OAuth Token Exchange
RFC 8693 grant token exchange delegation.
Définition
Token Exchange parameters : grant_type=urn:ietf:params:oauth:grant-type:token-exchange, subject_token (token initial), subject_token_type, requested_token_type, actor_token (acting on behalf), audience (cible). Cas usage : federation (token IdP → token interne), delegation (admin agit pour user), impersonation (support agent), microservices propagation context.
Origine
IETF OAuth WG, RFC 8693 publié janvier 2020.
Usage
Largement adopté microservices auth (Istio, Linkerd, SPIFFE/SPIRE), platforms multi-tenant (Slack, GitHub Apps, Zoom Apps), workload identity Kubernetes.
Termes liés
- OAuth 2.0 — standard parent.
- SPIFFE / SPIRE — workload identity ecosystem.
- K8s SA tokens — cas usage.