US Patent 11438168 Authentication token request with referred application instance public key

A server application may request an authentication token from an authentication token provider on behalf of a client application instance. An application instance public key of a client application instance may be received at the server application, in which the application instance public key belongs to an application instance public-private key pair of the client application instance. An authentication token request is generated at the server application, in which the request includes the application instance public key of the client application instance and is signed with a server application private key of a server application public-private key pair that belongs to the server application. The authentication token request is sent by the server application to an authentication token provider to request an authentication token for use by the client application instance.