RFC8693 OAuth 2.0 Token Exchange

RFC8693 OAuth 2.0 Token Exchange implementation.

The feature request is the implementation of the RFC8693, with the ability to configure custom authorization logic and token mapping.

While working on enterprise systems, you will find yourself trying to integrate multiple authentication solutions, and they might be proprietary solutions, sometimes not even JWT based, where an HTTP request to a private endpoint is required to introspect the token and obtain details about the user.

In those mixed conditions, having a way to translate those proprietary tokens into a common and standard token (thinking of a JWT access token) and vice-versa is required to simplify the authentication/authorization layers of the system. All without asking the user to login into several platforms. The RFC cover more uses cases, but that is the one we are interested in.

Just searching on the forum I could see interest in the topic and even messages talking about the work has been started already, but I cannot find any pieces of evidence of it being complete:

Hi @joseandrespg,

Thanks for reaching out to the Auth0 Community and creating this detailed feedback request.

Let’s hope it attracts as many votes as possible to support the OAuth 2.0 Token Exchange.

Have a great rest of your day.

Thank you.