| CPC H04L 9/3213 (2013.01) [G06F 16/27 (2019.01); H04L 63/083 (2013.01)] | 20 Claims |
|
1. A method, comprising:
receiving, by a manager instance of a computing system, a first request for a first token to access a computing resource, the first request from a computing process of a plurality of computing processes associated with a service account,
determining, by the manager instance of the computing system, an identity of the service account based at least in part on an authentication;
generating, by the manager instance of the computing system, a second request for the first token based at least in part on the authentication;
transmitting, by the manager instance of the computing system, the second request to a token issuance service of the computing system, the second request comprising a manager instance signature and the identity of the service account;
generating, by the token issuance service of the computing system, a third request for the first token, the third request comprising the identity of the service account and a token issuance service signature;
transmitting, by the token issuance service of the computing system, the third request to an identity service of the computing system;
determining, by the identity service of the computing system, whether to generate the first token based at least in part on a policy associated with the service account; and
generating, by the identity service of the computing system, the first token based at least in part on determining whether to generate the first token.
|