coop/rose-ash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

identity: token exchange — downscope into an independent token (RFC 8693, +8 tests)
Some checks failed
Test, Build, and Deploy / test-build-deploy (push) Failing after 58s
Details

Browse Source 
oauth.sx gains token_exchange(SubjectToken, RequestedScope): a valid access
token is downscoped into a NEW independent grant for the same subject
(subset only, else invalid_scope; inactive subject token → invalid_grant).
The exchanged token's lifecycle is independent of the subject token
(revoking either leaves the other active); exchanges chain. Least-privilege
handoff to downstream services. New tests/exchange.sx. 201/201.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
giles
2026-06-07 03:31:14 +00:00
parent b1f9c6bef0
commit ded7170540
6 changed files with 139 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/identity/scoreboard.md
View File

@@ -1,6 +1,6 @@
# identity-on-sx Scoreboard
**Total: 193 / 193 tests passing**
**Total: 201 / 201 tests passing**
| | Suite | Pass | Total |
|---|---|---|---|
@@ -21,6 +21,7 @@
| ✅ | facade | 9 | 9 |
| ✅ | delegation | 8 | 8 |
| ✅ | session-mgmt | 8 | 8 |
| ✅ | exchange | 8 | 8 |
Generated by `lib/identity/conformance.sh`.