Hi folks. The release notes for Hydra 2.0 states that:

OAuth 2.0 Token Exchange (RFC8693) is now fully supported, including the JSON Web Token profile!

I could not find any documentation on Hydra supporting the

urn:ietf:params:oauth:grant-type:token-exchange

grant type besides this release note. I also tried to perform a token-exchange flow and received the following error:

{
  "error": "invalid_request",
  "error_description": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Make sure that the various parameters are correct, be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified."
}

My question: is RFC 8693 (

grant_type=urn:ietf:params:oauth:grant-type:token-exchange

) really implemented on Hydra 2.0 or only RFC 7523 (

grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer

)?

It’s possible that there was a mix up with the spec. The two specs sound very similar. What we support ist: https://www.ory.sh/docs/hydra/guides/jwt#exchanging-jwts-for-access-tokens

yeah, I figured that could be the case, thanks for confirming

Is token exchange in the plans of coming to hydra tho? Would be nice to have, as it seems to be quite similar to the client-credentials flow with additional control over the access token's embedded information