Support for token exchange extension

[alexbot]

What Version of the library are you using? I am using angular-oauth2-oidc@15.0.1

My Requirement My setup requires that the Identity Provider is not the same as the Authorization Provider. For example, users are managed by Google, and permissions are managed by an on-premises OAuth server, say Acme. Therefore, the client authorization flow would be:

1. Authorize with Google and get tokens.
2. Exchange Google's access token for an Acme access token.
3. Use Acme's access token for accessing Acme's resources.

I could have gone for the option of having a federation approach, in the sense that Google's authorization would be done by the Acme server as part of Acme's authorization process. However, this way I would lose decoupling, plus I would have to register Acme as a relying party in Google.

Question I was wondering if the library's API could help me make the token exchange request so I could benefit from features like token refresh, storage, etc.

[salcio]

I see no one responded here - have you managed to implement token-exchange somehow ?

[alexbot]

No, because for my specific scenario I ended up using federated authentication. Instead of having the client go first to google and then exchanging google's token for my company's token, the client always goes to my company's oidc server and then it is redirected to google. Then, the flow stays backend. This way you sacrifice decoupling but it is more secure since google's token doesn't reach the client.