This repository was archived by the owner on Jun 12, 2021. It is now read-only.
Feature token exchange #105
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
For a first implementation, we would like a simple functionality to create new access tokens with altered scopes. Through grant_types_supported a customized class can be set to handle token exchange so an app can implement any missing functionality it requires.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is closely related to #59 which had the same goal but the target had been changed too many times and we decided to rebase these changes on top of the new session handling.
This is a pull request to implement token exchange a.k.a. RFC 8693.
It implements basic support for token exchange meaning that only access tokens and JWTs can be exchanged for new ones (e.g. with different scopes). I included a policy config when initializing the token endpoint and grant type but I believe we won't need it for the simpler use cases.