| CPC H04L 63/0853 (2013.01) [H04L 63/0823 (2013.01)] | 12 Claims |
|
1. A computer-implemented method for secure access token forwarding between components in cloud platforms, the method being executed by one or more processors and comprising:
receiving, from a first component and by a second component in a cloud platform, a first call, a token, and a first client certificate, the token comprising a field populated with a manifest as a set of client identifiers, the manifest being generated by a central identity and authentication service (IAS) of the cloud platform during creation of the token and defining legs of allowed communication paths between components within the cloud platform, at least one leg defined in the manifest comprising the first component and the second component, the token being received by the first component and being forwarded unchanged from the first component to the second component;
determining, by the second component, a first client identifier associated with the first component, the first client identifier being determined from the first client certificate; and
determining, by the second component, that the first client identifier is included in the manifest of the token, and in response, executing functionality responsive to the first call, wherein executing functionality responsive to the first call at least partially comprises transmitting, from the second component and to a third component, a second call with the token,
wherein the token is provided to the first component in response to a request from the first component to a central identity and authentication service (IAS) of the cloud platform, the request including the first client certificate, and
wherein the token comprises an open authentication (OAuth) client and the field comprises an audience field, and the first client certificate comprises a X.509 client certificate.
|