On this page
This example presents a Token Procedure plugin that implements an exchange from an opaque token into a JWT. The OAuth Token Exchange token procedure is compliant with RFC 8693.
Installing the Plugin
You can build the plugin by issuing the command mvn package. This will produce a JAR files in the target directory,
which can be installed.
To install the plugin, copy the compiled JAR (and all of its dependencies) into a new directory in the plugins directory, e.g. ${IDSVR_HOME}/usr/share/plugins/opaquetojwt
on each node, including the admin node. For more information about installing plugins, refer to the Curity Plugin SDK.
Configuration
The plugin needs to be configured and assigned. This plugin does not have any settings. The Documentation describes how to set it up. This plugin should be assigned to the Token OAuth Token Exchange flow on a oauth-token endpoint.
Capability
Ensure that the client being used has the OAuth 2.0 Token Exchange capability enabled.
Using the Plugin
The plugin is used by sending a Token Exchange request to the oauth-token endpoint. An example can look like:
curl -Ss -X POST \https://idsvr.example.com/oauth/v2/oauth-token \-H 'Content-Type: application/x-www-form-urlencoded' \-d 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \-d 'client_id=clienta' \-d 'client_secret=aaaaaa' \-d 'subject_token_type=urn:ietf:params:oauth:token-type:access_token' \-d 'subject_token=_0XBPWQQ...'
Expected output would be an access token in JWT format.
Join our Newsletter
Get the latest on identity management, API Security and authentication straight to your inbox.
Start Free Trial
Try the Curity Identity Server for Free. Get up and running in 10 minutes.
Start Free Trial
