I ended up adding my own grant_tyep under OTK grant_type=CUSTOM
It was the easiest to use the aditional grant_type of urn:ietf:params:oauth:grant-type:token-exchange
I think this should go hand in hand with a JWT that needs to be sent to the back-end API endpoint. We have implemented this in templates so most back-end services standardize on JWT. The middle layer services can then use the token-exchange to delegate authentication.
Original Message:
Sent: 06-04-2020 02:23 PM
From: Ewan Sadie
Subject: Can I do token exchange in the gateway
I have a use case where backend services want to call other microservices with JWT tokes issued by the gateway
https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-07#appendix-A.1.1
Microsoft has a nice breakdown
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow
------------------------------
API Tech Lead
Sanlam
------------------------------