Set up AI agent token exchange

Identity Engine

Learn how to configure token exchange for AI agents so that you can securely request and use credentials (ID-JAG, secrets, service accounts, or third-party accesst okens) to access protected resources on behalf of authenticated users.

---

Learning outcomes

• Understand how to set up the token exchange flow for an AI Agent.

What you need

• Okta Integrator Free Plan org (opens new window)
• An Okta user account with the super admin role.
• Register an AI agent (opens new window) in your Okta org.
• Managed Connections is configured for the AI agent, defining which resources it's allowed to access. See Secure an AI agent (opens new window).
• An OIDC web app is configured to authenticate users and obtain an ID token.

---

Overview

You've registered an AI agent (opens new window). You have also defined its access to third-party resources integrated with your Okta org using Managed Connections. Now, the agent must obtain the actual tokens or credentials to perform tasks.

You can connect an AI agent (opens new window) to the following resource types:

• Authorization server: Grants the AI agent access to resources that are protected by an Okta custom authorization server. This resource type is supported by Cross App Access (opens new window) (XAA), which uses ID-JAG (Identity Assertion JWT).

• Secret: Uses a static credential for a downstream resource that has been vaulted in Okta Privileged Access.

• Service account: Uses a static credential for an app that's specified in Universal Directory. This resource is vaulted in Okta Privileged Access.

• Resource server: Uses a third party access token issued by the third-party authorization server and brokered by Okta. This resource type requires user consent before an AI agent can act on behalf of the user.

Ater the resource type is configured and the AI agent has the token or credentials, it can then perform tasks on the connected app.

Token Exchange flow

The following diagram describes the

Authorization server

resource type. If you want to change the resource type on this page, select the resource type that you want from the Instructions for dropdown list on the right.

Note: This flow assumes that user authentication and authorization are complete and the authorization server issued an access token and ID token associated with the user successfully signing in to the linked OIDC app.

The token exchange flow for an AI agent involves the following steps:

1. The user authenticates with the Okta org authorization server using a web app. The server returns an ID token to the web app.
2. The web app passes the ID token to the AI agent so that it can perform actions on the user's behalf.
3. The AI agent sends the ID token to the org authorization server and requests an exchange for an ID-JAG token. The server validates the request based on the configuration in the Managed Connections tab and returns the requested ID-JAG.
4. Because the requested credential was an ID-JAG, the AI agent sends the ID-JAG to the custom authorization server to exchange it for a usable access token.
5. The AI agent uses the access token to request access to the resource.

Flow specifics

Note: The instructions on this page are for the

Authorization server

resource type. If you want to change the resource type on this page, select the resource type you want from the Instructions for dropdown list on the right.

Authorization Code with PKCE request

To initiate the token exchange flow, the client must first obtain an ID token from the org authorization server.

Note: You must use the org authorization server and not the custom authorization server for this step.

Use the Authorization Code with PKCE flow to obtain an authorization code for the client. See Implement authorization by grant type.

Exchange token ID for resource token

Note: The instructions on this page are for the

Authorization server

resource type. If you want to change the resource type on this page, select the resource type you want from the Instructions for dropdown list on the right.

In this step, the AI agent sends a POST request to the Okta org authorization server's /token endpoint to exchange the ID token for the ID-JAG resource token.

POST /oauth2/v1/token HTTP/1.1
Host: example.okta.com
Content-Type: application/x-www-form-urlencoded

grant_type=urn:ietf:params:oauth:grant-type:token-exchange
&requested_token_type=urn:ietf:params:oauth:token-type:id-jag
&subject_token=eyJraWQiOiJzMTZ0cVNtODhwREo4VGZCXzdrSEtQ...
&subject_token_type=urn:ietf:params:oauth:token-type:id_token
&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer
&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6IjIyIn0...

&audience=https://example.okta.com/oauth2/default
&scope=chat.read+chat.history

Parameter	Description and value
grant_type	Standard OAuth 2.0 token exchange grant. The value must be urn:ietf:params:oauth:grant-type:token-exchange.
client_assertion_type	The value must be urn:ietf:params:oauth:client-assertion-type:jwt-bearer.
client_assertion	A signed JWT used for client authentication. You must sign the JWT using the key created during the AI Agent registration. For more information on building the JWT, see JWT with private key (opens new window).
subject_token_type	The value must be urn:ietf:params:oauth:token-type:id_token.
subject_token	A valid ID token issued to the resource app associated with the AI agent
requested_token_type	The value must be urn:ietf:params:oauth:token-type:id-jag.
scope	A list of scopes at the resource app being requested. This defines the permissions for the final access token.
audience	The issuer URL of the resource app's authorization server.

Response

The response contains the requested resource token.

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache

{
 "issued_token_type": "urn:ietf:params:oauth:token-type:id-jag",
 "access_token": "eyJhbGciOiJIUzI1NiIsI...",
 "token_type": "N_A",
 "scope": "chat.read chat.history",
 "expires_in": 300

}

Exchange ID-JAG for Access Token

After receiving the ID-JAG, the AI agent sends a POST request to the resource authorization server's /token endpoint to exchange the ID-JAG for an access token.

POST /oauth2/default/v1/token HTTP/1.1
Host: example.okta.com
Content-Type: application/x-www-form-urlencoded

grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer
assertion=eyJhbGciOiJIUzI1NiIsI...
&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer
&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6IjIyIn0...

Parameter	Description and value
grant_type	The value must be urn:ietf:params:oauth:grant-type:jwt-bearer
assertion	The ID-JAG received in the Exchange token ID for resource token response.

Response

The response contains the access token that the AI agent uses to access the resource server.

{
    "token_type": "Bearer",
    "expires_in": 3600,
    "access_token": "eyJraWQiOiJoZnpMS3...tdBbjhHcIXF_OQCsUdkuPXQTaAeq8fQ",
    "scope": "chat.read chat.history"
}