Introduction

This is a non-standard authentication grant type to allow using an access token from a third-party authentication service to authenticate with the service. The service uses the third-party service's token introspection endpoint to find the identity of the user trying to authenticate. The third-party authentication service must be configured with the system before it can be used.

User flow

1. The user authenticates with the third-party service and receives a token
2. The user calls the access_tokens endpoint with the third_party_token_exchange grant type, providing the token from the third-party service as credentials.
3. If successful, the user receives a normal login response and can now use the service using the access tokens provided.

Migration guide

This method replaces the /api/oauth/login_with_token endpoint. The "access_token" parameter from the old endpoint is provided to the new access_tokens endpoint in in the POST body, under the "credentials" field. The grant_type works like any other login mechanism in all other aspects.