RFC 8693 · PROPOSED STANDARD · 2020
SUN · 14 JUN 2026
OAuth 2.0 Token Exchange
Overview
RFC 8693, “OAuth 2.0 Token Exchange”, is a Proposed Standard document published in January 2020 by M. Jones, A. Nadalin, B. Campbell, J. Bradley, C. Mortimore. The canonical text is published by the RFC Editor.
Abstract
This specification defines a protocol for an HTTP- and JSON-based Security Token Service (STS) by defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
Read this RFC
The canonical text of RFC 8693 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
Other RFCs from 2020
- RFC 8695 A YANG Data Model for the Routing Information Protocol
- RFC 8697 Path Computation Element Communication Protocol Extensions for Establishing Relationships between Sets of Label Switched Paths
- RFC 8698 Network-Assisted Dynamic Adaptation : A Unified Congestion Control Scheme for Real-Time Media
- RFC 8699 Coupled Congestion Control for RTP Media
- RFC 8686 Application-Layer Traffic Optimization Cross-Domain Server Discovery
- RFC 8701 Applying Generate Random Extensions And Sustain Extensibility to TLS Extensibility
- RFC 8684 TCP Extensions for Multipath Operation with Multiple Addresses
- RFC 8702 Use of the SHAKE One-Way Hash Functions in the Cryptographic Message Syntax