Contents x
    Delegated token exchange
    • 06 Sep 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    Delegated token exchange

    • Updated on 06 Sep 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    Post
    /v1/as/token.oauth2

    This endpoint provides the ability to verify a token with an auth identity provider and exchange it for Bento OAuth JWT tokens, using the OAuth 2.0 Token Exchange specification. At this point, only the required fields from the specification are implemented, with only Gousto auth tokens accepted. This will be extended over time to support OpenID and OAuth 2.0 tokens from other providers.

    Body parameters
    object
    grant_type
    string Required

    The value urn:ietf:params:oauth:grant-type:token-exchange indicates that a token exchange is being performed.

    Valid values[ "\"urn:ietf:params:oauth:grant-type:token-exchange\"" ]
    subject_token
    string Required

    The token to be exchanged.

    subject_token_type
    string Required

    The identifier for the the subject token. As Gousto is the only supported subject token type, the only supported value is urn:gousto:auth:token-type:access-token.

    Valid values[ "\"urn:gousto:auth:token-type:access-token\"" ]
    Responses
    200

    Token Exchanged

    object
    access_token
    string

    The security token issued by the authorization server in response to the token exchange request.

    issued_token_type
    string

    An identifier for the representation of the issued security token, as specified in Section 3 of RFC-6749. This will always be a JWT formatted access token, urn:ietf:params:oauth:token-type:access_token

    token_type
    string

    A case-insensitive value specifying the method of using the access token issued, as specified in Section 7.1 of RFC-6749. This will always be in the form of a Bearer token.

    expires_in
    string

    The validity lifetime, in seconds, of the token issued by the authorization server.

    401

    Invalid Authentication Credentials

    Expand All
    object
    message
    string

    A human readable message describing the error.

    causes
    Array of object

    A list of causes for the error.

    object
    message
    string

    A human readable message describing the cause of the error.

    metadata

    A list of metadata describing the cause of the error.

    500

    Internal Server Error

    Expand All
    object
    message
    string

    A human readable message describing the error.

    causes
    Array of object

    A list of causes for the error.

    object
    message
    string

    A human readable message describing the cause of the error.

    metadata

    A list of metadata describing the cause of the error.

    Was this article helpful?
    What's Next