chore: add changeset for impersonation (#6251)

logto-io · Jul 19, 2024 · 18c8fdf · 18c8fdf
1 parent 3205e36
commit 18c8fdf
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/.changeset/seven-comics-tan.md b/.changeset/seven-comics-tan.md
@@ -0,0 +1,26 @@
+---
+"@logto/core": minor
+---
+
+implement token exchange for user impersonation
+
+Added support for user impersonation via token exchange:
+
+1. New endpoint: `POST /subject-tokens` (Management API)
+   - Request body: `{ "userId": "<user-id>" }`
+   - Returns a subject token
+
+2. Enhanced `POST /oidc/token` endpoint (OIDC API)
+   - Supports new grant type: `urn:ietf:params:oauth:grant-type:token-exchange`
+   - Request body:
+     ```json
+     {
+       "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
+       "subject_token": "<subject-token>",
+       "subject_token_type": "urn:ietf:params:oauth:token-type:access_token",
+       "client_id": "<client-id>"
+     }
+     ```
+   - Returns an impersonated access token
+
+Refer to documentation for usage examples and the [Token Exchange RFC](https://tools.ietf.org/html/rfc8693) for more details.