The Token Exchange grant is a simple request-response sequence, as shown below.
Token Exchange request
POST 'https://tx.ergon.ch/tx/rest/oauth2/authorization-servers/mytx/token?client_id=client'
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange
&scope=openid%20email
&subject_token=eyJraWQiO...5T6_Iw
&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token
&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token
&resource=https%3A%2F%2Fexample.com%2Fresource
Token Exchange response
HTTP/1.1 200 OK
{
"access_token": "eyJraWQiO...8hQidQ",
"issued_token_type": "urn:ietf:params:oauth:token-type:access_token",
"scope": "email",
"token_type": "Bearer",
"expires_in": 180
} Further information and links
- Internal links:
- See also Token Exchange Configuration.
- See also Token Exchange Overview.
- An example of an Authorization Code flow is given here: Authorization code flow usage.