OAuth 2.0 Token Exchange is now RFC 8693

On January 15, 2020

OAuth logo The OAuth 2.0 Token Exchange specification is now RFC 8693. The abstract of the specification is:

This specification defines a protocol for an HTTP- and JSON-based Security Token Service (STS) by defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation.

This specification standardizes an already widely-deployed pattern in production use by Box, Microsoft, RedHat, Salesforce, and many others. Thanks to all of you who helped make a standard for this important functionality!

You must be logged in to post a comment.

Musings on Digital Identity

OAuth 2.0 Token Exchange is now RFC 8693

Leave a Reply

OAuth 2.0 Token Exchange is now RFC 8693

OpenID eKYC and Identity Assurance Working Group Formed

COSE and JOSE Registrations for WebAuthn Algorithms spec adding explanatory comments on design decisions

Leave a Reply