OAuth 2.0

Transaction Tokens (Draft)

Demonstrating the IETF draft for Transaction Tokens (Txn-Tokens). Shows how a single, immutable token propagates user identity and authorization context securely down a multi-workload internal call chain.

Txn-Tokens Draft

GET https://api.example.com/orders200

An external client invokes the API Gateway using a standard OAuth 2.0 Access Token.

1 / 4

speed

Step 1: GET /orders

Request / response

GEThttps://api.example.com/orders

AuthorizationOAuth?

Bearer eyJ0eXAiOiJhdCtqd3QiLCJhbGciOiJIUzI1NiJ9...

External Access Tokenat+jwt

Header

{"typ"?Token type identifier. aa-agent+jwt = Agent Token, aa-resource+jwt = Resource Token, aa-auth+jwt = Auth Token:"at+jwt",
"alg":"HS256"
}

Payload

{"iss"?Issuer — who created and signed this token:"https://auth.example.com",
"sub"?Subject — who or what the token is about:"user123",
"aud"?Audience — which party should accept this token:"api_gateway",
"exp"?Expiration — Unix timestamp after which the token is invalid:1562266216,
"iat"?Issued At — Unix timestamp when the token was created:1562262616
}

sig: mock_sig_ext…