UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 8693

OAuth 2.0 Token Exchange

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 January 2020
Status: active
Page Count: 27
scope:

Abstract

This specification defines a protocol for an HTTP- and JSON-based Security Token Service (STS) by defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation.

Document History

IETF RFC 8693
January 1, 2020
OAuth 2.0 Token Exchange
Abstract This specification defines a protocol for an HTTP- and JSON-based Security Token Service (STS) by defining how to request and obtain security tokens from OAuth 2.0 authorization servers,...

References

This document references:
IETF RFC 6749 - The OAuth 2.0 Authorization Framework
Published by IETF on October 1, 2012
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction...
This document references:
IETF RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage
Published by IETF on October 1, 2012
This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a "bearer") can use it to get access to the...
This document references:
IETF RFC 7521 - Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
Published by IETF on May 1, 2015
This specification provides a framework for the use of assertions with OAuth 2.0 in the form of a new client authentication mechanism and a new authorization grant type. Mechanisms are specified for...
This document references:
IETF RFC 7523 - JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
Published by IETF on May 1, 2015
This specification defines the use of a JSON Web Token (JWT) Bearer Token as a means for requesting an OAuth 2.0 access token as well as for client authentication.
This document references:
IETF RFC 7662 - OAuth 2.0 Token Introspection
Published by IETF on October 1, 2015
This specification defines a method for a protected resource to query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about...
This document is referenced by:
TS 124 482 - LTE; Mission Critical Services (MCS) identity management; Protocol specification
Published by ETSI on May 1, 2022
This document specifies the identity management and authentication protocols needed to support Mission Critical Services (MCSs). Identity management applies only to on-network operation. MCSs are...
This document is referenced by:
TS 124 547 - 5G; Identity management - Service Enabler Architecture Layer for Verticals (SEAL); Protocol specification
Published by ETSI on July 1, 2023
The present document specifies the protocol aspects for the identity management capability of SEAL to support vertical applications (e.g. V2X) over the 3GPP system. The present document is applicable...
This document is referenced by:
RFC 9068 - JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens
Published by IETF on October 1, 2021
Abstract This specification defines a profile for issuing OAuth 2.0 access tokens in JSON Web Token (JWT) format. Authorization servers and resource servers from different vendors can leverage this...
This document is referenced by:
RFC 9200 - Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)
Published by IETF on August 1, 2022
This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE‑OAuth. The framework is based on a set of building blocks including...
View Less
View All
Advertisement