About Token Exchange

  • Updated on Aug 7, 2023
  • 1 minute(s) read
Prev Next
Token Exchange1.0.0

Call PlainID Auth endpoint to exchange the token:

  1. Request Example:
curl --location --request POST 'https://auth.{{REGION}}.plainid.io/auth/realms/{{PLAINID_TENANT_NAME}}/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=plainid' \
--data-urlencode 'subject_token={{ID_TOKEN_FROM_THE_IDP_AUTH_REQUEST}}' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \
--data-urlencode 'subject_token_type=urn:ietf:params:oauth:token-type:jwt' \
--data-urlencode 'subject_issuer=tenant_idp'

Please Note:

  • Replace {{REGION}} with your PlainID Tenant region (e.g. us1, eu1, ca1, etc.)
  • Replace {{PLAINID_TENANT_NAME}} with your PlainID Tenant name
  • client_id value is a constant, and should be set to plainid
  • subject_issuer value is a constant, and should be set to tenant_idp
  1. Response example:
{
"access_token": "ey…",
"expires_in": 900,
"refresh_expires_in": 1800,
"refresh_token": "ey…",
"token_type": "Bearer",
"not-before-policy": 0,
"session_state": "9c2fd2fa-d209-4f0e-a161-fae27261fdae",
"scope": "profile email"
}


Servers

United States

  https://auth.us1.plainid.io 

Europe

  https://auth.eu1.plainid.io 

Canada

  https://auth.ca1.plainid.io 

Local PAA

  https://auth.plainid.local 

Copyright and Trademark

© 2024 PlainID LTD. All rights reserved.

All intellectual property rights in, related to or derived from this material will remain with PlainID Ltd. Reproduction, modification, recompilation or transfer in whole or in part without written permission is prohibited. This material is made available as-is, without any implied warranties, all of which are hereby disclaimed, and PlainID Ltd. shall have no liability in relation hereto. All brand names, product names and trademarks are the property of their respective owners.

Terms of Use Privacy Policy