I manage an Security Token Service (STS) labeled as "A," and it currently issues access tokens in the form of a Standard OAuth2 token (non-JWT). I'm exploring the possibility of implementing the token exchange protocol outlined in RFC 8693 with Azure AD.
Essentially, I want to provide Azure AD with an access token from STS "A" along with the necessary fields specified in the RFC 8693, aiming to receive a valid access_token from Azure in return.
I've looked into the Azure on_behalf_of OAuth2 flow, and it seems close to what I need. However, it requires the input access_token to be in JWT format, which my STS currently does not support. Are there any suggestions or alternative approaches for achieving token exchange between my OAuth2-based STS and Azure AD?
Any insights or guidance would be greatly appreciated.