I am following the documentation here.
When I send the token request, I get the following response.
{
"error": "invalid_request",
"error_description": "Client must be a Custom API Client with resource_server_id"
}
I am not sure what this error means.
My request looks like this.
POST https://mydomain.com/oauth/token
{
"client_id": "{clientId}",
"client_secret": "{clientSecret}",
"subject_token": "eyJ…", //Incoming bearer token
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"subject_token_type": "urn:ietf:params:oauth:token-type:access_token",
"requested_token_type": "urn:ietf:params:oauth:token-type:access_token",
"audience": "https://{target api identifier}"
}
My client is registered as a Machine to Machine application. I have client_credentials enabled as a grant type, but I don’t see a way in the management portal to enable the token-exchange grant type.
Is there something else I need to do to on-behalf-of work?