Closed natalie-o-perret closed 6 months ago
it's only for the case of a different realm and not for a particular audience in the same realm as the initial access token.
Yes, my use case for the token exchange was to change token to another realm. Do you have a suggestion on how the API should be adapted so that I can map your use case? I think it should be enough to include the audience in this request. The parameters requested_token_type
and subject_token_type
should also be valid for your use case, right? https://github.com/AnWeber/httpyac/blob/main/src/plugins/oauth2/flow/tokenExchangeFlow.ts#L31-L32
@natalie-o-perret I added audience
and resource
props to token exchange flow. Please test if your use case works.
You're absolutely fantastic!!! Works like a charm!
Thanks a ton!
🙋♀️ Hello @AnWeber ,
First off, thanks for your project, it's really awesome and fits exactly our needs at work without the whole enshittification that many tools suffer in this domain.
As described in this section, there is a support for the OAuth2 Token Exchange grant, that being said, it seems it's only for the case of a different realm and not for a particular audience in the same realm as the initial access token.
I think it would be great that the token exchange auth could support a different audience in the same-or-a-different realm, wdyt?
In our case we need to do this kind of work around:
Also I think it would be best if the example shows the details of the definition about
auth_realm
.