Token Exchange Policy Workflow

Implementation

This workflow is an extension on the Token Exchange grant (OAuth) in IDHub.

Because the basic process only checks the validity of the tokens and IDP's, it will always return an access token under the Token Exchange grant. However, it may be requested to add additional business logic to whether or not an access token should be granted for the specified audience and/or scopes.

Therefore it's possible to extend the Token Exchange process by providing tailor-made decision policies.

The workflow output will be a simple 'allow' or 'deny.'

Example

Below is a simple example, to demonstrate the return value.

function checkPolicy (workitem) {
   workitem.output=tb.simpleResponse({
        allow: false
	});
}
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.