The Token Exchange grant is a simple request-response sequence, as shown below.
Token Exchange request
POST 'https://tx.ergon.ch/tx/rest/oauth2/authorization-servers/mytx/token?client_id=client' grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange &scope=openid%20email &subject_token=eyJraWQiO...5T6_Iw &subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token &requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token &resource=https%3A%2F%2Fexample.com%2Fresource
Token Exchange response
HTTP/1.1 200 OK { "access_token": "eyJraWQiO...8hQidQ", "issued_token_type": "urn:ietf:params:oauth:token-type:access_token", "scope": "email", "token_type": "Bearer", "expires_in": 180 }
Further information and links
- Internal links:
- See also Token Exchange Configuration.
- See also Token Exchange Overview.
- An example of an Authorization Code flow is given here: Authorization code flow usage.