Prerequisites
To configure a Token Exchange server (TX), the following prerequisites must be met:
- Prerequisites for the supplier of the subject tokens
- The access or ID token supplied must be a JWT token.
- Prerequisites for the TX server
- Airlock IAM must already be configured as an OpenID provider or an authorization server.
- Recommendations for the TX server
- We recommend that the issuer of either the subject token or the actor token is an OpenID provider that exposes the standard discovery endpoint. The TX uses this endpoint to obtain the key material to verify the token. This adds an important layer of security that authenticates the correct use of the TX service.