- get api2 AT.
export access_token='HERE'- create source RS
cd resource-server
./create-rs.sh -i urn://source.api -n "Source API" - enable TE on source API
./update-rs.sh -i source.rs.id -f token_exchange -s trueThis returns a client_id and client_secret. We'll need them in step 5 and 8
- Create target RS
./create-rs.sh -i urn://target.api -n "Target API" -s update:thing,read:thing - Create Access Policy
cd ../access-policy
./create-access-policy.sh -c <source.api.client.id> -a urn://target.api -s read:thing - Login with a valid user against. Can JWT.io to receive AT
cd ../login
./authorize.sh -t [email protected] \
-c <jwt.io-spa-client-id> \
-R token \
-a urn://source.api \
-b firefox -o -
Login and get user's delegated AT
-
Execute exchange
./token-exchange -t [email protected] \
-c <source.rs.client.id> \
-x <source.rs.client.secret> \
-a urn://target.api
-s read:thing
-i <user-AT>