logto/.changeset/seven-comics-tan.md at 2d0502a427f374dc9f4c3935f1754954b7120b89

mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00

chore: add changeset for impersonation (#6251 )

2024-07-19 18:23:18 +08:00

853 B

Raw Blame History

@logto/core
minor

implement token exchange for user impersonation

Added support for user impersonation via token exchange:

New endpoint: POST /subject-tokens (Management API)
- Request body: { "userId": "<user-id>" }
- Returns a subject token

Enhanced POST /oidc/token endpoint (OIDC API)

Supports new grant type: urn:ietf:params:oauth:grant-type:token-exchange

Request body:

{
  "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
  "subject_token": "<subject-token>",
  "subject_token_type": "urn:ietf:params:oauth:token-type:access_token",
  "client_id": "<client-id>"
}

Returns an impersonated access token

Refer to documentation for usage examples and the Token Exchange RFC for more details.

853 B Raw Blame History

853 B

Raw Blame History