SDKsGo SDKOAuth 2.1
Token Exchange
Delegation and impersonation with RFC 8693 token exchange in the Go SDK.
Token Exchange
Exchange tokens for delegation (acting on behalf of a user) with full audit trail.
ExchangeToken()
func (o *OAuthService) ExchangeToken(ctx context.Context, params *TokenExchangeParams) (*TokenSet, error)Parameters
| Field | Type | Required | Description |
|---|---|---|---|
SubjectToken | string | yes | Token of the user to act as |
SubjectTokenType | string | yes | "access_token" or "id_token" |
ActorToken | string | no | Token of the actor |
ActorTokenType | string | no | "access_token" |
Scopes | []string | no | Requested scopes |
Basic usage
delegatedTokens, err := client.OAuth.ExchangeToken(ctx, &avnologyid.TokenExchangeParams{
SubjectToken: userAccessToken,
SubjectTokenType: "access_token",
ActorToken: adminAccessToken,
ActorTokenType: "access_token",
Scopes: []string{"openid", "profile"},
})
if err != nil {
var insufficientScope *errors.InsufficientScopeError
if errors.As(err, &insufficientScope) {
log.Println("Client missing token_exchange scope")
return
}
log.Fatal(err)
}
// The token's `act` claim records who is acting
fmt.Println("Acting as user:", delegatedTokens.AccessToken)See also
- Client credentials -- M2M auth
- Users admin -- User management