Abstract: A client application is specified by a target tenant and represented in an OAuth provider, along with a corresponding secret. A source tenant consents to permissions to be executed by the client application on a resource of the source tenant. A target service uses the secret to obtain an access token from an authorization server coupled to the source tenant and uses the access token to obtain access, specified by the permissions, to the resource served by a source service acting on behalf of the source tenant.

Abstract: A service computing system receives an API call in which an authorization token, that contains an identifier in the content of the authorization token, is included in a header of the API call. The identifier is also included as a parameter passed in with the API call. The service computing system parses the API call to obtain the authorization token, and the identifier included in the authorization token. It also obtains the identifier passed in as a parameter of the API call. The service computing system compares the identifier obtained from the authorization token to the identifier passed in as a parameter of the API call to determine whether they match. If they do not match, the API call is processed as an unauthorized API call. A security system in the service computing system authorizes the API call based on the comparison.

Abstract: A client application is specified by a target tenant and represented in an OAuth provider, along with a corresponding secret. A source tenant consents to permissions to be executed by the client application on a resource of the source tenant. A target service uses the secret to obtain an access token from an authorization server coupled to the source tenant and uses the access token to obtain access, specified by the permissions, to the resource served by a source service acting on behalf of the source tenant.

Abstract: A client application is specified by a target tenant and represented in an OAuth provider, along with a corresponding secret. A source tenant consents to permissions to be executed by the client application on a resource of the source tenant. A target service uses the secret to obtain an access token from an authorization server coupled to the source tenant and uses the access token to obtain access, specified by the permissions, to the resource served by a source service acting on behalf of the source tenant.

Abstract: A service computing system receives an API call in which an authorization token, that contains an identifier in the content of the authorization token, is included in a header of the API call. The identifier is also included as a parameter passed in with the API call. The service computing system parses the API call to obtain the authorization token, and the identifier included in the authorization token. It also obtains the identifier passed in as a parameter of the API call. The service computing system compares the identifier obtained from the authorization token to the identifier passed in as a parameter of the API call to determine whether they match. If they do not match, the API call is processed as an unauthorized API call. A security system in the service computing system authorizes the API call based on the comparison.

Abstract: A service computing system receives an API call in which an authorization token, that contains an identifier in the content of the authorization token, is included in a header of the API call. The identifier is also included as a parameter passed in with the API call. The service computing system parses the API call to obtain the authorization token, and the identifier included in the authorization token. It also obtains the identifier passed in as a parameter of the API call. The service computing system compares the identifier obtained from the authorization token to the identifier passed in as a parameter of the API call to determine whether they match. If they do not match, the API call is processed as an unauthorized API call. A security system in the service computing system authorizes the API call based on the comparison.

Abstract: A client application is specified by a target tenant and represented in an OAuth provider, along with a corresponding secret. A source tenant consents to permissions to be executed by the client application on a resource of the source tenant. A target service uses the secret to obtain an access token from an authorization server coupled to the source tenant and uses the access token to obtain access, specified by the permissions, to the resource served by a source service acting on behalf of the source tenant.

Abstract: A service computing system receives an API call in which an authorization token, that contains an identifier in the content of the authorization token, is included in a header of the API call. The identifier is also included as a parameter passed in with the API call. The service computing system parses the API call to obtain the authorization token, and the identifier included in the authorization token. It also obtains the identifier passed in as a parameter of the API call. The service computing system compares the identifier obtained from the authorization token to the identifier passed in as a parameter of the API call to determine whether they match. If they do not match, the API call is processed as an unauthorized API call. A security system in the service computing system authorizes the API call based on the comparison.