Token Exchange Endpoint

The Token Exchange endpoint allows your application to exchange an external application’s access token (for example, an Azure access token) for an EmpowerID access token. You can find this endpoint from the OAuth Discovery Endpoint.

OAuth Discovery Endpoint

https://<EID Server>/oauth/.well-known/openid-configuration

How to call the Token Exchange Endpoint

  1. Initiate a request to the EmpowerID Token endpoint, https://<EID Server>/oauth/v2/token

POST /oauth/v2/token HTTP/1.1 Host: <EID Server> Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Authorization: Basic base64Encode(<ClientID>:<ClientSecret>)   subject_token={Your token} &subject_token_type={Your token type} &grant_type=urn:ietf:params:oauth:grant-type:token-exchange &scope=openid

Header Parameter

Required/Optional

Description

Content-Type

required

Must be application/x-www-form-urlencoded.

Authorization

required

Base64 encoded value of ClientID and Client Secret base64Encode(<client_id>:<client_secret>)

Post Body Parameter

Required/Optional

Description

subject_token

required

A security token that represents the identity of the party on behalf of whom the request is being made.

subject_toke_type

recommended

Specifies the type of the subject token. Please refer to allowed Token Type Identifiers

grant_type

required

Must be urn:ietf:params:oauth:grant-type:token-exchange

scope

required

A space-separated list of strings that the user consents to. Values include openid for OpenID Connect flow.

2. Returns token information in the response

{     "access_token": "xxxxxxxxxxxxxxxxxxxxxx",     "token_type": "Bearer", "issued_token_type": "urn:ietf:params:oauth:token-type:access_token",     "expires_in": 3600,     "refresh_token": "xxxxxxxxxxxxxxxxxxxxxx",     "id_token": null,     "id": "00000000-0000-0000-0000-000000000000" }

IN THIS ARTICLE

 

Â