Skip to main content

Token Exchange (Google/Apple)

azuma doa supports Token Exchange for seamless integration with third-party identity providers like Google and Apple.

Overview

Token Exchange allows a client to trade a third-party ID token (from Google or Apple) for an azuma doa access token. This is particularly useful for mobile applications that use native sign-in capabilities.

Token Exchange is currently support in conjunction with Device Binding.

Supported Providers

  • Google: Exchange a Google ID Token.
  • Apple: Exchange an Apple Identity Token (Sign in with Apple).

Benefits

  • Native Experience: Use the platform's native login UI (e.g., Apple's FaceID/TouchID prompt).
  • Security: No need to handle user passwords directly; leverage the security of established providers.
  • Unified Identity: Map third-party identities to a consistent azuma doa user profile.

Implementation

The exchange process typically follows these steps:

  1. The app obtains an ID token from Google or Apple.
  2. The app sends this token to the azuma doa token exchange endpoint.
  3. azuma doa validates the token with the respective provider and returns a native access token.

Refer to the API Documentation for specific endpoint details and request formats.