Expand description
OAuth 2.0 Token Exchange (RFC 8693) - Basic Implementation
This module implements RFC 8693, which defines a protocol for exchanging one security token for another, enabling delegation and acting-as scenarios.
This is the basic implementation suitable for simple token exchange scenarios.
For enterprise-grade features like multi-party chains, audit trails, and session
integration, use AdvancedTokenExchangeManager instead.
§When to Use This Manager
Use TokenExchangeManager when you need:
- Simple RFC 8693 compliant token exchange
- Lightweight implementation with minimal dependencies
- Basic delegation scenarios (OnBehalfOf, ActingAs)
- Client-specific policies
- Standard token validation (JWT, SAML)
§When to Use Advanced Manager
Use AdvancedTokenExchangeManager when you need:
- Multi-party delegation chains
- Context preservation across exchanges
- Comprehensive audit trails
- Session integration and step-up authentication
- Policy-driven exchange control
- Cross-domain exchanges
- JWT cryptographic operations
§Example Usage
use auth_framework::server::token_exchange::{TokenExchangeManager, TokenExchangeRequest};
use auth_framework::secure_jwt::{SecureJwtValidator, SecureJwtConfig};
let jwt_validator = SecureJwtValidator::new(SecureJwtConfig::default());
let mut manager = TokenExchangeManager::new(jwt_validator);
let request = TokenExchangeRequest {
grant_type: "urn:ietf:params:oauth:grant-type:token-exchange".to_string(),
subject_token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...".to_string(),
subject_token_type: "urn:ietf:params:oauth:token-type:jwt".to_string(),
requested_token_type: Some("urn:ietf:params:oauth:token-type:access_token".to_string()),
// ... other fields
};
let response = manager.exchange_token(request, "client_123").await?;Structs§
- Token
Exchange Context - Token exchange context for validation
- Token
Exchange Manager - Token Exchange Manager
- Token
Exchange Policy - Token exchange policy
- Token
Exchange Request - Token Exchange Request (RFC 8693)
- Token
Exchange Response - Token Exchange Response (RFC 8693)
Enums§
- Exchange
Scenario - Token exchange scenarios
- Token
Type - Token types defined in RFC 8693