Token Exchange Endpoint
The Token Exchange endpoint allows your application to exchange an external application’s access token (for example, an Azure access token) for an EmpowerID access token. You can find this endpoint from the OAuth Discovery Endpoint.
OAuth Discovery Endpoint
https://<EID Server>/oauth/.well-known/openid-configuration
How to call the Token Exchange Endpoint
Initiate a request to the EmpowerID Token endpoint,
https://<EID Server>/oauth/v2/token
POST /oauth/v2/token HTTP/1.1
Host: <EID Server>
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Authorization: Basic base64Encode(<ClientID>:<ClientSecret>)
subject_token={Your token}
&subject_token_type={Your token type}
&grant_type=urn:ietf:params:oauth:grant-type:token-exchange
&scope=openid
Header Parameter | Required/Optional | Description |
---|---|---|
| required | Must be |
| required | Base64 encoded value of ClientID and Client Secret |
Post Body Parameter | Required/Optional | Description |
---|---|---|
| required | A security token that represents the identity of the party on behalf of whom the request is being made. |
| recommended | Specifies the type of the subject token. Please refer to allowed Token Type Identifiers |
| required | Must be |
| required | A space-separated list of strings that the user consents to. Values include |
2. Returns token information in the response
{
"access_token": "xxxxxxxxxxxxxxxxxxxxxx",
"token_type": "Bearer",
"issued_token_type": "urn:ietf:params:oauth:token-type:access_token",
"expires_in": 3600,
"refresh_token": "xxxxxxxxxxxxxxxxxxxxxx",
"id_token": null,
"id": "00000000-0000-0000-0000-000000000000"
}
IN THIS ARTICLE