client config OAuth2 Authentication Token Exchange
| Property | Description |
|---|---|
nessie.authentication.oauth2.token-exchange.resource | For token exchanges only. A URI that indicates the target service or resource where the client intends to use the requested security token. Optional. |
nessie.authentication.oauth2.token-exchange.audience | For token exchanges only. The logical name of the target service where the client intends to use the requested security token. This serves a purpose similar to the resource parameter but with the client providing a logical name for the target service. |
nessie.authentication.oauth2.token-exchange.subject-token | For token exchanges only. The subject token to exchange. This can take 3 kinds of values: * The value “current_access_token”, if the client should use its current access token; * The value “current_refresh_token”, if the client should use its current refresh token (a refresh token must be available in this case); * An arbitrary token: in this case, the client will always use the static token provided here. The default is to use the current access token. Note: when using token exchange as the initial grant type, no current access token will be available: in this case, a valid, static subject token to exchange must be provided via configuration. |
nessie.authentication.oauth2.token-exchange.subject-token-type | For token exchanges only. The type of the subject token. Must be a valid URN. The default is either urn:ietf:params:oauth:token-type:access_token or urn:ietf:params:oauth:token-type:refresh_token , depending on the value of “nessie.authentication.oauth2.token-exchange.subject-token”. If the client is configured to use its access or refresh token as the subject token, please note that if an incorrect token type is provided here, the token exchange could fail. |
nessie.authentication.oauth2.token-exchange.actor-token | For token exchanges only. The actor token to exchange. This can take 4 kinds of values: * The value “no_token”, if the client should not include any actor token in the exchange request; * The value “current_access_token”, if the client should use its current access token; * The value “current_refresh_token”, if the client should use its current refresh token (if available); * An arbitrary token: in this case, the client will always use the static token provided here. The default is to not include any actor token. |
nessie.authentication.oauth2.token-exchange.actor-token-type | For token exchanges only. The type of the actor token. Must be a valid URN. The default is either urn:ietf:params:oauth:token-type:access_token or urn:ietf:params:oauth:token-type:refresh_token , depending on the value of “nessie.authentication.oauth2.token-exchange.actor-token”. If the client is configured to use its access or refresh token as the actor token, please note that if an incorrect token type is provided here, the token exchange could fail. |