| CPC H04L 63/0807 (2013.01) [G06F 9/45558 (2013.01); H04L 63/20 (2013.01); G06F 2009/45587 (2013.01)] | 16 Claims |
|
1. A method of service to service authentication in a distributed computing system having multiple servers executing instructions to provide multiple platform services interactable with client services, the method comprising:
receiving, from a client service, a data package having (i) an access request to a platform service in the distributed computing system and (ii) a security token for authenticating the access request to the platform service;
in response to receiving the data package having the access request and the security token,
identifying a token type of the security token and an authentication scheme indicated in the access request for authenticating the access request by analyzing the received data package and parsing metadata in a digital data structure of the security token;
using the identified token type of the security token and the authentication scheme indicated in the access request as a key to locate a corresponding authentication pattern in a mapping table of token types, authentication schemes, and authentication patterns, the token types being categorized based on one or more token structures, token issuers, or token versions;
authenticating the received data package having the access request and the security token by identifying, in an authentication configuration of the platform service, an authentication policy corresponding to the authentication pattern, the authentication policy indicating a policy ID to the access request that has the authentication pattern for the platform service; and
authenticating the access request based on the security token by applying the identified authentication policy to the received data package; and
conditionally providing the client service access to the platform service.
|