Subject Token

As described in security architecture, light platform uses two tokens to secure service to service calls. One token is the original token from the login user and it has original caller information and possible additional info for fine-grained authorization. This token is called Subject Token.

The Subject Token represents a person and it has user_id and potential additional user info.

There are two way to get this token.

  • Authorization Grant Flow for OAuth 2.0 provider

  • OpenID Connect

This token is passed in request header “Authorization” in most of the cases and if the token contains scope info to access the immediate API/service, then no Access Token is needed. This is the situation webserver as a client calling APIs.

“Subject Token” was last updated: April 2, 2019: fixes #62 add Chinese language for the document site (5c820aa)
Improve this page