This guide will give you an overview - without going into the technical details of the implementation - of the steps you have to go through if you want to exchange data from an Application that is on the same Provider as your Application.
This idea behind Token Exchange is to allow your Application to access the data about one User on another Application. Each Application can focus on its own data and only fetch what it requires where it is stored.
|
Note
|
User Data is associated to a User so it is not possible to use Token Exchange for several Users at once. |
Step 1: Get an Access Token
Token Exchange will only work after an Authentication flow. If you’re not sure of what it means, this guide is for you:
|
Note
|
To perform a Token Exchange, you will need to add the relevant scope to your Authentication request.
|
Step 2: Exchange that Access Token for a Token Exchange
The next step is to make a request to Connect to obtain a new token that is not meant for your Application but is a way of proving you have your User’s consent to obtain data from another Application.
Step 3: Contact the Application with the data
Now that you have an exchange_token, you can make a request to the protected endpoint of the Application with the Token Exchange in the request.
Worflow schemas
Here a diagram describing the token exchange workflow in a website using Connect:
