Vcenter Authentication Token IssueSpec
The Vcenter Authentication Token IssueSpec schema contains arguments required for token exchange.
This schema was added in vSphere API 7.0.2.0.
{
"grant_type": "string",
"resource": "string",
"audience": "string",
"scope": "string",
"requested_token_type": "string",
"subject_token": "string",
"subject_token_type": "string",
"actor_token": "string",
"actor_token_type": "string"
}The value of urn:ietf:params:oauth:grant-type:token-exchange indicates that a token exchange is being performed.
This property was added in vSphere API 7.0.2.0.
When clients pass a value of this schema as a parameter, the property must be one of urn:ietf:params:oauth:grant-type:token-exchange. When operations return a value of this schema as a response, the property will be one of urn:ietf:params:oauth:grant-type:token-exchange.
Indicates the location of the target service or resource where the client intends to use the requested security token.
This property was added in vSphere API 7.0.2.0.
If missing or null, it is inferred from other arguments.
The logical name of the target service where the client intends to use the requested security token. This serves a purpose similar to the Vcenter Authentication Token IssueSpec.resource property, but with the client providing a logical name rather than a location.
This property was added in vSphere API 7.0.2.0.
If missing or null, it is inferred from other arguments.
A list of space-delimited, case-sensitive strings, that allow the client to specify the desired scope of the requested security token in the context of the service or resource where the token will be used.
This property was added in vSphere API 7.0.2.0.
If missing or null, it is inferred from other arguments.
An identifier for the type of the requested security token. If the requested type is unspecified, the issued token type is at the discretion of the server and may be dictated by knowledge of the requirements of the service or resource indicated by the Vcenter Authentication Token IssueSpec.resource or Vcenter Authentication Token IssueSpec.audience property.
This property was added in vSphere API 7.0.2.0.
If missing or null, it is inferred from other arguments.
A security token that represents the identity of the party on behalf of whom exchange is being made. Typically, the subject of this token will be the subject of the security token issued. Token is base64-encoded.
The property is required when the value of the Vcenter Authentication Token IssueSpec.grant_type property is urn:ietf:params:oauth:grant-type:token-exchange.
This property was added in vSphere API 7.0.2.0.
This property is currently required. In the future, the schema may support grant-types other than urn:ietf:params:oauth:grant-type:token-exchange for which the value may be missing or null.
An identifier, that indicates the type of the security token in the Vcenter Authentication Token IssueSpec.subject_token property.
The property is required when the value of the Vcenter Authentication Token IssueSpec.grant_type property is urn:ietf:params:oauth:grant-type:token-exchange.
This property was added in vSphere API 7.0.2.0.
This property is currently required. In the future, the schema may support grant-types other than urn:ietf:params:oauth:grant-type:token-exchange for which the value may be missing or null.
A security token that represents the identity of the acting party. Typically, this will be the party that is authorized to use the requested security token and act on behalf of the subject.
This property was added in vSphere API 7.0.2.0.
missing or null if not needed for the specific case of exchange.
An identifier, that indicates the type of the security token in the Vcenter Authentication Token IssueSpec.actor_token property.
This property was added in vSphere API 7.0.2.0.
missing or null if Vcenter Authentication Token IssueSpec.actor_token property is not present.