Delegated token exchange

Updated on 22 Nov 2024
1 Minute to read
Contributors

Print
Share
Dark
Light

Article summary

Did you find this summary helpful?

Thank you for your feedback

Post

/v1/as/token.oauth2

This endpoint provides the ability to verify a token with an auth identity provider and exchange it for Bento OAuth JWT tokens, using the OAuth 2.0 Token Exchange specification. At this point, only the required fields from the specification are implemented, with only Gousto auth tokens accepted. This will be extended over time to support OpenID and OAuth 2.0 tokens from other providers.

Security

HTTP

Type bearer

Body parameters

object

grant_type

string Required

The value urn:ietf:params:oauth:grant-type:token-exchange indicates that a token exchange is being performed.

Valid values[ "urn:ietf:params:oauth:grant-type:token-exchange" ]

subject_token

string Required

The token to be exchanged.

subject_token_type

string Required

The identifier for the the subject token. As Gousto is the only supported subject token type, the only supported value is urn:gousto:auth:token-type:access-token.

Valid values[ "urn:gousto:auth:token-type:access-token" ]

Responses

200

Token Exchanged

object

access_token

string

The security token issued by the authorization server in response to the token exchange request.

issued_token_type

string

An identifier for the representation of the issued security token, as specified in Section 3 of RFC-6749. This will always be a JWT formatted access token, urn:ietf:params:oauth:token-type:access_token

token_type

string

A case-insensitive value specifying the method of using the access token issued, as specified in Section 7.1 of RFC-6749. This will always be in the form of a Bearer token.

expires_in

string

The validity lifetime, in seconds, of the token issued by the authorization server.

401

Invalid Authentication Credentials

object

500

Internal Server Error

object

Was this article helpful?

What's Next

Customer Gateway