US Patent 11910187 Invocation path security in distributed systems

Systems, methods, and computer program products for an application to securely record and propagate an invocation context for invoking other applications are described. The applications being invoked not only receive a user's authentication token, but also authentication tokens of an entire invocation chain. Accordingly, the applications being invoked can verify a chain of custody through verification of nested, cryptographically signed payloads of a chain of authentication tokens. An application can thus verify identities of each application in the chain of custody, as well as the invocation contexts (e. g. the HTTP request method and path) in which each application in the chain invoked the next application.