Exchange an identity provider-signed token for a State Backed token

POST /tokens

Once you have configured at least one identity provider (by posting to /idps) and at least one token provider (by posting to /token-providers), you can exchange any identity provider token for a token generated by one of your token providers.

This allows you to have completely secure, end-to-end authorization with your State Backed machine instances without any server-side code while using your identity provider of choice.

This endpoint should generally conform to https://datatracker.ietf.org/doc/html/rfc8693

Body

Exchange an identity provider-signed token for a State Backed token.

grant_type string Required

The type of grant being requested

Value is urn:ietf:params:oauth:grant-type:token-exchange.
audience string Required

Identifies the token provider service to use to generate the token.

Must be of the form: https://tokens.statebacked.dev/<your-org-id>/<token-provider-service-id>

Where your-org-id can be found via smply orgs list and token-provider-service-id is the service that you passed in your post to /token-providers.
requested_token-type string

The type of token being requested

Value is urn:ietf:params:oauth:token-type:access_token.
subject_token string Required

A JWT signed by one of your configured identity providers (based on configurations posted to /idps)

Responses

200

Your State Backed token
Hide response attributes Show response attributes object
- access_token string Required
  
  Your State Backed access token.
- issued_token_type string Required
  
  Value is urn:ietf:params:oauth:token-type:access_token.
- token_type string Required
  
  Value is Bearer.

POST /tokens

curl \
 -X POST https://api.statebacked.dev/tokens \
 -H "Content-Type: application/x-www-form-urlencoded" \
 -d 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&audience=https%3A%2F%2Ftokens.statebacked.dev%2Forg_yourorg%2Fyour-service&requested_token-type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&subject_token=string'

Request example

{
  "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
  "audience": "https://tokens.statebacked.dev/org_yourorg/your-service",
  "requested_token-type": "urn:ietf:params:oauth:token-type:access_token",
  "subject_token": "string"
}

Request examples

{
  "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
  "audience": "https://tokens.statebacked.dev/org_yourorg/your-service",
  "requested_token-type": "urn:ietf:params:oauth:token-type:access_token",
  "subject_token": "string"
}

Response examples (200)

{
  "access_token": "string",
  "issued_token_type": "urn:ietf:params:oauth:token-type:access_token",
  "token_type": "Bearer"
}

Response examples (200)

{
  "access_token": "string",
  "issued_token_type": "urn:ietf:params:oauth:token-type:access_token",
  "token_type": "Bearer"
}