Implement OAuth 2.0 Token Exchange

[jgrandja]

This feature will deliver OAuth 2.0 Token Exchange.

[oridool]

Hi,
Great work so far!! looks very promising 👍

When is this Token Exchange planned for?

Or alternatively, any chance to add custom claims to JWT when using client_credentials flow? Claims that depends on my request (headers / scopes) ?
For example, if I send an HTTP header x-my-custom-claim : value, then I would like the token to be created with the claim x-my-custom-claim and the value value.

Thanks,
Ori.

[jgrandja]

Thanks @oridool !

Token Exchange will be delivered at a much later point. There are a few higher priority items ahead of it. You can always look at the ZenHub board (see Feature Planning section for link) to see the features which are prioritized in the order of development.

The ability to add custom claims is coming up soon so stay tuned.

[amit-github-personal]

Hi @jgrandja, let me know whenever you want to work on this epic. I would love to raise a PR for this.

[jgrandja]

Thanks for your interest @amit-github-personal. The are a few higher priority features at the moment but will let you know when this one gets closer to scheduling for a release.

[jacko9et]

This feature is very helpful for implementing stateless services and would love to see it progress.

[fzyzcjy]

Hi, is there any updates? Thanks!

[pitagoras3]

Hello @jgrandja, at @allegro we're highly considering using spring-authorization-server as a core of our Authorization server, and Token Exchange is a crucial grant type for us. Do you have any information on when implementation of this grant type is planned? We're open to help with open-source contributions from our side :)

[jgrandja]

@pitagoras3 Thank you for your interest in this project. We're releasing 1.2 Nov 21 and then will be planning 1.3. We will consider adding this feature but I'm not sure at this point as we already have quite a bit of work planned for 1.3. Please reach out again in Dec. Thanks.