ContextQMD
Back to Zitadel

Token Exchange Request

apps/docs/content/apis/openidoauth/_token_exchange_request.mdx

5.0.0-base2.0 KB
Original Source
ParameterDescription
grant_typeMust be urn:ietf:params:oauth:grant-type:token-exchange
subject_tokenA token that represents the identity of the party on behalf of whom the request is being made.
subject_token_typeAn identifier that indicates the type of the token in the subject_token parameter.
actor_tokenOptional. A token that represents the identity of the acting party. In ZITADEL this the impersonator.
actor_token_typeAn identifier that indicates the type of the token in the actor_token parameter. Required when actor_token is provided
requested_token_typeOptional. An identifier that indicates the type of the token requested. Defaults to access token if not provided.
scopeScopes you would like to request from ZITADEL for the requested token. Scopes are space delimited, e.g. openid email profile.
audienceOptional. Must be a subset of the combined audiences from both subject and actor tokens.
resourceCurrently not supported