4FunAndProfit opened a new issue, #11513: URL: https://github.com/apache/apisix/issues/11513
### Current State Hello, I'm trying to implement something compliant with best security practices as indicated in https://cheatsheetseries.owasp.org/cheatsheets/Microservices_Security_Cheat_Sheet.html#using-a-data-structure-signed-by-a-trusted-issuer To do this, I'd like to do something like: https://tyk.io/blog/res-oauth2-token-exchange-rfc8693/ possibly and ideally combined with a split token for the part before the exchange (https://curity.io/resources/learn/split-token-pattern/) For the token split part, it seems to me that it could be set up quite easily via https://github.com/curityio/nginx-lua-phantom-token-plugin? Do you have any ideas on how to set this up or if it's in the roadmap? But for the token exchange part, I don't really see it. Has anyone already done it with apisix? If so, how did they manage? Many thanks in advance! ### Desired State Be able to token exchange and token split -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org