The OAuth 2.0 Token Exchange specification is now RFC
8693<https://www.rfc-editor.org/rfc/rfc8693.html>. The abstract of the
specification is:
This specification defines a protocol for an HTTP- and JSON-based Security
Token Service (STS) by defining how to request and obtain security tokens from
OAuth 2.0 authorization servers, including security tokens employing
impersonation and delegation.
This specification standardizes an already widely-deployed pattern in
production use by Box, Microsoft, RedHat, Salesforce, and many others. Thanks
to all of you who helped make a standard for this important functionality!
-- Mike
P.S. This notice was also posted at https://self-issued.info/?p=2036 and as
@selfissued<https://twitter.com/selfissued>.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
