Hello. Im trying to exchange access token using the following guide: Set up OAuth 2.0 On-Behalf-Of Token Exchange
But it fails with error: {"error":"invalid_request","error_description":"The required parameter 'actor_token' is missing."} Am I missing something? This guide doesn’t say anything about actor_token…
Hello,
Include the actor_token in your token exchange request. This should be the access token of the client application making the request on behalf of the user.
Ensure your request includes both the actor_token and subject_token parameters. The subject_token should be the user’s access token that you’re trying to exchange.
Your request should look something like this:
curl --request POST \
--url https://{yourOktaDomain}/oauth2/default/v1/token \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={client 2 ID}' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \
--data-urlencode 'actor_token={deviceSecret}' \
--data-urlencode 'actor_token_type=urn:x-oath:params:oauth:token-type:device-secret' \
--data-urlencode 'subject_token={idToken}' \
--data-urlencode 'subject_token_type=urn:ietf:params:oauth:token-type:id_token' \
--data-urlencode 'scope=openid offline_access' \
--data-urlencode 'audience={audience}'