OAuth 2.0 Token Exchange协议解读

S3、OSS使用了STS，但是对其原来并不了解。通过这篇文档梳理对STS实现有一定的了解.

名词解释

security token: a set of information that facilitates the sharing of identity and security information in heterogeneous environments or across security domains. Examples of security tokens include JSON Web Tokens (JWTs) and Security Assertion Markup Language (SAML) 2.0 assertions. Security tokens are typically signed to achieve integrity and sometimes also encrypted to archive confidentiality.

实践

需要找一个实现的开源代码看看.

参考

OAuth 2.0 Token Exchange： a protocol extending OAuth 2.0 that enable clients to request and obtain security tokens from authorization servers acting in the role of an STS . https://tools.ietf.org/html/rfc8693