Abstract: The present disclosure relates to computer-implemented methods, software, and systems for validating and revoking security tokens. A request for a resource is received at an application server and from a client. The request is associated with a security token for authenticating the client by the application server. A public key of an authentication server is acquired at the application server for authenticating requests at the application server. A signature of the security token is validated at the application server. By validating the signature of the security token, it is determined whether the security token is validly issued by the authentication server. In response to the received request, the application server determines at an identifier that is associated with the client and validates the security token based on the identifier to determine whether to serve the received request and provide the resource.

Abstract: The present disclosure relates to computer-implemented methods, software, and systems for generating access tokens at an authentication server based on authorization codes. A first authorization server from a set of authorization servers receives a request for authorization of a request to access a resource by a resource owner. The first authorization server validates the request for authorization of the request to generate an authorization code. In response to successful validation of the request for authorization to generate the authorization code, the first authorization server generates a single-use authorization code by signing the generated authorization code with a unique private key. A unique public key is maintained for verifying the signed authorization code. The single-use authorization code is generated in a self-contained format.

Abstract: The present disclosure relates to computer-implemented methods, software, and systems for generating access tokens at an authentication server based on authorization codes. A first authorization server from a set of authorization servers receives a request for authorization of a request to access a resource by a resource owner. The first authorization server validates the request for authorization of the request to generate an authorization code. In response to successful validation of the request for authorization to generate the authorizaction code, the first authorization server generates a single-use authorization code by signing the generated authorization code with a unique private key. A unique public key is maintained for verifying the signed authorization code. The single-use authorization code is generated in a self-contained format.

Abstract: The present disclosure relates to computer-implemented methods, software, and systems for securely generating a new access token based on relatively long-lasting refresh tokens in self-contained format. A first request to generate a new access token for authorization of a client application with an application server is received and includes a first protected version of a refresh token. The first protected version of the refresh token is an encrypted version of the refresh token based on a first client identifier. The first protected version of the refresh token is decrypted to determine content of the refresh token based on a second client identifier of the client application that is externally invoked for validating the authorization. In response to successfully decrypting the first protected version, performing a validation of the refresh token. In response to successfully validating the refresh token, generating the new access token and providing it to the client application.

Abstract: The present disclosure relates to computer-implemented methods, software, and systems for validating and revoking security tokens. A request for a resource is received at an application server and from a client. The request is associated with a security token for authenticating the client by the application server. A public key of an authentication server is acquired at the application server for authenticating requests at the application server. A signature of the security token is validated at the application server. By validating the signature of the security token, it is determined whether the security token is validly issued by the authentication server. In response to the received request, the application server determines at an identifier that is associated with the client and validates the security token based on the identifier to determine whether to serve the received request and provide the resource.

Abstract: The present disclosure relates to computer-implemented methods, software, and systems for securely generating a new access token based on relatively long-lasting refresh tokens in self-contained format. A first request to generate a new access token for authorization of a client application with an application server is received and includes a first protected version of a refresh token. The first protected version of the refresh token is an encrypted version of the refresh token based on a first client identifier. The first protected version of the refresh token is decrypted to determine content of the refresh token based on a second client identifier of the client application that is externally invoked for validating the authorization. In response to successfully decrypting the first protected version, performing a validation of the refresh token. In response to successfully validating the refresh token, generating the new access token and providing it to the client application.

Abstract: The present disclosure relates to computer-implemented methods, software, and systems for securely generating a new access token based on relatively long-lasting refresh tokens in self-contained format. A first request to generate a new access token for authorization of a client application with an application server is received and includes a first protected version of a refresh token. The first protected version of the refresh token is an encrypted version of the refresh token based on a first client identifier. The first protected version of the refresh token is decrypted to determine content of the refresh token based on a second client identifier of the client application that is externally invoked for validating the authorization. In response to successfully decrypting the first protected version, performing a validation of the refresh token. In response to successfully validating the refresh token, generating the new access token and providing it to the client application.

Abstract: The present disclosure relates to computer-implemented methods, software, and systems for generating access tokens at an authentication server based on authorization codes. A first authorization server from a set of authorization servers receives a request for authorization of a request to access a resource by a resource owner. The first authorization server validates the request for authorization of the request to generate an authorization code. In response to successful validation of the request for authorization to generate the authorizaction code, the first authorization server generates a single-use authorization code by signing the generated authorization code with a unique private key. A unique public key is maintained for verifying the signed authorization code. The single-use authorization code is generated in a self-contained format.

Abstract: The present disclosure relates to computer-implemented methods, software, and systems for validating and revoking security tokens. A request for a resource is received at an application server and from a client. The request is associated with a security token for authenticating the client by the application server. A public key of an authentication server is acquired at the application server for authenticating requests at the application server. A signature of the security token is validated at the application server. By validating the signature of the security token, it is determined whether the security token is validly issued by the authentication server. In response to the received request, the application server determines at an identifier that is associated with the client and validates the security token based on the identifier to determine whether to serve the received request and provide the resource.

Abstract: Disclosed herein are system, method, and computer program product embodiments for deploying a configurable throttling library in a cloud platform that throttles requests according to fully customizable parameters across each origin and resource. An administrator can harness the full customization provided by the throttling library to specify increment, decrement, delay, threshold, expiration, and rejection policies. These policies allow administrators to specify parameters guiding throttling on a per-user and a per-resource basis, thus providing significantly enhanced configuration capabilities to the administrator to tailor the throttling to the unique requirements of their applications and the usage thereof.

Abstract: Disclosed herein are system, method, and computer program product embodiments for deploying a configurable throttling library in a cloud platform that throttles requests according to fully customizable parameters across each origin and resource. An administrator can harness the full customization provided by the throttling library to specify increment, decrement, delay, threshold, expiration, and rejection policies. These policies allow administrators to specify parameters guiding throttling on a per-user and a per-resource basis, thus providing significantly enhanced configuration capabilities to the administrator to tailor the throttling to the unique requirements of their applications and the usage thereof.

Abstract: An archive file including an extension server runtime of the arbitrary server and one or more auxiliary computer modules is received. Input values of one or more configuration parameters including a number of extension server nodes to be installed are received. The archive file is extracted at a file system of the at least one server instance. The extracted extension server runtime is read by an extension server bootstrap from the one or more auxiliary modules. The number of extension server nodes as specified by the input values are installed based on the extracted extension server runtime on the at least one server instance by the extension server bootstrap.

Abstract: A package including a native monitoring library and a shared memory API interface to the native monitoring library is integrated into an arbitrary server to reuse monitoring performed by a server instance of a cluster of server instances. The one or more extension server nodes are installed on a server instance from the cluster of server instances based the arbitrary server. Status information is reported to the shared memory via the shared memory API by the installed extension server nodes. Logging format native to the arbitrary server is reconfigured according to input values of configuration parameters that specify logging format native to server nodes running on the server instance. An application is deployed on each of one or more extension server nodes. The deployment operation of the application is transactional. Security control for the deployed application is delegated to the cluster of server instances.

Abstract: An archive file including an extension server runtime of the arbitrary server and one or more auxiliary computer modules is received. Input values of one or more configuration parameters including a number of extension server nodes to be installed are received. The archive file is extracted at a file system of the at least one server instance. The extracted extension server runtime is read by an extension server bootstrap from the one or more auxiliary modules. The number of extension server nodes as specified by the input values are installed based on the extracted extension server runtime on the at least one server instance by the extension server bootstrap.

Abstract: In one aspect, a metadata of an application is received. The metadata describes a number of artifacts of the computer application. Based on a reference in the application metadata, at least one service that the application is configured to access is determined. In another aspect, additional metadata describing artifacts associated with the at least one service are identified. The artifacts associated with the at least one service and the artifacts of the computer application are selected for installation of the computer application.

Abstract: In one aspect, a metadata of an application is received. The metadata describes a number of artifacts of the computer application. Based on a reference in the application metadata, at least one service that the application is configured to access is determined. In another aspect, additional metadata describing artifacts associated with the at least one service are identified. The artifacts associated with the at least one service and the artifacts of the computer application are selected for installation of the computer application.