Developer Documentation

TokenExchangeExchangeSpec

The TokenExchange.ExchangeSpec structure contains arguments required for token exchange.


Properties

Required Property Name Type Description
optional actor_token string

A security token that represents the identity of the acting party. Typically, this will be the party that is authorized to use the requested security token and act on behalf of the subject. if not needed for specific case of exchange.

optional actor_token_type string

An identifier, that indicates the type of the security token in the TokenExchange.ExchangeSpec.actor-token parameter. if TokenExchange.ExchangeSpec.actor-token parameter is not present.

optional audience string

The logical name of the target service where the client intends to use the requested security token. This serves a purpose similar to the TokenExchange.ExchangeSpec.resource parameter, but with the client providing a logical name rather than a location. if can be inferred from other arguments or not needed for specific case of exchange.

required grant_type string

The value of “urn:ietf:params:oauth:grant-type:token-exchange” indicates that a token exchange is being performed.

optional requested_token_type string

An identifier for the type of the requested security token. If the requested type is unspecified, the issued token type is at the discretion of the server and may be dictated by knowledge of the requirements of the service or resource indicated by the TokenExchange.ExchangeSpec.resource or TokenExchange.ExchangeSpec.audience parameter. if can be inferred from other arguments or not needed for specific case of exchange.

optional resource string

Indicates the location of the target service or resource where the client intends to use the requested security token. if can be inferred from other arguments or not needed for specific case of exchange.

optional scope string

A list of space-delimited, case-sensitive strings, that allow the client to specify the desired scope of the requested security token in the context of the service or resource where the token will be used. if can be inferred from other arguments or not needed for specific case of exchange.

required subject_token string

A security token that represents the identity of the party on behalf of whom exchange is being made. Typically, the subject of this token will be the subject of the security token issued. Token is base64-encoded.

required subject_token_type string

An identifier, that indicates the type of the security token in the TokenExchange.ExchangeSpec.subject-token parameter.

Feedback

Was this page helpful?