Skip to content

Commit 64658c6

Browse files
sagar-oktasagar-okta
committed
Resolving review changes: Removed redundant tests, updated audience params
1 parent 3348fd7 commit 64658c6

File tree

4 files changed

+128
-540
lines changed

4 files changed

+128
-540
lines changed

examples/clients/typescript/everything-client.ts

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -503,18 +503,19 @@ export async function runCrossAppAccessCompleteFlow(
503503

504504
logger.debug('Starting complete cross-app access flow...');
505505
logger.debug('IDP Issuer:', ctx.idp_issuer);
506+
logger.debug('IDP Token Endpoint:', ctx.idp_token_endpoint);
506507
logger.debug('Auth Server:', ctx.auth_server_url);
507508

508-
// Step 1: Token Exchange (IDP ID token -> authorization grant)
509-
logger.debug('Step 1: Exchanging IDP ID token for authorization grant...');
509+
// Step 1: Token Exchange (IDP ID token -> ID-JAG)
510+
logger.debug('Step 1: Exchanging IDP ID token for ID-JAG at IdP...');
510511
const tokenExchangeParams = new URLSearchParams({
511512
grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange',
512513
subject_token: ctx.idp_id_token,
513514
subject_token_type: 'urn:ietf:params:oauth:token-type:id_token',
514515
client_id: ctx.client_id
515516
});
516517

517-
const tokenExchangeResponse = await fetch(`${ctx.auth_server_url}/token`, {
518+
const tokenExchangeResponse = await fetch(ctx.idp_token_endpoint, {
518519
method: 'POST',
519520
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
520521
body: tokenExchangeParams
@@ -526,14 +527,15 @@ export async function runCrossAppAccessCompleteFlow(
526527
}
527528

528529
const tokenExchangeResult = await tokenExchangeResponse.json();
529-
const authorizationGrant = tokenExchangeResult.access_token;
530-
logger.debug('Token exchange successful, authorization grant obtained');
530+
const idJag = tokenExchangeResult.access_token; // ID-JAG (ID-bound JSON Assertion Grant)
531+
logger.debug('Token exchange successful, ID-JAG obtained');
532+
logger.debug('Issued token type:', tokenExchangeResult.issued_token_type);
531533

532-
// Step 2: JWT Bearer Grant (authorization grant -> access token)
533-
logger.debug('Step 2: Exchanging authorization grant for access token...');
534+
// Step 2: JWT Bearer Grant (ID-JAG -> access token)
535+
logger.debug('Step 2: Exchanging ID-JAG for access token at Auth Server...');
534536
const jwtBearerParams = new URLSearchParams({
535537
grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
536-
assertion: authorizationGrant,
538+
assertion: idJag,
537539
client_id: ctx.client_id
538540
});
539541

0 commit comments

Comments
 (0)