Exchange an identity provider-signed token for a State Backed token

POST /tokens

Once you have configured at least one identity provider (by posting to /idps) and at least one token provider (by posting to /token-providers), you can exchange any identity provider token for a token generated by one of your token providers.

This allows you to have completely secure, end-to-end authorization with your State Backed machine instances without any server-side code while using your identity provider of choice.

This endpoint should generally conform to https://datatracker.ietf.org/doc/html/rfc8693

application/x-www-form-urlencoded

Body

Exchange an identity provider-signed token for a State Backed token.

  • grant_type string Required

    The type of grant being requested

    Value is urn:ietf:params:oauth:grant-type:token-exchange.

  • audience string Required

    Identifies the token provider service to use to generate the token.

    Must be of the form: https://tokens.statebacked.dev/<your-org-id>/<token-provider-service-id>

    Where your-org-id can be found via smply orgs list and token-provider-service-id is the service that you passed in your post to /token-providers.

  • The type of token being requested

    Value is urn:ietf:params:oauth:token-type:access_token.

  • subject_token string Required

    A JWT signed by one of your configured identity providers (based on configurations posted to /idps)

Responses

  • 200

    Your State Backed token

    Hide response attributes Show response attributes object
POST /tokens
curl \
 -X POST https://api.statebacked.dev/tokens \
 -H "Content-Type: application/x-www-form-urlencoded" \
 -d 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&audience=https%3A%2F%2Ftokens.statebacked.dev%2Forg_yourorg%2Fyour-service&requested_token-type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&subject_token=string'
Request example
{
  "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
  "audience": "https://tokens.statebacked.dev/org_yourorg/your-service",
  "requested_token-type": "urn:ietf:params:oauth:token-type:access_token",
  "subject_token": "string"
}
Request examples
{
  "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
  "audience": "https://tokens.statebacked.dev/org_yourorg/your-service",
  "requested_token-type": "urn:ietf:params:oauth:token-type:access_token",
  "subject_token": "string"
}
Response examples (200)
{
  "access_token": "string",
  "issued_token_type": "urn:ietf:params:oauth:token-type:access_token",
  "token_type": "Bearer"
}
Response examples (200)
{
  "access_token": "string",
  "issued_token_type": "urn:ietf:params:oauth:token-type:access_token",
  "token_type": "Bearer"
}