Chore: Implement token exchange #203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

ankita10119 wants to merge 14 commits into main from SDK-6833

ankita10119 commented Nov 10, 2025 •

edited

Loading

Description

This pull request implements token exchange functionality as per the OAuth 2.0 Token Exchange RFC 8693. It introduces new logic to allow clients to exchange one token (e.g., a JWT) for another token, enabling support for a broader set of authentication flows and delegation scenarios.

Key Changes

Adds support for the OAuth 2.0 Token Exchange grant type.
New endpoint/method for exchanging tokens.
Updates internal validation and token processing logic to comply with RFC 8693.
(If applicable) Documents usage in the README or inline JSDoc.
(If applicable) Adds/updates tests covering token exchange flows and edge cases.

Testing

All existing tests pass.
New tests cover successful and failed token exchange cases, including various error conditions.

References

OAuth 2.0 Token Exchange (RFC 8693)

Checklist

I have added documentation for new/changed functionality in this PR or in auth0.com/docs
All active GitHub checks for tests, formatting, and security are passing
The correct base branch is being used, if not the default branch


          Chore: Implement token exchange

f344c37

ankita10119 requested a review from a team as a code owner

November 10, 2025 04:09

github-advanced-security bot found potential problems

View reviewed changes

packages/examples/token-exchange-example.ts Fixed Show fixed Hide fixed

packages/examples/token-exchange-example.ts Fixed Show fixed Hide fixed

packages/examples/token-exchange-example.ts Fixed Show fixed Hide fixed

packages/express-oauth2-jwt-bearer/test/index.test.ts Fixed Show fixed Hide fixed

packages/express-oauth2-jwt-bearer/test/integration.test.ts Fixed Show fixed Hide fixed

packages/examples/token-exchange-example.ts Fixed Show fixed Hide fixed

packages/examples/token-exchange-example.ts Fixed Show fixed Hide fixed

packages/examples/token-exchange-example.ts Fixed Show fixed Hide fixed


          Potential fix for code scanning alert no. 44: Missing rate limiting

58bc4b4

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

github-advanced-security bot found potential problems

View reviewed changes

packages/examples/token-exchange-example.ts Fixed Show fixed Hide fixed

packages/examples/token-exchange-example.ts Fixed Show fixed Hide fixed


          Potential fix for code scanning alert no. 51: Log injection

633ce48

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

github-advanced-security bot found potential problems

View reviewed changes

packages/examples/token-exchange-example.ts Fixed Show fixed Hide fixed

packages/examples/token-exchange-example.ts Fixed Show fixed Hide fixed


          Potential fix for code scanning alert no. 46: Missing rate limiting

f7eaff3

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

github-advanced-security bot found potential problems

View reviewed changes

packages/examples/token-exchange-example.ts Fixed Show fixed Hide fixed

ankita10119 and others added 4 commits

November 13, 2025 00:27


          Potential fix for code scanning alert no. 48: Missing rate limiting

0b436bb

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>


          Potential fix for code scanning alert no. 54: Log injection

07d84b8

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>


          Potential fix for code scanning alert no. 55: Log injection

486356d

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>


          Add express-rate-limit for token exchange endpoints and update TypeSc…

07e718d

…ript version

github-advanced-security bot found potential problems

View reviewed changes

packages/examples/token-exchange-example.ts Fixed Show fixed Hide fixed

packages/examples/token-exchange-example.ts Fixed Show fixed Hide fixed

ankita10119 added 6 commits

November 13, 2025 01:19


          Update TypeScript version to use a tilde for more controlled versioning

26cf98b


          Update TypeScript version to use a tilde for more controlled versioning

3012a81


          Fix error handling in token exchange response parsing and update test…

1380a99

… for scope encoding


          Enhance rate limiting for token exchange operations: reduce limit to …

fcf0734

…10 requests per 15 minutes and improve error messaging


          Refactor package structure: replace 'oauth2-bearer' with '@internal/o…

a9437f0

…auth2-bearer-utils' and update related imports across the codebase


          Refactor imports: replace 'oauth2-bearer' with '@internal/oauth2-bear…

4c9e180

…er-utils' in test files

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet