Skip to content
Cofide Cofide

Cofide Credex

Modern systems rarely live within a single identity domain. SPIFFE workloads, cloud provider OIDC tokens, OAuth-protected APIs, and agentic AI pipelines all use different credential languages. Moving identity across these boundaries today typically means building bespoke adapters, issuing long-lived shared secrets, or accepting a gap in your audit trail.

Cofide Credex is an OAuth Authorization Server (AS) and Security Token Service (STS) that acts as a trust bridge. It lets workloads exchange credentials across identity protocols without static secrets or custom glue code, using standards that already exist.

Key capabilities

Section titled “Key capabilities”

Credex is built around:

  • RFC 8693 OAuth 2.0 token exchange - full support for both impersonation and delegation semantics
  • SPIFFE-native OAuth client authentication - workloads authenticate with their JWT-SVID; no per-client secret registration needed
  • Delegation-preserving chains - issued tokens carry both the subject (sub) and actor (act) identities, so every hop in a call chain is visible in the audit log
  • Configurable policy - control which exchanges are permitted and what scopes can be granted using exchange policies registered in Connect
  • Cross-domain bridges - connect SPIFFE trust domains to external OAuth-protected services, including legacy systems
  • Exchange auditing - every token exchange is logged with full context, giving you a complete record of who requested what and on whose behalf

How token exchange works

Section titled “How token exchange works”

The RFC 8693 OAuth 2.0 Token Exchange standard defines an OAuth grant type where a client presents one or two existing tokens to a Security Token Service and receives a new token in return. The client’s own identity is asserted separately via client authentication, which in Credex means a SPIFFE JWT-SVID rather than a shared secret.

The two key inputs are the subject_token (the identity being delegated, e.g. the user’s access token) and the optional actor_token (the identity of the service performing the action, e.g. the workload’s JWT-SVID). Credex evaluates both against its delegation policy and mints a new token. In delegation mode that token carries both a sub claim (the original subject) and an act claim (the actor), so every downstream service can see the full picture.

flowchart LR
    ST["subject_token"]
    AT["actor_token"]
    CA["client_assertion"]
    STS(["Cofide Credex"])
    Policy{{"*Exchange Policy* from Cofide Connect"}}
    Issued["Issued Token (sub + act + scope)"]

    ST -->|subject| STS
    AT -->|actor| STS
    CA -->|client auth| STS
    STS -->|*evaluates*| Policy
    STS -->|*mints*| Issued

    classDef inputToken fill:#fcfcfc,stroke:#1c1d22,color:#1c1d22
    classDef outputToken fill:#fcfcfc,stroke:#1c1d22,color:#1c1d22
    classDef policyNode fill:#00d690,stroke:#1c1d22,color:#1c1d22
    classDef stsNode fill:#00d690,stroke:#1c1d22,color:#1c1d22

    class ST,AT,CA inputToken
    class STS stsNode
    class Policy policyNode
    class Issued outputToken

Example Use Cases

Section titled “Example Use Cases”

The following examples describe how Credex can be used to improve the security posture of real workloads.

Agentic AI delegation

Section titled “Agentic AI delegation”

In an agentic AI deployment, an end-user authorises an action in a web app, which triggers an agent, which calls one or more MCP servers, which call external APIs on the user’s behalf.

Without token exchange, this pattern usually collapses to either embedding the user’s credentials in prompts or running every downstream call under an ambient service account that is indistinguishable from a system action. Neither preserves who authorised the action by the time it reaches the API.

Chained Exchanges using Credex

A token issued by Credex can itself be presented as the subject_token to a subsequent exchange, either against the same Credex deployment or against a downstream OAuth AS that trusts Credex as an issuer.

With Credex configured between each hop, the user’s identity is preserved in the sub claim throughout the chain, while every workload that touched the request appears in the nested act claim. Logs at the API show that the user authorised the action and which workloads acted on their behalf, without any of those workloads ever needing to hold the user’s credentials.

This is how a multi-hop pipeline carries the same principal across several boundaries. Each hop is a separate exchange, each governed by its own policy, and each can narrow the scopes granted on the next hop.

The end-to-end identity information flow in this scenario is:

sequenceDiagram
    participant U as User / Upstream IdP
    participant A as Agent
    participant M as MCP server
    participant API as External API
    participant C as Credex

    U->>A: user access token (subject)
    note over A,C: Agent exchanges user token with own JWT-SVID as actor
    A->>C: POST /token (subject_token=user_token, actor_token=agent JWT-SVID)
    C-->>A: access_token { sub: user, act: agent }
    A->>M: Bearer access_token
    note over M,C: MCP server exchanges received token with own JWT-SVID as actor
    M->>C: POST /token (subject_token=received token, actor_token=MCP JWT-SVID)
    C-->>M: access_token { sub: user, act: { sub: MCP, act: agent } }
    M->>API: Bearer access_token
    API->>API: sub = user, full act chain visible

Chained exchange relies on the access token being verifiable: each hop’s intermediate token is verified against Credex’s JWKS, so that the inbound subject token is validated before evaluating its policy.

Bridging SPIFFE with OAuth

Section titled “Bridging SPIFFE with OAuth”

Another scenario in which Credex can improve security posture is one in which a SPIFFE workload needs to call a downstream service that does not speak SPIFFE: it expects an OAuth bearer token whose aud matches its own identity.

The workload can use its JWT-SVID as a client assertion against Credex, requesting an access token with the downstream service as the token audience. If the exchange is allowed by Credex policy, then the workload can present the resulting token over HTTPS to the downstream service, which verifies the token against Credex’s /keys endpoint, just as it would for any other OAuth AS.

This pattern lets SPIFFE-attested workloads call legacy services without provisioning per-workload secrets and without the legacy service needing to learn anything about SPIFFE.

Bridging OIDC with SPIFFE (Preview)

Section titled “Bridging OIDC with SPIFFE (Preview)”

A third scenario involves a serverless workload running on AWS, GCP, or Azure which receives an ID token from the cloud provider’s local metadata service. By configuring the cloud provider as a trusted issuer, Credex will accept that token as a subject token and issue a JWT-SVID bound to a Cofide SPIFFE identity. This pattern allows workloads running in environments without a SPIRE agent to nonetheless obtain SPIFFE identities.

The reverse direction (presenting a SPIFFE JWT-SVID to obtain a cloud provider token) is handled outside Credex via standard OIDC federation: see External trust for the established trust setup.

Status

Section titled “Status”

Cofide Credex is currently in feature preview and is under active development.

If you are building agentic AI systems or working on cross-domain workload identity and want to know more, get in touch.

© 2026 Cofide Limited. All rights reserved.