From 5246dd2268eaa1d3004fa3c8a0be9aca0bf809ea Mon Sep 17 00:00:00 2001 From: John Wang Date: Mon, 9 Dec 2024 06:56:09 -0800 Subject: [PATCH] enhance: content: update oauth2 and best practices --- ...12-08-introducing-oauth2-token-exchange-with-oidc.mdx | 9 +++++++-- docs/apis/rest/best-practices.mdx | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/blog/2024-12-08-introducing-oauth2-token-exchange-with-oidc.mdx b/blog/2024-12-08-introducing-oauth2-token-exchange-with-oidc.mdx index 45d83918..bdf53cec 100644 --- a/blog/2024-12-08-introducing-oauth2-token-exchange-with-oidc.mdx +++ b/blog/2024-12-08-introducing-oauth2-token-exchange-with-oidc.mdx @@ -40,13 +40,18 @@ MSOPENID.USERNAMEINJSON=preferred_username, sub The Token Exchange request occurs as Steps 3 and 6 in the diagram. It is designed and implemented by Saviynt is as follows. A sucessful reqwuest will return a Saviynt Identity Cloud OAuth 2.0 access token. Behind the scenes, Saviynt Identity cloud is making a Token Introspection API call to your IdP described in the next section. +For the `subject_token_type`, the following token types are supported: + +1. OAuth 2.0 Access Token: `urn:ietf:params:oauth:token-type:access_token` +2. OpenID Connect ID Token: `urn:ietf:params:oauth:token-type:id_token` + ``` POST https:///ECM/oauth2/token Content-Type: application/x-www-form-urlencoded Accept: application/json grant_type=urn:ietf:params:oauth:grant-type:token-exchange& \ -subject_token_type_type=urn:ietf:params:oauth:token-type:access_token& \ +subject_token_type=urn:ietf:params:oauth:token-type:access_token& \ subject_token= ``` @@ -70,4 +75,4 @@ Upon receiving a successful response from the IdP's Token Introspection API endp ## Try it Out! -We are very excited about this enhancement and look forward to our customers trying this out. The documentation is available [here again](https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter06-EIC-Configurations/OAuth-Token-Exchange.htm). If you have any questions, feel free to post on the [Saviynt Forums](https://forums.saviynt.com/). And if you have any feature requests for different OAuth 2.0 flows or OpenID Connect capabilities, please post on the [Saviynt Ideas Portal](https://ideas.saviynt.com/). +We are very excited about this enhancement and look forward to our customers trying this out. The [documentation is available here again](https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter06-EIC-Configurations/OAuth-Token-Exchange.htm). If you have any questions, feel free to post on the [Saviynt Forums](https://forums.saviynt.com/). And if you have any feature requests for different OAuth 2.0 flows or OpenID Connect capabilities, please post on the [Saviynt Ideas Portal](https://ideas.saviynt.com/). diff --git a/docs/apis/rest/best-practices.mdx b/docs/apis/rest/best-practices.mdx index 8577c696..b6e51ea8 100644 --- a/docs/apis/rest/best-practices.mdx +++ b/docs/apis/rest/best-practices.mdx @@ -1,4 +1,4 @@ -# Best Practices +# API Best Practices The following are recommended best practices for using the Saviynt REST API.