Skip to content

feat: Add Custom Token Exchange Support#889

Merged
tanya732 merged 2 commits into
masterfrom
feat/add-cte-support
Jul 3, 2026
Merged

feat: Add Custom Token Exchange Support#889
tanya732 merged 2 commits into
masterfrom
feat/add-cte-support

Conversation

@tanya732

@tanya732 tanya732 commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Summary

This PR adds first-class support for the OAuth 2.0 Custom Token Exchange grant (urn:ietf:params:oauth:grant-type:token-exchange, RFC 8693) to the Authentication API

Changes

Custom Token Exchange

Added AuthAPI.exchangeToken(String subjectToken, String subjectTokenType), which returns a TokenRequest.

  • Uses the OAuth 2.0 Token Exchange grant:
    urn:ietf:params:oauth:grant-type:token-exchange
  • Hardcodes grant_type, consistent with the existing requestToken() and renewAuth() APIs.
  • Accepts caller-supplied subject_token and subject_token_type.
  • Requires client authentication (client secret or client assertion).
  • Supports fluent .setAudience(...) and .setScope(...) configuration.

Example

TokenHolder tokens = authAPI
    .exchangeToken(
        "test-user123-john@example.com",
        "urn:mycompany:m2m-test-token"
    )
    .setAudience("https://YOUR_API_IDENTIFIER")
    .setScope("openid profile email")
    .execute()
    .getBody();

@tanya732 tanya732 requested a review from a team as a code owner July 3, 2026 09:26
@tanya732 tanya732 force-pushed the feat/add-cte-support branch from 37fc6dd to 317a9f6 Compare July 3, 2026 09:43
@tanya732 tanya732 merged commit 3226c91 into master Jul 3, 2026
6 of 7 checks passed
@tanya732 tanya732 deleted the feat/add-cte-support branch July 3, 2026 09:59
@tanya732 tanya732 mentioned this pull request Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants