Reputation: 847
Openid Connect standard way for exchanging ID Tokens
Is there any stadated way for replacing ID tokens of 2 authorization servers ?
For example, i have a service that you can login with an external ID Token but my service is also an authorization server and therefor i want to allow users exchange external ID Tokens with my service ID token.
Upvotes: 1
Views: 54
Answers (1)
Reputation: 6561
OAuth2 specification defines following grant types:
- authorization code
- implicit grant
- resource owner password credentials
- client credentials
But it also supports defining additional grant types where required:
New authorization grant types can be defined by assigning them a unique absolute URI for use with the "grant_type" parameter.
Per specification, new endpoints, parameters, response types and error codes may be defined to support the grant type extension.
When implemented, a client can make a request providing new grant type:
POST /token
grant_type=id_token&id_token=external-token&...
which would validate incoming token and issue your service's token.
Here are some links from oauth servers supporting custom grant types for inspiration:
- https://oauthlib.readthedocs.io/en/latest/oauth2/grants/custom_grant.html
- https://is.docs.wso2.com/en/latest/learn/writing-a-custom-oauth-2.0-grant-type/
- https://identityserver.github.io/Documentation/docsv2/advanced/customGrantTypes.html
Upvotes: 1
Related Questions
- OpenID Connect : Is it fine to use id_token as access_token?
- Openid Connect : sharing id token between relying parties
- Auth2 + Open ID Connect, how to do authorization with internal backend?
- Openid connect/ Oauth2 for Rest APIs
- OAuth2 and OpenID API to API communication
- Open Identity and OAuth
- Exchanging a code for a token in OpenID Connect authorization code flow
- Using OpenID Connect ID token for application-to-application authentication/authorization
- OpenId Connect - 2 way exchange of tokens in spec?