • About Light Platform
    • Overview
    • Testimonials
    • What is Light
    • Features
    • Principles
    • Benefits
    • Roadmap
    • Community
    • Articles
    • Videos
    • License
  • Getting Started
    • Get Started Overview
    • Environment
    • Light Codegen Tool
    • Light Rest 4j
    • Light Tram 4j
    • Light Graphql 4j
    • Light Hybrid 4j
    • Light Eventuate 4j
    • Light Oauth2
    • Light Portal Service
    • Light Proxy Server
    • Light Router Server
    • Light Config Server
    • Light Saga 4j
    • Light Session 4j
    • Webserver
    • Websocket
    • Spring Boot Servlet
  • Architecture
    • Architecture Overview
    • API Category
    • API Gateway
    • Architecture Patterns
    • CQRS
    • Eco System
    • Event Sourcing
    • Fail Fast vs Fail Slow
    • Integration Patterns
    • JavaEE declining
    • Key Distribution
    • Microservices Architecture
    • Microservices Monitoring
    • Microservices Security
    • Microservices Traceability
    • Modular Monolith
    • Platform Ecosystem
    • Plugin Architecture
    • SOA
    • Scalability and Performance
    • Serverless
    • Service Collaboration
    • Service Mesh
    • Spring is bloated
    • Stages of API Adoption
    • Transaction Management
    • Microservices Cross-cutting Concerns Options
    • Service Mesh Plus
    • Service Discovery
  • Design
    • Design Overview
    • Design First vs Code First
    • Desgin Pattern
    • Service Evolution
    • Consumer Contract and Consumer Driven Contract
    • Handling Partial Failure
    • Idempotency
    • Environment Segregation
    • Multi-Tenancy
    • Why check token expiration
    • WebServices to Microservices
  • Cross-Cutting Concerns
    • Concerns Overview
  • API Styles
    • Light-4j for absolute performance
    • Style Overview
    • Distributed session on IMDG
    • Eventuate - Event Sourcing and CQRS
    • Hybrid - Modularized Monolithic
    • REST - Representational state transfer
    • Saga - Distributed Transactions
    • Tram - Transactional Messaging
    • Web Server with Light Platform
    • Websocket with light platform
    • Spring Boot Integration
    • Single Page Application
    • GraphQL - A query language for your API
  • Infrastructure Services
    • Service Overview
    • Light Proxy
    • Light Router
    • Introduction
    • Architecture
    • Light Portal
    • Messaging Infrastructure
    • Centralized Logging
    • Light OAuth2
    • Services
    • Metrics and Alerts
    • Reference
    • Config Server
    • Tokenization
  • Tool Chain
    • Tool Chain Overview
  • Utility Library
  • Service Consumer
    • Service Consumer
  • Development
    • Development Overview
    • Best Practices
    • Development Flow
    • Platform Developer
    • Develop Build
    • Application
    • Service Provider Developer
    • Service Consumer Developer
  • Deployment
    • Deployment Overview
    • Frontend Backend
    • Linux Service
    • Windows Service
    • Install Eventuate on Windows
    • Secure API
    • Client vs light-router
    • Memory Limit
    • Deploy to Kubernetes
  • Benchmark
    • Benchmark Overview
  • Tutorial
    • Tutorial Overview
  • Troubleshooting
    • Troubleshoot
  • FAQ
    • FAQ Overview
  • Milestones
  • Contribute
    • Contribute to Light
    • Development
    • Documentation
    • Example
    • Tutorial
“Subject Token” was last updated: April 2, 2019: fixes #62 add Chinese language for the document site (5c820aa)
Improve this page
  • News
  • Docs
  • Community
  • Reddit
  • GitHub
  • About Light Platform
  • Getting Started
  • Architecture
  • Design
  • Cross-Cutting Concerns
  • API Styles
  • Infrastructure Services
  • Tool Chain
  • Utility Library
  • Service Consumer
  • Development
  • Deployment
  • Benchmark
  • Tutorial
  • Troubleshooting
  • FAQ
  • Milestones
  • Contribute