Fabian Bouché created CXF-8330:
----------------------------------
Summary: Support for RFC 8693 (Token exchange)
Key: CXF-8330
URL: https://issues.apache.org/jira/browse/CXF-8330
Project: CXF
Issue Type: New Feature
Reporter: Fabian Bouché
*RFC 8693* defines how an OAuth2 Authorization Server can implement a token
exchange endpoint so that it can deliver a new Access Token in exchange from a
previous Access Token (for example, an Access Token delivered by another
Authorization Server).
[https://tools.ietf.org/html/rfc8693]
This RFC describes a new {{grant_type}} with value {{token-exchange}}.
CXF has a {{OAuthConstants}} class listing all well know grant types. We should
add
{{public static final String TOKEN_EXCHANGE_GRANT = "token-exchange";}}
[https://github.com/apache/cxf/blob/master/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java]
This will allow third parties to write an {{AccessTokenGrantHandler}} using a
constant well documented in CXF.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
