WSO2 Identity Server has related support that can be used to implement identity/authorization chaining use cases:
- JWT Bearer Grant support: https://is.docs.wso2.com/en/latest/references/grant-types/#jwt-bearer-grant - Token Exchange grant support: https://is.docs.wso2.com/en/latest/references/grant-types/#token-exchange-grant These can be combined to support identity chaining scenarios across domains. On Fri, Jan 30, 2026 at 11:22 PM Aaron Parecki <aaron= [email protected]> wrote: > Okta has an implementation of the "Authorization Server in Trust Domain A" > https://developer.okta.com/blog/2025/09/03/cross-app-access > > Auth0 has an implementation of the "Authorization Server in Trust Domain B" > https://auth0.com/docs/secure/call-apis-on-users-behalf/xaa > > We published an open source implementation of a "Client" and "AS in Trust > Domain B" that interoperates with Okta's implementation: > https://github.com/oktadev/okta-cross-app-access-mcp > > We have also published a standalone implementation of all 3 roles here: > https://xaa.dev > > I have a very barebones implementation of the "AS in Trust Domain B" and > "Protected Resource in Trust Domain B" here for testing: > https://motd.xaa.rocks > > (Note that these are all based on the more specific profile of Identity > Chaining: the Identity Assertion Authorization Grant) > > Aaron > > > On Fri, Jan 30, 2026 at 6:29 AM Rifaat Shekh-Yusef < > [email protected]> wrote: > >> All, >> >> As part of the shepherd write-up for the *OAuth Identity and >> Authorization Chaining Across Domains *document, we are looking for >> information about *implementations* of this draft to support its >> publication. >> https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-chaining/ >> >> Please, reply to this email, on the mailing list, with any >> implementations that you are aware of to support this document. >> >> Regards, >> Rifaat >> _______________________________________________ >> OAuth mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
