Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00
Code Issues Activity

chore: add changeset for impersonation (#6251)

Browse source
This commit is contained in:
wangsijie 2024-07-19 18:23:18 +08:00 committed by GitHub
parent 3205e36e32
commit 18c8fdf015
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 26 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
.changeset/seven-comics-tan.md Normal file
View file

@ -0,0 +1,26 @@
---
"@logto/core": minor
---
implement token exchange for user impersonation
Added support for user impersonation via token exchange:
1. New endpoint: `POST /subject-tokens` (Management API)
- Request body: `{ "userId": "<user-id>" }`
- Returns a subject token
2. Enhanced `POST /oidc/token` endpoint (OIDC API)
- Supports new grant type: `urn:ietf:params:oauth:grant-type:token-exchange`
- Request body:
```json
{
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"subject_token": "<subject-token>",
"subject_token_type": "urn:ietf:params:oauth:token-type:access_token",
"client_id": "<client-id>"
}
```
- Returns an impersonated access token
Refer to documentation for usage examples and the [Token Exchange RFC](https://tools.ietf.org/html/rfc8693) for more details.