You are viewing an old version of this page. View the current version.
Compare with Current View Page History
Version 1 Current »
The Token Exchange endpoint allows your application to exchange an external application’s access token (for example, an Azure access token) for an EmpowerID access token. You can find this endpoint from the OAuth Discovery Endpoint.
https://<EID Server>/oauth/.well-known/openid-configuration
Initiate a request to the EmpowerID Token endpoint, https://<EID Server>/oauth/v2/token
https://<EID Server>/oauth/v2/token
POST /oauth/v2/token HTTP/1.1 Host: <EID Server> Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Authorization: Basic base64Encode(<ClientID>:<ClientSecret>) subject_token={Your token} &subject_token_type={Your token type} &grant_type=urn:ietf:params:oauth:grant-type:token-exchange &scope=openid
Header Parameter
Required/Optional
Description
Content-Type
required
Must be application/x-www-form-urlencoded.
application/x-www-form-urlencoded
Authorization
Base64 encoded value of ClientID and Client Secret base64Encode(<client_id>:<client_secret>)
base64Encode(<client_id>:<client_secret>)
Post Body Parameter
subject_token
A security token that represents the identity of the party on behalf of whom the request is being made.
subject_toke_type
recommended
Specifies the type of the subject token. Please refer to allowed Token Type Identifiers
grant_type
Must be urn:ietf:params:oauth:grant-type:token-exchange
urn:ietf:params:oauth:grant-type:token-exchange
scope
A space-separated list of strings that the user consents to. Values include openid for OpenID Connect flow.
openid
2. Returns token information in the response
{ "access_token": "xxxxxxxxxxxxxxxxxxxxxx", "token_type": "Bearer", "issued_token_type": "urn:ietf:params:oauth:token-type:access_token", "expires_in": 3600, "refresh_token": "xxxxxxxxxxxxxxxxxxxxxx", "id_token": null, "id": "00000000-0000-0000-0000-000000000000" }
IN THIS ARTICLE