Okta has an implementation of the "Authorization Server in Trust Domain A" https://developer.okta.com/blog/2025/09/03/cross-app-access
Auth0 has an implementation of the "Authorization Server in Trust Domain B" https://auth0.com/docs/secure/call-apis-on-users-behalf/xaa We published an open source implementation of a "Client" and "AS in Trust Domain B" that interoperates with Okta's implementation: https://github.com/oktadev/okta-cross-app-access-mcp We have also published a standalone implementation of all 3 roles here: https://xaa.dev I have a very barebones implementation of the "AS in Trust Domain B" and "Protected Resource in Trust Domain B" here for testing: https://motd.xaa.rocks (Note that these are all based on the more specific profile of Identity Chaining: the Identity Assertion Authorization Grant) Aaron On Fri, Jan 30, 2026 at 6:29 AM Rifaat Shekh-Yusef <[email protected]> wrote: > All, > > As part of the shepherd write-up for the *OAuth Identity and > Authorization Chaining Across Domains *document, we are looking for > information about *implementations* of this draft to support its > publication. > https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-chaining/ > > Please, reply to this email, on the mailing list, with any implementations > that you are aware of to support this document. > > Regards, > Rifaat > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
