Centralized Identity with OAuth 2.0 Token Exchange (RFC 8693)
Introduction Managing user identity across multiple systems is one of the hardest problems in modern software architecture. Especially when those systems belong to different companies. OAuth 2.0 Token Exchange (RFC 8693) is the standardized solution: it lets a central identity provider (IdP) authenticate a user once and issue system-specific access tokens for any downstream application, even across organizational boundaries. In this post, we’ll explore how to build a central IdP system, exchange tokens for different applications, and handle users who may not exist in every system — a problem often seen after a company acquisition....