OAuth 2.0 Token Exchange Grant Type (On-Behalf-Of flow)

Does Okta support the Token Exchange grant type?
The Token Exchange grant type is a draft protocol that allows one user to act on behalf of another.

For Example:
The following example demonstrates a hypothetical token exchange in
which an OAuth resource server assumes the role of the client during
the exchange. It trades an access token, which it received in a
protected resource request, for a new token, that it will use to call
to a backend service.

POST /as/token.oauth2 HTTP/1.1
Host: as.example.com
Authorization: Basic cnMwODpsb25nLXNlY3VyZS1yYW5kb20tc2VjcmV0
Content-Type: application/x-www-form-urlencoded

Let me know if Okta is considering implementing this flow


Hello - the best answer I can give you right now is…soon. I said best, not great!

You can see on our public roadmap that the targeted early access release is the second half of this year:


There’s nothing to suggest we aren’t on pace for this schedule, but we currently can’t provide a definitive date or timeline.

1 Like

Thanks, Cale.
This is really helpful.
I am glad that Okta is considering implementing the Token Exchange grant type (On-Behalf-Of flow).