vcenter tokenservice token exchange: exchange spec
The
exchange_spec structure contains arguments required for token exchange.Representation:
{
"subject_token_type" : "string",
"audience" : "string",
"actor_token" : "string",
"grant_type" : "string",
"resource" : "string",
"scope" : "string",
"subject_token" : "string",
"requested_token_type" : "string",
"actor_token_type" : "string"
}
"subject_token_type" : "string",
"audience" : "string",
"actor_token" : "string",
"grant_type" : "string",
"resource" : "string",
"scope" : "string",
"subject_token" : "string",
"requested_token_type" : "string",
"actor_token_type" : "string"
}
Attributes:
| Name | Type | Description |
|---|---|---|
| Required | ||
| grant_type | string | The value of TOKEN_EXCHANGE_GRANT indicates that a token exchange is being performed. |
| subject_token | string | A security token that represents the identity of the party on behalf of whom exchange is being made. Typically, the subject of this token will be the subject of the security token issued. Token is base64-encoded. |
| subject_token_type | string | An identifier, that indicates the type of the security token in the vcenter.tokenservice.token_exchange.exchange_spec.subject_token parameter. |
| Optional | ||
| resource | string | Indicates the location of the target service or resource where the client intends to use the requested security token. Optional. if can be inferred from other arguments or not needed for specific case of exchange. |
| audience | string | The logical name of the target service where the client intends to use the requested security token. This serves a purpose similar to the vcenter.tokenservice.token_exchange.exchange_spec.resource parameter, but with the client providing a logical name rather than a location. Optional. if can be inferred from other arguments or not needed for specific case of exchange. |
| scope | string | A list of space-delimited, case-sensitive strings, that allow the client to specify the desired scope of the requested security token in the context of the service or resource where the token will be used. Optional. if can be inferred from other arguments or not needed for specific case of exchange. |
| requested_token_type | string | An identifier for the type of the requested security token. If the requested type is unspecified, the issued token type is at the discretion of the server and may be dictated by knowledge of the requirements of the service or resource indicated by the vcenter.tokenservice.token_exchange.exchange_spec.resource or vcenter.tokenservice.token_exchange.exchange_spec.audience parameter. Optional. if can be inferred from other arguments or not needed for specific case of exchange. |
| actor_token | string | A security token that represents the identity of the acting party. Typically, this will be the party that is authorized to use the requested security token and act on behalf of the subject. Optional. if not needed for specific case of exchange. |
| actor_token_type | string | An identifier, that indicates the type of the security token in the vcenter.tokenservice.token_exchange.exchange_spec.actor_token parameter. Optional. if vcenter.tokenservice.token_exchange.exchange_spec.actor_token parameter is not present. |