Token Exchange Policy Workflow


This workflow is an extension on the Token Exchange grant (OAuth) in IDHub.

Because the basic process only checks the validity of the tokens and IDP's, it will always return an access token under the Token Exchange grant. However, it may be requested to add additional business logic to whether or not an access token should be granted for the specified audience and/or scopes.

Therefore it's possible to extend the Token Exchange process by providing tailor-made decision policies.

The workflow output will be a simple 'allow' or 'deny.'


Below is a simple example, to demonstrate the return value.

function checkPolicy (workitem) {
        allow: false
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.