A custom Token Procedure plugin for the Curity Identity Server. The plugin uses the Token Exchange (RFC 8693) flow to exchange an opaque token to a JWT.
You can build the plugin by issuing the command mvn package
. This will produce a JAR file in the target
directory,
which can be installed.
To install the plugin, copy the compiled JAR into the ${IDSVR_HOME}/usr/share/plugins/opaquetojwt
on each node, including the admin node. For more information about installing plugins, refer to the curity.io/plugins.
The plugin needs to be configured and assigned. This plugin does not have any settings. The Documentation describes how to set it up. This plugin should be assigned to the Token OAuth Token Exchange
flow on a oauth-token
endpoint.
The plugin is used by sending a token exchange request to the oauth-token
endpoint. An example can look like:
curl -Ss -X POST \ https://idsvr.example.com/oauth/v2/oauth-token \ -H 'Content-Type: application/x-www-form-urlencoded' \ -d 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \ -d 'client_id=clienta' \ -d 'client_secret=aaaaaa' \ -d 'subject_token_type=urn:ietf:params:oauth:token-type:access_token' \ -d 'subject_token=_0XBPWQQ...'
Please visit curity.io for more information about the Curity Identity Server.