mardi 1 décembre 2020

RFC 8693 - OAuth 2 How to exchange a JWT to new one with STS?

Token exchange is a responsability of the STS.

In order to exchange a token from Domain A to Domain B,

We need to send a POST request with the original JWT in the form data, you need to specify:

grant_type : token_exchange

subject_token : put your Original JWT token

subject_token_type : jwt 

some private key value like audience

From RFC 8693 : 

  •   grant_type
      
REQUIRED.  The value "urn:ietf:params:oauth:grant-type:token-
      exchange" indicates that a token exchange is being performed.
  •  subject_token
      
REQUIRED.  A security token that represents the identity of the
      party on behalf of whom the request is being made.  Typically, the
      subject of this token will be the subject of the security token
      issued in response to the request.
  •    subject_token_type
      
REQUIRED.  An identifier, as described in Section 3, that
      indicates the type of the security token in the "subject_token"
      parameter.

more details https://tools.ietf.org/html/rfc8693
Also chapter 7.6 of Microservices Security In Action
Publié par

Aucun commentaire:

Enregistrer un commentaire

to criticize, to improve

Inscription à : Publier les commentaires (Atom)