v2026.1.1

  • 1 minute(s) read
Prev Next

Released on 2026.01.05

New Features

OIDC Apps

Token Exchange Policy Support

The OPA input schema now includes subject_token and actor_token claims for token exchange requests. This enhancement enables writing authorization policies that evaluate the tokens involved in OAuth 2.0 Token Exchange flows.

New Input Parameters:

  • input.request.oauth.subject_token.claims - Access claims from the subject token being exchanged
  • input.request.oauth.actor_token.claims - Access claims from the actor token (when provided)

Usage Notes:

  • These fields are only available during token exchange grant requests
  • For other grant types (e.g., client_credentials), these fields are not present in the input schema
  • Policies can check for the presence of these fields to determine the grant type
Related articles
  • v2025.11.6
    Release Notes > Orchestrator Release Notes
  • OIDC (Local development)
    Local development resources > Configuration (Local development) > Applications (Local development)
  • v2025.10.2
    Release Notes > Orchestrator Release Notes