Token Exchange Use Case example

The Token Exchange grant is a simple request-response sequence, as shown below.

Token Exchange request

POST 'https://tx.ergon.ch/tx/rest/oauth2/authorization-servers/mytx/token?client_id=client' 
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange
    &scope=openid%20email
    &subject_token=eyJraWQiO...5T6_Iw
    &subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token
    &requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token 
    &resource=https%3A%2F%2Fexample.com%2Fresource

Token Exchange response

HTTP/1.1 200 OK
{
    "access_token": "eyJraWQiO...8hQidQ",
    "issued_token_type": "urn:ietf:params:oauth:token-type:access_token",
    "scope": "email",
    "token_type": "Bearer",
    "expires_in": 180
}