Part 7: Token Cloning
Building on the previous post, we discuss an architectural pattern for token handling called ’therapeutic token cloning’, which is particularly effective in environments that use multiple identity and access management products. The pattern involves duplicating, correcting, and then re-signing access tokens to make them functional and more secure. This article details the steps involved in the token cloning process, as well as the pros and cons of this approach.03.07.2024
Alexander Suchier
- Kong
- Gateway
- Token Cloning
- Zero-Trust Architecture
- JWT
- RFC 9068
- API Gateway
- OpenID Connect
- JWT Signer
➔
Other Topics
- aad
- acl
- agentic ai
- ai
- ai gateway
- ai riskmanagement
- android
- api developer portal
- api gateway
- api management
- api security
- app store
- argo-cd
- array of struct
- augmented reality
- automation
- aws
- best practice
- blockchain
- buildah
- ci
- ci/cd
- client certificate
- cloud
- compiler
- computing
- container
- control plane
- cowsay
- crossplane
- cybersecurity
- data
- data architecture
- data governance
- data lake
- data mesh
- data strategy
- data transfer
- data warehouse
- data-oriented design
- data-streams
- decentralization
- dependency management
- devcontainers
- development
- development environments
- devops
- devsecops
- dlt
- docker
- eks
- entity component system
- ethical ai
- etl
- external secrets
- fastlane
- financial services
- flutter
- frontend
- functions
- gateway
- genai
- github actions
- gitops
- hallucinations
- hashicorp vault
- hazelcast
- http/2
- infrastructure
- infrastructure as code
- integrated development environment
- java
- java 17
- jwt
- jwt signer
- kafka
- kafka connect
- kong
- kong plugin
- kubernetes
- kubernetes operator
- lcg
- lua module
- lxm
- mcp
- metrics
- microservices
- mixed reality
- mobile
- mobile development
- monitoring
- mtls
- multi-threading
- mutual tls
- oauth 2.0
- obo
- observability
- on-behalf-of
- openid connect
- openidconnect
- opentelemetry
- parameter store
- pdk
- perimeter security
- platform engineering
- play store
- plugin cloning
- plugins
- post-function
- pre-function
- priority-updater
- process automation
- prometheus
- quarkus
- rag
- rancher desktop
- random
- rca
- restful api
- rfc 9068
- rfc 9440
- root cause analysis
- rootless
- routing
- saml
- saml bearer assertion
- scalability
- sealed secrets
- secrets
- secrets manager
- security
- seo
- serverless
- servicemonitor
- software lifecycle
- software supply chain
- sport
- spring ai
- ssh
- ssm
- streamapi
- time to first byte
- token cloning
- token exchange
- token validation
- traffic management
- ttrp
- user experience
- vector database
- virtual reality
- visual studio code
- vpc
- vss
- web performance optimization
- xr technology
- zero-trust architecture
- zta