ID Tokens are JSON Web Tokens (JWTs) signed by an OIDC-compliant identity provider and returned as part of the OAuth2 response that attest to the end user's identity. An example of the decoded JWT looks as follows:
{ "iss": "https://myapp.eu.auth0.com", "sub": "CgcyMzQyNzQ5EgZnaXRodWI", "aud": "example-app", "exp": 1492882042, "iat": 1492795642, "at_hash": "bi96gOXZShvlWYtal9Eqiw", "email": "jane.doe@coreos.com", "email_verified": true, "groups": [ "admins", "developers" ], "name": "Jane Doe"}
As Kyma is built on top of Istio Service Mesh, service-to-service authentication and encryption is enabled with Istio MutualTLS. For details, read the Kyma-specific Istio configuration documentation.
Kyma uses a custom API Gateway component that is built on top of ORY Oathkeeper. The API Gateway allows exposing user applications within the Kyma environment and secures them if necessary. You can then access the secured resources using authentication options.